Add NIM flag logic

config/base/params-vllm-gaudi.env

@@ -1 +1 @@
-vllm-gaudi-image=quay.io/opendatahub/vllm:fast-gaudi
+vllm-gaudi-image=quay.io/opendatahub/vllm:stable-gaudi-4f9d7e5

config/base/params-vllm-rocm.env

@@ -1 +1 @@
-vllm-rocm-image=quay.io/opendatahub/vllm:fast-rocm
+vllm-rocm-image=quay.io/opendatahub/vllm:stable-rocm-9ac4882

config/base/params.env

@@ -1,6 +1,7 @@
-odh-model-controller=quay.io/opendatahub/odh-model-controller:fast
-caikit-tgis-image=quay.io/opendatahub/caikit-tgis-serving:fast
-caikit-standalone-image=quay.io/opendatahub/caikit-nlp:fast
-tgis-image=quay.io/opendatahub/text-generation-inference:fast
-ovms-image=quay.io/opendatahub/openvino_model_server:2024.3-release
-vllm-image=quay.io/opendatahub/vllm:fast
+odh-model-controller=quay.io/opendatahub/odh-model-controller:v0.12.0
+caikit-tgis-image=quay.io/opendatahub/caikit-tgis-serving:stable-2d9db23
+caikit-standalone-image=quay.io/opendatahub/caikit-nlp:stable-994ec60
+tgis-image=quay.io/opendatahub/text-generation-inference:stable-eba83ba
+ovms-image=quay.io/opendatahub/openvino_model_server:2024.3-release-4c8c52c	
+vllm-image=quay.io/opendatahub/vllm:stable-849f0f5
+nim-state=removed

config/manager/manager.yaml

@@ -71,6 +71,12 @@ spec:
                   name: service-mesh-refs
                   key: MESH_NAMESPACE
                   optional: true
+            - name: NIM_STATE
+              valueFrom:
+                configMapKeyRef:
+                  name: odh-model-controller-parameters
+                  key: nim-state
+                  optional: true                  
           livenessProbe:
             httpGet:
               path: /healthz

config/runtimes/kustomization.yaml

@@ -14,4 +14,4 @@ resources:
   - vllm-multinode-template.yaml
   - vllm-rocm-template.yaml
   - vllm-gaudi-template.yaml
-  - caikit-standalone-template.yaml
+  - caikit-standalone-template.yaml

controllers/kserve_customcacert_controller.go

@@ -18,6 +18,7 @@ package controllers
 import (
 	"context"
 	"reflect"
+	"strings"
 
 	"github.com/go-logr/logr"
 	"github.com/opendatahub-io/odh-model-controller/controllers/constants"
@@ -56,7 +57,7 @@ func (r *KServeCustomCACertReconciler) reconcileConfigMap(configmap *corev1.Conf
 		}
 		configmap = odhCustomCertConfigMap
 	}
-	odhCustomCertData = configmap.Data[constants.ODHCustomCACertFileName]
+	odhCustomCertData = strings.TrimSpace(configmap.Data[constants.ODHCustomCACertFileName])
 
 	// Create Desired resource
 	configData := map[string]string{kserveCustomCACertFileName: odhCustomCertData}

controllers/kserve_customcacert_controller_test.go

@@ -18,22 +18,36 @@ package controllers
 import (
 	"context"
 	"reflect"
+	"strings"
 	"time"
 
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
 	. "github.com/onsi/ginkgo"
 	. "github.com/onsi/gomega"
 	"github.com/opendatahub-io/odh-model-controller/controllers/constants"
 	corev1 "k8s.io/api/core/v1"
 )
 
 const (
-	odhtrustedcabundleConfigMapUpdatedPath = "./testdata/configmaps/odh-trusted-ca-bundle-configmap-updated.yaml"
-	kservecustomcacertConfigMapUpdatedPath = "./testdata/configmaps/odh-kserve-custom-ca-cert-configmap-updated.yaml"
+	odhtrustedcabundleConfigMapUpdatedPath         = "./testdata/configmaps/odh-trusted-ca-bundle-configmap-updated.yaml"
+	kserveCustomCACustomBundleConfigMapUpdatedPath = "./testdata/configmaps/odh-kserve-custom-ca-cert-configmap-updated.yaml"
 )
 
 var _ = Describe("KServe Custom CA Cert ConfigMap controller", func() {
 	ctx := context.Background()
 
+	AfterEach(func() {
+		configmap := &corev1.ConfigMap{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      "odh-trusted-ca-bundle",
+				Namespace: "default",
+			},
+		}
+
+		Expect(cli.Delete(ctx, configmap)).Should(Succeed())
+	})
+
 	Context("when a configmap 'odh-trusted-ca-bundle' exists", func() {
 		It("should create a configmap that is for kserve custom ca cert", func() {
 			By("creating odh-trusted-ca-bundle configmap")
@@ -69,8 +83,10 @@ var _ = Describe("KServe Custom CA Cert ConfigMap controller", func() {
 			kserveCACertConfigmap, err := waitForConfigMap(cli, WorkingNamespace, constants.KServeCACertConfigMapName, 30, 1*time.Second)
 			Expect(err).NotTo(HaveOccurred())
 			expectedKserveCACertConfigmap := &corev1.ConfigMap{}
-			err = convertToStructuredResource(kservecustomcacertConfigMapUpdatedPath, expectedKserveCACertConfigmap)
+			err = convertToStructuredResource(kserveCustomCACustomBundleConfigMapUpdatedPath, expectedKserveCACertConfigmap)
 			Expect(err).NotTo(HaveOccurred())
+			// Trim out the last \n in the updated file
+			expectedKserveCACertConfigmap.Data["cabundle.crt"] = strings.TrimSpace(expectedKserveCACertConfigmap.Data["cabundle.crt"])
 
 			Expect(compareConfigMap(kserveCACertConfigmap, expectedKserveCACertConfigmap)).Should((BeTrue()))
 		})

controllers/storageconfig_controller.go

@@ -104,19 +104,18 @@ func (r *StorageSecretReconciler) reconcileSecret(secret *corev1.Secret,
 	odhCustomCertData := ""
 	odhGlobalCertConfigMap := &corev1.ConfigMap{}
 	err = r.Get(ctx, types.NamespacedName{
-		Name:      constants.ODHGlobalCertConfigMapName,
+		Name:      constants.KServeCACertConfigMapName,
 		Namespace: secret.Namespace,
 	}, odhGlobalCertConfigMap)
 
 	if err != nil {
 		if apierrs.IsNotFound(err) {
 			log.Info("unable to fetch the ODH Global Cert ConfigMap", "error", err)
-
 		} else {
 			return err
 		}
 	} else {
-		odhCustomCertData = odhGlobalCertConfigMap.Data[constants.ODHCustomCACertFileName]
+		odhCustomCertData = odhGlobalCertConfigMap.Data[constants.KServeCACertFileName]
 	}
 
 	// Generate desire Storage Config Secret

controllers/storageconfig_controller_test.go

@@ -34,7 +34,6 @@ import (
 const (
 	dataconnectionStringPath            = "./testdata/secrets/dataconnection-string.yaml"
 	storageconfigEncodedPath            = "./testdata/secrets/storageconfig-encoded.yaml"
-	storageconfigCertString             = "./testdata/secrets/storageconfig-cert-string.yaml"
 	storageconfigEncodedUnmanagedPath   = "./testdata/secrets/storageconfig-encoded-unmanaged.yaml"
 	storageconfigCertEncodedPath        = "./testdata/secrets/storageconfig-cert-encoded.yaml"
 	storageconfigUpdatedCertEncodedPath = "./testdata/secrets/storageconfig-updated-cert-encoded.yaml"
@@ -144,15 +143,15 @@ var _ = Describe("StorageConfig controller", func() {
 		})
 	})
 
-	Context("when a configmap 'odh-trusted-ca-bundle' exists or updates", func() {
+	Context("when a configmap 'odh-kserve-custom-ca-bundle' exists or updates", func() {
 		It("should add/update certificate keys into storage-config secret", func() {
 			dataconnectionStringSecret := &corev1.Secret{}
 
-			By("creating odh-trusted-ca-bundle configmap")
-			odhtrustedcabundleConfigMap := &corev1.ConfigMap{}
-			err := convertToStructuredResource(odhtrustedcabundleConfigMapPath, odhtrustedcabundleConfigMap)
+			By("creating odh-kserve-custom-ca-bundle configmap")
+			odhKserveCustomCABundleConfigmap := &corev1.ConfigMap{}
+			err := convertToStructuredResource(odhKserveCustomCABundleConfigMapPath, odhKserveCustomCABundleConfigmap)
 			Expect(err).NotTo(HaveOccurred())
-			Expect(cli.Create(ctx, odhtrustedcabundleConfigMap)).Should(Succeed())
+			Expect(cli.Create(ctx, odhKserveCustomCABundleConfigmap)).Should(Succeed())
 
 			By("creating dataconnection secret")
 			err = convertToStructuredResource(dataconnectionStringPath, dataconnectionStringSecret)
@@ -168,24 +167,28 @@ var _ = Describe("StorageConfig controller", func() {
 			Expect(err).NotTo(HaveOccurred())
 			Expect(compareSecrets(storageconfigSecret, expectedStorageConfigSecret)).Should((BeTrue()))
 
-			By("updating odh-trusted-ca-bundle configmap")
-			updatedOdhtrustedcacertConfigMap := &corev1.ConfigMap{}
-			err = convertToStructuredResource(odhtrustedcabundleConfigMapUpdatedPath, updatedOdhtrustedcacertConfigMap)
+			By("updating odh-kserve-custom-ca-bundle configmap")
+			updatedOdhKserveCustomCABundleConfigmap := &corev1.ConfigMap{}
+			err = convertToStructuredResource(kserveCustomCACustomBundleConfigMapUpdatedPath, updatedOdhKserveCustomCABundleConfigmap)
 			Expect(err).NotTo(HaveOccurred())
-			Expect(cli.Update(ctx, updatedOdhtrustedcacertConfigMap)).Should(Succeed())
+			Expect(cli.Update(ctx, updatedOdhKserveCustomCABundleConfigmap)).Should(Succeed())
+
+			// Delete existing storage-config secret
+			// This will be done by kserve_customcacert_controller but for this test, it needs to be delete manully to update the storage-config
+			Expect(cli.Delete(ctx, storageconfigSecret)).Should(Succeed())
 
 			// Check updated storage-config secret
 			updatedStorageconfigSecret, err := waitForSecret(cli, WorkingNamespace, constants.DefaultStorageConfig, 30, 3*time.Second)
 			Expect(err).NotTo(HaveOccurred())
 			expectedUpdatedStorageConfigSecret := &corev1.Secret{}
 			err = convertToStructuredResource(storageconfigUpdatedCertEncodedPath, expectedUpdatedStorageConfigSecret)
 			Expect(err).NotTo(HaveOccurred())
-
+			
 			Expect(compareSecrets(updatedStorageconfigSecret, expectedUpdatedStorageConfigSecret)).Should((BeTrue()))
 		})
 	})
 
-	Context("when a configmap odh-trusted-ca-bundle does not exists", func() {
+	Context("when a configmap odh-kserve-custom-ca-bundle does not exists", func() {
 		It("should not return error", func() {
 			dataconnectionStringSecret := &corev1.Secret{}
 

controllers/suite_test.go

@@ -71,24 +71,25 @@ var (
 )
 
 const (
-	WorkingNamespace                = "default"
-	MonitoringNS                    = "monitoring-ns"
-	RoleBindingPath                 = "./testdata/results/model-server-ns-role.yaml"
-	ServingRuntimePath1             = "./testdata/deploy/test-openvino-serving-runtime-1.yaml"
-	KserveServingRuntimePath1       = "./testdata/deploy/kserve-openvino-serving-runtime-1.yaml"
-	ServingRuntimePath2             = "./testdata/deploy/test-openvino-serving-runtime-2.yaml"
-	InferenceService1               = "./testdata/deploy/openvino-inference-service-1.yaml"
-	InferenceServiceNoRuntime       = "./testdata/deploy/openvino-inference-service-no-runtime.yaml"
-	KserveInferenceServicePath1     = "./testdata/deploy/kserve-openvino-inference-service-1.yaml"
-	InferenceServiceConfigPath1     = "./testdata/configmaps/inferenceservice-config.yaml"
-	ExpectedRoutePath               = "./testdata/results/example-onnx-mnist-route.yaml"
-	ExpectedRouteNoRuntimePath      = "./testdata/results/example-onnx-mnist-no-runtime-route.yaml"
-	DSCIWithAuthorization           = "./testdata/dsci-with-authorino-enabled.yaml"
-	DSCIWithoutAuthorization        = "./testdata/dsci-with-authorino-missing.yaml"
-	KServeAuthorizationPolicy       = "./testdata/kserve-authorization-policy.yaml"
-	odhtrustedcabundleConfigMapPath = "./testdata/configmaps/odh-trusted-ca-bundle-configmap.yaml"
-	timeout                         = time.Second * 20
-	interval                        = time.Millisecond * 10
+	WorkingNamespace                     = "default"
+	MonitoringNS                         = "monitoring-ns"
+	RoleBindingPath                      = "./testdata/results/model-server-ns-role.yaml"
+	ServingRuntimePath1                  = "./testdata/deploy/test-openvino-serving-runtime-1.yaml"
+	KserveServingRuntimePath1            = "./testdata/deploy/kserve-openvino-serving-runtime-1.yaml"
+	ServingRuntimePath2                  = "./testdata/deploy/test-openvino-serving-runtime-2.yaml"
+	InferenceService1                    = "./testdata/deploy/openvino-inference-service-1.yaml"
+	InferenceServiceNoRuntime            = "./testdata/deploy/openvino-inference-service-no-runtime.yaml"
+	KserveInferenceServicePath1          = "./testdata/deploy/kserve-openvino-inference-service-1.yaml"
+	InferenceServiceConfigPath1          = "./testdata/configmaps/inferenceservice-config.yaml"
+	ExpectedRoutePath                    = "./testdata/results/example-onnx-mnist-route.yaml"
+	ExpectedRouteNoRuntimePath           = "./testdata/results/example-onnx-mnist-no-runtime-route.yaml"
+	DSCIWithAuthorization                = "./testdata/dsci-with-authorino-enabled.yaml"
+	DSCIWithoutAuthorization             = "./testdata/dsci-with-authorino-missing.yaml"
+	KServeAuthorizationPolicy            = "./testdata/kserve-authorization-policy.yaml"
+	odhtrustedcabundleConfigMapPath      = "./testdata/configmaps/odh-trusted-ca-bundle-configmap.yaml"
+	odhKserveCustomCABundleConfigMapPath = "./testdata/configmaps/odh-kserve-custom-ca-cert-configmap.yaml"
+	timeout                              = time.Second * 20
+	interval                             = time.Millisecond * 10
 )
 
 func init() {

go.mod

@@ -4,13 +4,15 @@ go 1.21
 
 require (
 	github.com/go-logr/logr v1.3.0
+	github.com/hashicorp/errwrap v1.1.0
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/kserve/kserve v0.12.1
 	github.com/kuadrant/authorino v0.15.0
 	github.com/onsi/ginkgo v1.16.5
 	github.com/onsi/gomega v1.30.0
 	github.com/opendatahub-io/model-registry v0.1.1
 	github.com/openshift/api v3.9.0+incompatible
+	github.com/pkg/errors v0.9.1
 	github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.64.1
 	github.com/tidwall/gjson v1.17.0
 	go.uber.org/zap v1.26.0
@@ -62,7 +64,6 @@ require (
 	github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
 	github.com/googleapis/gax-go/v2 v2.12.0 // indirect
 	github.com/googleapis/google-cloud-go-testing v0.0.0-20210719221736-1c9a4c676720 // indirect
-	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/imdario/mergo v0.3.16 // indirect
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
@@ -74,7 +75,6 @@ require (
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/nxadm/tail v1.4.8 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
-	github.com/pkg/errors v0.9.1 // indirect
 	github.com/prometheus/client_golang v1.17.0 // indirect
 	github.com/prometheus/client_model v0.5.0 // indirect
 	github.com/prometheus/common v0.45.0 // indirect

main.go

@@ -20,6 +20,7 @@ import (
 	"context"
 	"flag"
 	"os"
+	"slices"
 	"strconv"
 
 	"github.com/opendatahub-io/odh-model-controller/controllers/webhook"
@@ -233,15 +234,17 @@ func main() {
 	}
 
 	ctx := ctrl.SetupSignalHandler()
-	if err = (&controllers.NimAccountReconciler{
-		Client:  mgr.GetClient(),
-		Log:     ctrl.Log.WithName("controllers").WithName("NimAccountReconciler"),
-		KClient: kclient,
-	}).SetupWithManager(mgr, ctx); err != nil {
-		setupLog.Error(err, "unable to create controller NIM Account controller")
-		os.Exit(1)
+	nimState := os.Getenv("NIM_STATE")
+	if !slices.Contains([]string{"removed", ""}, nimState) {
+		if err = (&controllers.NimAccountReconciler{
+			Client:  mgr.GetClient(),
+			Log:     ctrl.Log.WithName("controllers").WithName("NimAccountReconciler"),
+			KClient: kclient,
+		}).SetupWithManager(mgr, ctx); err != nil {
+			setupLog.Error(err, "unable to create controller NIM Account controller")
+			os.Exit(1)
+		}
 	}
-
 	if err = builder.WebhookManagedBy(mgr).
 		For(&nimv1.Account{}).
 		WithValidator(webhook.NewNimAccountValidator(mgr.GetClient())).