[release-0.12.1] Cherry picks - Fixes for ODH #345

Signed-off-by: Vedant Mahabaleshwarkar <[email protected]>

Signed-off-by: jooho <[email protected]>

Fixes CVE-2024-24762 - Regular Expression Denial of Service (ReDoS) Remove the fastapi when this is addressed: https://issues.redhat.com/browse/RHOAIENG-3894 or ray releses a new version that removes the fastapi version pinning and it gets updated on KServe Signed-off-by: Spolti <[email protected]>

Signed-off-by: Vedant Mahabaleshwarkar <[email protected]>

The increased memory limit is for the controller pod to work normally in clusters having 9k+ secrets. Related https://issues.redhat.com/browse/RHOAIENG-3996 Signed-off-by: Edgar Hernández <[email protected]>

* Upgrade orjson to version 3.9.15 chore: Fixes [CVE-2024-27454](https://nvd.nist.gov/vuln/detail/CVE-2024-27454): orjson.loads in orjson before 3.9.15 does not limit recursion for deeply nested JSON documents. Signed-off-by: Spolti <[email protected]> * Update python/kserve/pyproject.toml Co-authored-by: Sivanantham <[email protected]> Signed-off-by: Filippe Spolti <[email protected]> * re-run poetry lock Signed-off-by: Spolti <[email protected]> --------- Signed-off-by: Spolti <[email protected]> Signed-off-by: Filippe Spolti <[email protected]> Co-authored-by: Sivanantham <[email protected]>

Signed-off-by: jooho <[email protected]>

…ets (kserve#3469) * Remove cluster level list/watch for configmaps, serviceaccounts, secrets Signed-off-by: Sivanantham Chinnaiyan <[email protected]> * Resolve comments Signed-off-by: Sivanantham Chinnaiyan <[email protected]> --------- Signed-off-by: Sivanantham Chinnaiyan <[email protected]>

Signed-off-by: Andrews Arokiam <[email protected]>

Since ODH would support KServe's RawDeployment mode, this modifies the scripts around OpenShift-ci setup to be possible to run RawDeployment-related E2Es. The run-e2e-tests.sh script is modified to exclude installation of Service Mesh and Serverless, when RawDeployments E2Es are requested to run. A supporting file inferenceservice-openshift-ci-raw.yaml was added to patch KServe's configuration to use RawDeployment mode by default and to use OpenShift Ingress when exposing Inference Services. Since the E2Es use some annotations in the InferenceService, changes done to the v1beta1_inference_service.py file in commit ecff079 were reverted. As an alternative, the `enablePassthrough` annotation was moved to the ServingRuntime resources. This is not only cleaner, but also reduces the diverging code with the upstream repository. Furthermore, this seems to be an auto-generated file that should not be touched. Signed-off-by: Edgar Hernández <[email protected]>

chore: fixes the GH [Alert](https://github.com/kserve/kserve/security/code-scanning/12080). filepath.Clean sanitizes the directory path and remove any unnecessary components (such as . and ..) Signed-off-by: Spolti <[email protected]>

…Mode Deployment Signed-off-by: Spolti <[email protected]>

Signed-off-by: Spolti <[email protected]>

opendatahub-io#292) * [RHOAIENG-4617] - follow up - remove hardcoded fastapi from Dockerfile As the Ray Serve latest release removed the hard dependency of old fastapi version we can now remove the workaround from the Storage Initializer Container Image. Signed-off-by: Spolti <[email protected]>

There is an error in the storage-initializer-docker-publisher workflow where a string is being used, but should be a variable. On PR merges, this is causing an error when trying to push the docker image of the storage initializer. This is fixing the issue by properly using the variable. Signed-off-by: Edgar Hernández <[email protected]>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[release-0.12.1] Cherry picks - Fixes for ODH #345

[release-0.12.1] Cherry picks - Fixes for ODH #345

Commits on May 6, 2024