Merge pull request #2 from thepetk/feature/add_byo_server_token_auth_support

Feature/add byo server token auth support

Author: thepetk

skeleton/gitops-template/components/http/base/deployment.yaml

@@ -32,6 +32,14 @@ spec:
         - configMapRef:
             name: ${{ values.name }}-database-config
         {%- endif %}
+        {%- if values.includeModelEndpointSecret %}
+        env:
+        - name: MODEL_ENDPOINT_BEARER
+          valueFrom:
+            secretKeyRef:
+              name: ${{  values.modelEndpointSecretName  }}
+              key: ${{  values.modelEndpointSecretKey  }}
+        {%- endif %}
         ports:
         - containerPort: ${{ values.appPort }}
         securityContext:

skeleton/gitops-template/components/http/base/rhoai/initialize-dsp.yaml

@@ -90,6 +90,13 @@ spec:
                       successThreshold: 1
                       timeoutSeconds: 1
                     env:
+                      {%- if values.includeModelEndpointSecret %}
+                      - name: MODEL_ENDPOINT_BEARER
+                        valueFrom:
+                          secretKeyRef:
+                            name: $${{   values.modelEndpointSecretName   }}
+                            key: $${{   values.modelEndpointSecretKey   }}
+                      {%- endif %}
                       - name: NOTEBOOK_ARGS
                         value: |-
                           --ServerApp.port=8888

skeleton/template.yaml

@@ -80,12 +80,36 @@ spec:
                   title: Model Server Endpoint
                   type: string
                   description: "The endpoint for an existing model server."
+                includeModelEndpointSecret:
+                  title: Bearer Authentication Required?
+                  type: boolean
+                  default: false
                 # SED_LLM_SERVER_START
                 modelName:
                   title: Model Name
                   type: string
                   ui:help: "The name of the model deployed on the model server you would like to use."
                 # SED_LLM_SERVER_END
+              dependencies:
+                includeModelEndpointSecret:
+                  allOf:
+                    - if:
+                        properties:
+                          includeModelEndpointSecret:
+                            const: true
+                      then:
+                        properties:
+                          modelEndpointSecretName:
+                            title: Model Endpoint Secret Name
+                            ui:help: Provide the name of the Secret containing your bearer token.
+                            type: string
+                          modelEndpointSecretKey:
+                            title: Model Endpoint Secret Key
+                            ui:help: Provide the Secret's key containing the token value.
+                            type: string
+                        required:
+                          - modelEndpointSecretName
+                          - modelEndpointSecretKey
             # SED_LLM_SERVER_START
             - properties:
                 modelServer:
@@ -340,6 +364,9 @@ spec:
           # SED_LLM_SERVER_END
           existingModelServer: ${{ parameters.modelServer === 'Existing model server' }}
           modelEndpoint: ${{ parameters.modelEndpoint }}
+          modelEndpointSecretName: ${{ parameters.modelEndpointSecretName }}
+          modelEndpointSecretKey: ${{ parameters.modelEndpointSecretKey }}
+          includeModelEndpointSecret: ${{ parameters.includeModelEndpointSecret }}
           # for RHOAI
           rhoaiSelected: ${{ parameters.rhoaiSelected }}
           # SED_DB_START

templates/audio-to-text/content/Containerfile

@@ -1,4 +1,4 @@
-FROM registry.access.redhat.com/ubi9/python-311:1-72.1722518949
+FROM registry.access.redhat.com/ubi9/python-311:1-77.1726664316
 WORKDIR /locallm
 COPY requirements.txt /locallm/requirements.txt
 RUN pip install --upgrade pip && \

templates/audio-to-text/content/whisper_client.py

@@ -8,13 +8,17 @@
 st.markdown("Upload an audio file you wish to have translated")
 endpoint = os.getenv("MODEL_ENDPOINT", default="http://0.0.0.0:8001")
 endpoint = f"{endpoint}/inference"
+endpoint_bearer = os.getenv("MODEL_ENDPOINT_BEARER")
+request_kwargs = {}
+if endpoint_bearer is not None:
+    request_kwargs["headers"] = {"Authorization": f"Bearer {endpoint_bearer}"}
 audio = st.file_uploader("", type=["wav","mp3","mp4","flac"], accept_multiple_files=False)
 # read audio file
 if audio:
     audio_bytes = audio.read()
     st.audio(audio_bytes, format='audio/wav', start_time=0)
-    files = {'file': audio_bytes}
-    response = requests.post(endpoint, files=files)
+    request_kwargs["files"] = {'file': audio_bytes}
+    response = requests.post(endpoint, **request_kwargs)
     response_json = response.json()
     st.subheader(f"Translated Text")
     st.text_area(label="", value=response_json['text'], height=300)

templates/audio-to-text/template.yaml

@@ -57,6 +57,30 @@ spec:
                   title: Model Server Endpoint
                   type: string
                   description: "The endpoint for an existing model server."
+                includeModelEndpointSecret:
+                  title: Bearer Authentication Required?
+                  type: boolean
+                  default: false
+              dependencies:
+                includeModelEndpointSecret:
+                  allOf:
+                    - if:
+                        properties:
+                          includeModelEndpointSecret:
+                            const: true
+                      then:
+                        properties:
+                          modelEndpointSecretName:
+                            title: Model Endpoint Secret Name
+                            ui:help: Provide the name of the Secret containing your bearer token.
+                            type: string
+                          modelEndpointSecretKey:
+                            title: Model Endpoint Secret Key
+                            ui:help: Provide the Secret's key containing the token value.
+                            type: string
+                        required:
+                          - modelEndpointSecretName
+                          - modelEndpointSecretKey
             # SED_ASR_MODEL_SERVER_START
             - properties:
                 modelServer:
@@ -270,6 +294,9 @@ spec:
           modelServicePort: 8001
           existingModelServer: ${{ parameters.modelServer === 'Existing model server' }}
           modelEndpoint: ${{ parameters.modelEndpoint }}
+          modelEndpointSecretName: ${{ parameters.modelEndpointSecretName }}
+          modelEndpointSecretKey: ${{ parameters.modelEndpointSecretKey }}
+          includeModelEndpointSecret: ${{ parameters.includeModelEndpointSecret }}
           # for RHOAI
           rhoaiSelected: ${{ parameters.rhoaiSelected }}
     - action: fs:rename

templates/chatbot/content/Containerfile

@@ -1,4 +1,4 @@
-FROM registry.access.redhat.com/ubi9/python-311:1-72.1722518949
+FROM registry.access.redhat.com/ubi9/python-311:1-77.1726664316
 WORKDIR /chat
 COPY requirements.txt .
 RUN pip install --upgrade pip

templates/chatbot/content/chatbot_ui.py

@@ -12,6 +12,10 @@
 model_service = os.getenv("MODEL_ENDPOINT",
                           "http://localhost:8001")
 model_service = f"{model_service}/v1"
+model_service_bearer = os.getenv("MODEL_ENDPOINT_BEARER")
+request_kwargs = {}
+if model_service_bearer is not None:
+    request_kwargs = {"headers": {"Authorization": f"Bearer {model_service_bearer}"}}
 
 @st.cache_resource(show_spinner=False)
 def checking_model_service():
@@ -20,8 +24,8 @@ def checking_model_service():
     ready = False
     while not ready:
         try:
-            request_cpp = requests.get(f'{model_service}/models')
-            request_ollama = requests.get(f'{model_service[:-2]}api/tags')
+            request_cpp = requests.get(f'{model_service}/models', **request_kwargs)
+            request_ollama = requests.get(f'{model_service[:-2]}api/tags', **request_kwargs)
             if request_cpp.status_code == 200:
                 server = "Llamacpp_Python"
                 ready = True
@@ -37,7 +41,7 @@ def checking_model_service():
 
 def get_models():
     try:
-        response = requests.get(f"{model_service[:-2]}api/tags")
+        response = requests.get(f"{model_service[:-2]}api/tags", **request_kwargs)
         return [i["name"].split(":")[0] for i in  
             json.loads(response.content)["models"]]
     except:
@@ -76,7 +80,7 @@ def memory():
             options=models)
 
 llm = ChatOpenAI(base_url=model_service, 
-        api_key="sk-no-key-required",
+        api_key="sk-no-key-required" if model_service_bearer is None else model_service_bearer,
         model=model_name,
         streaming=True,
         callbacks=[StreamlitCallbackHandler(st.empty(),

templates/chatbot/template.yaml

@@ -64,12 +64,36 @@ spec:
                   title: Model Server Endpoint
                   type: string
                   description: "The endpoint for an existing model server."
+                includeModelEndpointSecret:
+                  title: Bearer Authentication Required?
+                  type: boolean
+                  default: false
                 # SED_LLM_SERVER_START
                 modelName:
                   title: Model Name
                   type: string
                   ui:help: "The name of the model deployed on the model server you would like to use."
                 # SED_LLM_SERVER_END
+              dependencies:
+                includeModelEndpointSecret:
+                  allOf:
+                    - if:
+                        properties:
+                          includeModelEndpointSecret:
+                            const: true
+                      then:
+                        properties:
+                          modelEndpointSecretName:
+                            title: Model Endpoint Secret Name
+                            ui:help: Provide the name of the Secret containing your bearer token.
+                            type: string
+                          modelEndpointSecretKey:
+                            title: Model Endpoint Secret Key
+                            ui:help: Provide the Secret's key containing the token value.
+                            type: string
+                        required:
+                          - modelEndpointSecretName
+                          - modelEndpointSecretKey
             # SED_LLM_SERVER_START
             - properties:
                 modelServer:
@@ -300,6 +324,9 @@ spec:
           # SED_LLM_SERVER_END
           existingModelServer: ${{ parameters.modelServer === 'Existing model server' }}
           modelEndpoint: ${{ parameters.modelEndpoint }}
+          modelEndpointSecretName: ${{ parameters.modelEndpointSecretName }}
+          modelEndpointSecretKey: ${{ parameters.modelEndpointSecretKey }}
+          includeModelEndpointSecret: ${{ parameters.includeModelEndpointSecret }}
           # for RHOAI
           rhoaiSelected: ${{ parameters.rhoaiSelected }}
     - action: fs:rename

templates/codegen/content/Containerfile

@@ -1,4 +1,4 @@
-FROM registry.access.redhat.com/ubi9/python-311:1-72.1722518949
+FROM registry.access.redhat.com/ubi9/python-311:1-77.1726664316
 WORKDIR /codegen
 COPY requirements.txt .
 RUN pip install --upgrade pip

templates/codegen/content/codegen-app.py

@@ -10,6 +10,10 @@
 
 model_service = os.getenv("MODEL_ENDPOINT", "http://localhost:8001")
 model_service = f"{model_service}/v1"
+model_service_bearer = os.getenv("MODEL_ENDPOINT_BEARER")
+request_kwargs = {}
+if model_service_bearer is not None:
+    request_kwargs = {"headers": {"Authorization": f"Bearer {model_service_bearer}"}}
 
 @st.cache_resource(show_spinner=False)
 def checking_model_service():
@@ -18,7 +22,7 @@ def checking_model_service():
     ready = False
     while not ready:
         try:
-            request = requests.get(f'{model_service}/models')
+            request = requests.get(f'{model_service}/models', **request_kwargs)
             if request.status_code == 200:
                 ready = True
         except:
@@ -43,7 +47,7 @@ def checking_model_service():
 
 llm = ChatOpenAI(base_url=model_service,
                  model=model_name,
-                 api_key="EMPTY",
+                 api_key="EMPTY" if model_service_bearer is None else model_service_bearer,
                  streaming=True)
 
 # Define the Langchain chain

templates/codegen/template.yaml

@@ -64,12 +64,36 @@ spec:
                   title: Model Server Endpoint
                   type: string
                   description: "The endpoint for an existing model server."
+                includeModelEndpointSecret:
+                  title: Bearer Authentication Required?
+                  type: boolean
+                  default: false
                 # SED_LLM_SERVER_START
                 modelName:
                   title: Model Name
                   type: string
                   ui:help: "The name of the model deployed on the model server you would like to use."
                 # SED_LLM_SERVER_END
+              dependencies:
+                includeModelEndpointSecret:
+                  allOf:
+                    - if:
+                        properties:
+                          includeModelEndpointSecret:
+                            const: true
+                      then:
+                        properties:
+                          modelEndpointSecretName:
+                            title: Model Endpoint Secret Name
+                            ui:help: Provide the name of the Secret containing your bearer token.
+                            type: string
+                          modelEndpointSecretKey:
+                            title: Model Endpoint Secret Key
+                            ui:help: Provide the Secret's key containing the token value.
+                            type: string
+                        required:
+                          - modelEndpointSecretName
+                          - modelEndpointSecretKey
             # SED_LLM_SERVER_START
             - properties:
                 modelServer:
@@ -300,6 +324,9 @@ spec:
           # SED_LLM_SERVER_END
           existingModelServer: ${{ parameters.modelServer === 'Existing model server' }}
           modelEndpoint: ${{ parameters.modelEndpoint }}
+          modelEndpointSecretName: ${{ parameters.modelEndpointSecretName }}
+          modelEndpointSecretKey: ${{ parameters.modelEndpointSecretKey }}
+          includeModelEndpointSecret: ${{ parameters.includeModelEndpointSecret }}
           # for RHOAI
           rhoaiSelected: ${{ parameters.rhoaiSelected }}
     - action: fs:rename

templates/object-detection/content/Containerfile

@@ -1,4 +1,4 @@
-FROM registry.access.redhat.com/ubi9/python-311:1-72.1722518949
+FROM registry.access.redhat.com/ubi9/python-311:1-77.1726664316
 WORKDIR /locallm
 COPY requirements.txt /locallm/requirements.txt
 RUN pip install --upgrade pip && \

templates/object-detection/content/object_detection_client.py

@@ -7,8 +7,11 @@
 
 st.title("🕵️‍♀️ Object Detection")
 endpoint =os.getenv("MODEL_ENDPOINT", default = "http://0.0.0.0:8000")
+endpoint_bearer = os.getenv("MODEL_ENDPOINT_BEARER")
 headers = {"accept": "application/json",
            "Content-Type": "application/json"}
+if endpoint_bearer:
+    headers["Authorization"] = f"Bearer {endpoint_bearer}"
 image = st.file_uploader("Upload Image")
 window = st.empty()
 

templates/object-detection/content/requirements.txt

@@ -16,7 +16,7 @@ MarkupSafe==2.1.5
 mdurl==0.1.2
 numpy==1.26.4
 packaging==24.0
-pandas==2.2.2
+pandas==2.2.3
 pillow==10.3.0
 protobuf==4.25.3
 pyarrow==15.0.2
@@ -37,4 +37,4 @@ toolz==0.12.1
 tornado==6.4.1
 typing_extensions==4.11.0
 tzdata==2024.1
-urllib3==2.2.2
+urllib3==2.2.3

templates/object-detection/template.yaml

@@ -57,6 +57,30 @@ spec:
                   title: Model Server Endpoint
                   type: string
                   description: "The endpoint for an existing model server."
+                includeModelEndpointSecret:
+                  title: Bearer Authentication Required?
+                  type: boolean
+                  default: false
+              dependencies:
+                includeModelEndpointSecret:
+                  allOf:
+                    - if:
+                        properties:
+                          includeModelEndpointSecret:
+                            const: true
+                      then:
+                        properties:
+                          modelEndpointSecretName:
+                            title: Model Endpoint Secret Name
+                            ui:help: Provide the name of the Secret containing your bearer token.
+                            type: string
+                          modelEndpointSecretKey:
+                            title: Model Endpoint Secret Key
+                            ui:help: Provide the Secret's key containing the token value.
+                            type: string
+                        required:
+                          - modelEndpointSecretName
+                          - modelEndpointSecretKey
             # SED_DETR_MODEL_SERVER_START
             - properties:
                 modelServer:
@@ -270,6 +294,9 @@ spec:
           modelServicePort: 8000
           existingModelServer: ${{ parameters.modelServer === 'Existing model server' }}
           modelEndpoint: ${{ parameters.modelEndpoint }}
+          modelEndpointSecretName: ${{ parameters.modelEndpointSecretName }}
+          modelEndpointSecretKey: ${{ parameters.modelEndpointSecretKey }}
+          includeModelEndpointSecret: ${{ parameters.includeModelEndpointSecret }}
           # for RHOAI
           rhoaiSelected: ${{ parameters.rhoaiSelected }}
     - action: fs:rename

templates/rag/content/Containerfile

@@ -1,4 +1,4 @@
-FROM registry.access.redhat.com/ubi9/python-311:1-72.1722518949
+FROM registry.access.redhat.com/ubi9/python-311:1-77.1726664316
 ### Update sqlite for chroma
 USER root
 RUN dnf remove sqlite3 -y