Merge branch 'rq-54596' of github.com:ryancham715/models-as-a-service into ryan/rq-54596

Author: jrhyness

deployment/base/maas-controller/crd/bases/maas.opendatahub.io_maasmodelrefs.yaml

@@ -55,6 +55,25 @@ spec:
           spec:
             description: MaaSModelSpec defines the desired state of MaaSModelRef
             properties:
+              credentialRef:
+                description: |-
+                  CredentialRef references a Kubernetes Secret containing the provider API key.
+                  The Secret must contain a data key "api-key" with the credential value.
+                  Only used when modelRef.kind=ExternalModel.
+                properties:
+                  name:
+                    description: Name is the name of the Secret
+                    maxLength: 253
+                    minLength: 1
+                    type: string
+                  namespace:
+                    description: Namespace is the namespace of the Secret. Defaults
+                      to the MaaSModelRef namespace if omitted.
+                    maxLength: 253
+                    type: string
+                required:
+                - name
+                type: object
               endpointOverride:
                 description: |-
                   EndpointOverride, when set, overrides the endpoint URL that the controller
@@ -64,6 +83,16 @@ spec:
               modelRef:
                 description: ModelRef references the actual model endpoint
                 properties:
+                  endpoint:
+                    description: |-
+                      Endpoint is the FQDN of the external provider (no scheme or path).
+                      e.g. "api.openai.com". Only used when kind=ExternalModel.
+                      This field is metadata for downstream consumers (e.g. BBR provider-resolver plugin)
+                      and is not used by the controller for endpoint derivation. Use spec.endpointOverride
+                      to override the controller-derived endpoint.
+                    maxLength: 253
+                    pattern: ^[a-zA-Z0-9]([a-zA-Z0-9\-]*[a-zA-Z0-9])?(\.[a-zA-Z0-9]([a-zA-Z0-9\-]*[a-zA-Z0-9])?)*$
+                    type: string
                   kind:
                     description: Kind determines which fields are available
                     enum:
@@ -73,10 +102,20 @@ spec:
                   name:
                     description: Name is the name of the model resource
                     type: string
+                  provider:
+                    description: |-
+                      Provider identifies the API format and auth type for external models.
+                      e.g. "openai", "anthropic". Only used when kind=ExternalModel.
+                    maxLength: 63
+                    type: string
                 required:
                 - kind
                 - name
                 type: object
+                x-kubernetes-validations:
+                - message: provider is required when kind is ExternalModel
+                  rule: self.kind != 'ExternalModel' || has(self.provider) && self.provider
+                    != ''
             required:
             - modelRef
             type: object

maas-controller/api/maas/v1alpha1/maasmodelref_types.go

@@ -29,16 +29,50 @@ type MaaSModelSpec struct {
 	// or Gateway/HTTPRoute).
 	// +optional
 	EndpointOverride string `json:"endpointOverride,omitempty"`
+	// CredentialRef references a Kubernetes Secret containing the provider API key.
+	// The Secret must contain a data key "api-key" with the credential value.
+	// Only used when modelRef.kind=ExternalModel.
+	// +optional
+	CredentialRef *CredentialReference `json:"credentialRef,omitempty"`
+}
+
+// CredentialReference references a Kubernetes Secret with provider API credentials.
+type CredentialReference struct {
+	// Name is the name of the Secret
+	// +kubebuilder:validation:MinLength=1
+	// +kubebuilder:validation:MaxLength=253
+	Name string `json:"name"`
+	// Namespace is the namespace of the Secret. Defaults to the MaaSModelRef namespace if omitted.
+	// +kubebuilder:validation:MaxLength=253
+	// +optional
+	Namespace string `json:"namespace,omitempty"`
 }
 
 // ModelReference references a model endpoint in the same namespace
+// +kubebuilder:validation:XValidation:rule="self.kind != 'ExternalModel' || has(self.provider) && self.provider != ''",message="provider is required when kind is ExternalModel"
 type ModelReference struct {
 	// Kind determines which fields are available
 	// +kubebuilder:validation:Enum=LLMInferenceService;ExternalModel
 	Kind string `json:"kind"`
 
 	// Name is the name of the model resource
 	Name string `json:"name"`
+
+	// Provider identifies the API format and auth type for external models.
+	// e.g. "openai", "anthropic". Only used when kind=ExternalModel.
+	// +kubebuilder:validation:MaxLength=63
+	// +optional
+	Provider string `json:"provider,omitempty"`
+
+	// Endpoint is the FQDN of the external provider (no scheme or path).
+	// e.g. "api.openai.com". Only used when kind=ExternalModel.
+	// This field is metadata for downstream consumers (e.g. BBR provider-resolver plugin)
+	// and is not used by the controller for endpoint derivation. Use spec.endpointOverride
+	// to override the controller-derived endpoint.
+	// +kubebuilder:validation:MaxLength=253
+	// +kubebuilder:validation:Pattern=`^[a-zA-Z0-9]([a-zA-Z0-9\-]*[a-zA-Z0-9])?(\.[a-zA-Z0-9]([a-zA-Z0-9\-]*[a-zA-Z0-9])?)*$`
+	// +optional
+	Endpoint string `json:"endpoint,omitempty"`
 }
 
 // MaaSModelStatus defines the observed state of MaaSModelRef

maas-controller/api/maas/v1alpha1/zz_generated.deepcopy.go

@@ -14,29 +14,30 @@ require (
 )
 
 require (
-	cel.dev/expr v0.19.2 // indirect
+	cel.dev/expr v0.25.1 // indirect
 	cloud.google.com/go v0.118.3 // indirect
 	cloud.google.com/go/auth v0.15.0 // indirect
 	cloud.google.com/go/auth/oauth2adapt v0.2.8 // indirect
-	cloud.google.com/go/compute/metadata v0.6.0 // indirect
+	cloud.google.com/go/compute/metadata v0.9.0 // indirect
 	cloud.google.com/go/iam v1.4.1 // indirect
 	cloud.google.com/go/monitoring v1.24.1 // indirect
 	cloud.google.com/go/storage v1.51.0 // indirect
-	github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.25.0 // indirect
+	github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.30.0 // indirect
 	github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.51.0 // indirect
 	github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.51.0 // indirect
 	github.com/aws/aws-sdk-go v1.55.6 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
-	github.com/cncf/xds/go v0.0.0-20250121191232-2f005788dc42 // indirect
+	github.com/cncf/xds/go v0.0.0-20251210132809-ee656c7534f5 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/emicklei/go-restful/v3 v3.12.2 // indirect
-	github.com/envoyproxy/go-control-plane/envoy v1.32.4 // indirect
-	github.com/envoyproxy/protoc-gen-validate v1.2.1 // indirect
+	github.com/envoyproxy/go-control-plane/envoy v1.36.0 // indirect
+	github.com/envoyproxy/protoc-gen-validate v1.3.0 // indirect
 	github.com/evanphx/json-patch/v5 v5.9.11 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/fsnotify/fsnotify v1.9.0 // indirect
 	github.com/fxamacker/cbor/v2 v2.8.0 // indirect
+	github.com/go-jose/go-jose/v4 v4.1.3 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-logr/zapr v1.3.0 // indirect
 	github.com/go-openapi/jsonpointer v0.21.1 // indirect
@@ -68,9 +69,10 @@ require (
 	github.com/prometheus/common v0.64.0 // indirect
 	github.com/prometheus/procfs v0.16.1 // indirect
 	github.com/spf13/pflag v1.0.6 // indirect
+	github.com/spiffe/go-spiffe/v2 v2.6.0 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
 	go.opentelemetry.io/auto/sdk v1.2.1 // indirect
-	go.opentelemetry.io/contrib/detectors/gcp v1.34.0 // indirect
+	go.opentelemetry.io/contrib/detectors/gcp v1.39.0 // indirect
 	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.59.0 // indirect
 	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0 // indirect
 	go.opentelemetry.io/otel v1.40.0 // indirect
@@ -80,21 +82,21 @@ require (
 	go.opentelemetry.io/otel/trace v1.40.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.27.0 // indirect
-	golang.org/x/crypto v0.45.0 // indirect
-	golang.org/x/net v0.47.0 // indirect
-	golang.org/x/oauth2 v0.30.0 // indirect
-	golang.org/x/sync v0.18.0 // indirect
+	golang.org/x/crypto v0.46.0 // indirect
+	golang.org/x/net v0.48.0 // indirect
+	golang.org/x/oauth2 v0.34.0 // indirect
+	golang.org/x/sync v0.19.0 // indirect
 	golang.org/x/sys v0.40.0 // indirect
-	golang.org/x/term v0.37.0 // indirect
-	golang.org/x/text v0.31.0 // indirect
+	golang.org/x/term v0.38.0 // indirect
+	golang.org/x/text v0.32.0 // indirect
 	golang.org/x/time v0.12.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.5.0 // indirect
 	google.golang.org/api v0.228.0 // indirect
 	google.golang.org/genproto v0.0.0-20250303144028-a0af3efb3deb // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20250303144028-a0af3efb3deb // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20250313205543-e70fdf4c4cb4 // indirect
-	google.golang.org/grpc v1.71.1 // indirect
-	google.golang.org/protobuf v1.36.6 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 // indirect
+	google.golang.org/grpc v1.79.3 // indirect
+	google.golang.org/protobuf v1.36.10 // indirect
 	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
 	gopkg.in/go-playground/validator.v9 v9.31.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect