Merge remote-tracking branch 'origin/main' into architecture-section

Author: Jaland

README.md

@@ -1,4 +1,4 @@
-# # ODH - Models as a Service with Policy Management
+# ODH - Models as a Service with Policy Management
 
 Our goal is to create a comprehensive platform for **Models as a Service** with real-time policy management.
 

deployment/scripts/deploy-openshift.sh

@@ -162,6 +162,7 @@ echo "Required tools:"
 echo "  - oc: $(oc version --client --short 2>/dev/null | head -n1 || echo 'not found')"
 echo "  - jq: $(jq --version 2>/dev/null || echo 'not found')"
 echo "  - kustomize: $(kustomize version --short 2>/dev/null || echo 'not found')"
+echo "  - git: $(git --version 2>/dev/null || echo 'not found')"
 echo ""
 echo "ℹ️  Note: OpenShift Service Mesh should be automatically installed when GatewayClass is created."
 echo "   If the Gateway gets stuck in 'Waiting for controller', you may need to manually"
@@ -243,44 +244,13 @@ echo "   Deploying Gateway and GatewayClass..."
 cd "$PROJECT_ROOT"
 envsubst < deployment/base/networking/gateway-api.yaml | kubectl apply --server-side=true --force-conflicts -f -
 
-# Wait for Gateway API CRDs if not already present
-if ! kubectl get crd gateways.gateway.networking.k8s.io &>/dev/null 2>&1; then
-    echo "   Waiting for Gateway API CRDs..."
-    wait_for_crd "gateways.gateway.networking.k8s.io" 120 || \
-        echo "   ⚠️  Gateway API CRDs not yet available"
-fi
-
 echo ""
 echo "5️⃣ Checking for OpenDataHub/RHOAI KServe..."
 if kubectl get crd llminferenceservices.serving.kserve.io &>/dev/null 2>&1; then
     echo "   ✅ KServe CRDs already present (ODH/RHOAI detected)"
 else
     echo "   ⚠️  KServe not detected. Deploying ODH KServe components..."
-    echo "   Note: This may require multiple attempts as CRDs need to be established first."
-    
-    # First attempt
-    echo "   Attempting ODH KServe deployment (attempt 1/2)..."
-    if kustomize build "$PROJECT_ROOT/deployment/components/odh/kserve" | kubectl apply --server-side=true --force-conflicts -f - 2>/dev/null; then
-        echo "   ✅ Initial deployment successful"
-    else
-        echo "   ⚠️  First attempt failed (expected if CRDs not yet ready)"
-    fi
-    
-    # Wait for CRDs and operator pods, then retry
-    echo "   Waiting for KServe CRDs to be established..."
-    if wait_for_crd "llminferenceservices.serving.kserve.io" 120; then
-        
-        wait_for_pods "opendatahub" 120 || true
-        wait_for_validating_webhooks opendatahub 90 || true
-        
-        echo "   Retrying deployment (attempt 2/2)..."
-        kustomize build "$PROJECT_ROOT/deployment/components/odh/kserve" | kubectl apply --server-side=true --force-conflicts -f - && \
-            echo "   ✅ ODH KServe components deployed successfully" || \
-            echo "   ⚠️  ODH KServe deployment failed. This may be expected if ODH operator manages these resources."
-    else
-        echo "   ⚠️  CRDs did not become ready in time. Continuing anyway..."
-        echo "   Run: kustomize build $PROJECT_ROOT/deployment/components/odh/kserve | kubectl apply --server-side=true --force-conflicts -f -"
-    fi
+    "$SCRIPT_DIR/install-dependencies.sh" --odh
 fi
 
 echo ""

deployment/scripts/installers/install-odh.sh

@@ -5,29 +5,71 @@
 
 set -e
 
+
+# TODO: For now, default to DEV_INSTALL, because no suitable ODH version for MaaS has
+# TODO: been released yet. Switch to false once ODH releases.
+DEV_INSTALL=true
+if [[ $# -eq 1 ]] && [[ "$1" == "--dev" ]]; then
+    DEV_INSTALL=true
+elif [[ $# -ne 0 ]]; then
+    echo "This script only supports a single argument: --dev"
+    exit 1
+fi
+
 echo "========================================="
 echo "🚀 OpenDataHub (ODH) Installation"
 echo "========================================="
 echo ""
 
 # Step 1: Install ODH Operator
-echo "1️⃣ Installing ODH Operator..."
+if [[ "$DEV_INSTALL" == true ]]; then
+    ODH_OPERATOR_NS="opendatahub-operator-system"
+    echo "1️⃣ Installing ODH Operator from repository manifests..."
+    cat <<EOF | kubectl apply -f -
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: $ODH_OPERATOR_NS
+EOF
+
+    TMP_DIR=$(mktemp -d)
+    trap 'rm -fr -- "$TMP_DIR"' EXIT
+
+    pushd $TMP_DIR
+    git clone -q --depth 1 "https://github.com/opendatahub-io/opendatahub-operator.git"
+    if [[ $? -ne 0 ]]; then
+        echo "   Failed cloning repository https://github.com/opendatahub-io/opendatahub-operator.git"
+        popd
+        exit 1
+    fi
+
+    pushd ./opendatahub-operator
+    cp config/manager/kustomization.yaml.in config/manager/kustomization.yaml
+    sed -i 's#REPLACE_IMAGE#quay.io/opendatahub/opendatahub-operator#' config/manager/kustomization.yaml
+    kustomize build --load-restrictor LoadRestrictionsNone config/default | kubectl apply --namespace $ODH_OPERATOR_NS -f -
+    popd
+    popd
 
-# Check if operator is already installed
-if kubectl get csv -n openshift-operators 2>/dev/null | grep -q opendatahub-operator; then
-    echo "   ✅ ODH operator already installed"
+    echo "   Waiting for operator to be ready (this may take a few minutes)..."
+    kubectl wait deployment/opendatahub-operator-controller-manager -n $ODH_OPERATOR_NS --for condition=Available=True --timeout=300s
 else
-    echo "   Creating OperatorGroup..."
-    cat <<EOF | kubectl apply -f -
+    echo "1️⃣ Installing ODH Operator..."
+
+    # Check if operator is already installed
+    if kubectl get csv -n openshift-operators 2>/dev/null | grep -q opendatahub-operator; then
+        echo "   ✅ ODH operator already installed"
+    else
+        echo "   Creating OperatorGroup..."
+        cat <<EOF | kubectl apply -f -
 apiVersion: operators.coreos.com/v1
 kind: OperatorGroup
 metadata:
   name: opendatahub
   namespace: openshift-operators
 EOF
 
-    echo "   Creating Subscription..."
-    cat <<EOF | kubectl apply -f -
+        echo "   Creating Subscription..."
+        cat <<EOF | kubectl apply -f -
 apiVersion: operators.coreos.com/v1alpha1
 kind: Subscription
 metadata:
@@ -40,67 +82,36 @@ spec:
   sourceNamespace: openshift-marketplace
 EOF
 
-    echo "   Waiting for operator to be ready (this may take a few minutes)..."
-    sleep 30
-    
-    # Wait for operator to be ready
-    for i in {1..30}; do
-        if kubectl get deployment -n openshift-operators | grep -q opendatahub-operator; then
-            echo "   Operator deployment found, waiting for ready state..."
-            kubectl wait --for=condition=Available deployment -l app.kubernetes.io/name=opendatahub-operator -n openshift-operators --timeout=300s || true
-            break
-        fi
-        echo "   Waiting for operator deployment to appear... ($i/30)"
-        sleep 10
-    done
-fi
-
-# Step 2: Create ODH namespace if it doesn't exist
-echo ""
-echo "2️⃣ Creating opendatahub namespace..."
-kubectl create namespace opendatahub 2>/dev/null || echo "   Namespace already exists"
-
-# Step 3: Wait for CRDs to be registered
-echo ""
-echo "3️⃣ Waiting for ODH CRDs to be registered..."
-for i in {1..30}; do
-    if kubectl get crd dscinitializations.dscinitialization.opendatahub.io &>/dev/null 2>&1; then
-        echo "   ✅ DSCInitialization CRD found"
-        break
+        echo "   Waiting for operator to be ready (this may take a few minutes)..."
+        sleep 30
+
+      # Wait for operator to be ready
+      for i in {1..30}; do
+          if kubectl get deployment -n openshift-operators | grep -q opendatahub-operator; then
+              echo "   Operator deployment found, waiting for ready state..."
+              kubectl wait --for=condition=Available deployment -l app.kubernetes.io/name=opendatahub-operator -n openshift-operators --timeout=300s || true
+              break
+          fi
+          echo "   Waiting for operator deployment to appear... ($i/30)"
+          sleep 10
+      done
     fi
-    echo "   Waiting for DSCInitialization CRD... ($i/30)"
-    sleep 10
-done
-
-if ! kubectl get crd dscinitializations.dscinitialization.opendatahub.io &>/dev/null 2>&1; then
-    echo "   ❌ DSCInitialization CRD not found after waiting"
-    echo "   Please check the operator logs:"
-    echo "   kubectl logs -n openshift-operators deployment/opendatahub-operator-controller-manager"
-    exit 1
 fi
 
-# Step 4: Create DSCInitialization (REQUIRED before DataScienceCluster)
+# Step 2: Create DSCInitialization (REQUIRED before DataScienceCluster)
 echo ""
-echo "4️⃣ Creating DSCInitialization resource..."
+echo "2️⃣ Creating DSCInitialization resource..."
 cat <<EOF | kubectl apply -f -
-apiVersion: dscinitialization.opendatahub.io/v1
+apiVersion: dscinitialization.opendatahub.io/v2
 kind: DSCInitialization
 metadata:
   name: default-dsci
-  namespace: opendatahub
 spec:
   applicationsNamespace: opendatahub
   monitoring:
     managementState: Managed
     namespace: opendatahub
-  serviceMesh:
-    managementState: Managed
-    auth:
-      audiences:
-        - "https://kubernetes.default.svc"
-    controlPlane:
-      name: data-science-smcp
-      namespace: istio-system
+    metrics: {}
   trustedCABundle:
     managementState: Managed
 EOF
@@ -115,66 +126,43 @@ for i in {1..30}; do
     sleep 10
 done
 
-# Step 5: Create DataScienceCluster
+# Step 3: Create DataScienceCluster
 echo ""
-echo "5️⃣ Creating DataScienceCluster..."
+echo "3️⃣ Creating DataScienceCluster..."
 cat <<EOF | kubectl apply -f -
-apiVersion: datasciencecluster.opendatahub.io/v1
+apiVersion: datasciencecluster.opendatahub.io/v2
 kind: DataScienceCluster
 metadata:
   name: default-dsc
-  namespace: opendatahub
 spec:
   components:
-    # Core component for notebooks
-    dashboard:
-      managementState: Managed
-    
-    # Notebook controller
-    workbenches:
-      managementState: Managed
-    
-    # Model serving with KServe in RawDeployment mode (no Knative)
     kserve:
       managementState: Managed
-      defaultDeploymentMode: RawDeployment
       nim:
-        managementState: Managed  # Enable NVIDIA NIM support
-      rawDeploymentServiceConfig: Headless
-      serving:
-        ingressGateway:
-          certificate:
-            type: OpenshiftDefaultIngress
-        managementState: Removed  # Disable Knative serving (using RawDeployment)
-        name: knative-serving
-    
-    # Model serving platform
-    modelmeshserving:
-      managementState: Removed  # Use KServe instead
-    
-    # Data science pipelines
-    datasciencepipelines:
-      managementState: Removed  # Not needed for MaaS
-    
-    # Ray for distributed computing
+        managementState: Managed
+      rawDeploymentServiceConfig: Headed
+
+    # Components not needed for MaaS:
+    dashboard:
+      managementState: Removed
+    workbenches:
+      managementState: Removed
+    aipipelines:
+      managementState: Removed
     ray:
-      managementState: Removed  # Not needed for MaaS
-    
-    # Kueue for job queueing
+      managementState: Removed
     kueue:
-      managementState: Removed  # Not needed for MaaS
-    
-    # Model registry
+      managementState: Removed
     modelregistry:
-      managementState: Removed  # Not needed for MaaS
-    
-    # TrustyAI for model explainability
+      managementState: Removed
     trustyai:
-      managementState: Removed  # Not needed for MaaS
-    
-    # Training operator
+      managementState: Removed
     trainingoperator:
-      managementState: Removed  # Not needed for MaaS
+      managementState: Removed
+    feastoperator:
+      managementState: Removed
+    llamastackoperator:
+      managementState: Removed
 EOF
 
 echo "   Waiting for DataScienceCluster to be ready..."
@@ -190,7 +178,7 @@ for i in {1..60}; do
     sleep 10
 done
 
-# Step 6: Verify installation
+# Step 4: Verify installation
 echo ""
 echo "========================================="
 echo "📊 Verification"
@@ -204,25 +192,15 @@ echo ""
 echo "DataScienceCluster Status:"
 kubectl get datasciencecluster -n opendatahub
 
-echo ""
-echo "KServe Components:"
-kubectl get pods -n kserve 2>/dev/null || echo "KServe namespace not yet created"
-
-echo ""
-echo "Istio Components:"
-kubectl get pods -n istio-system 2>/dev/null || echo "Istio namespace not yet created"
-
 echo ""
 echo "========================================="
 echo "✅ ODH Installation Complete!"
 echo "========================================="
 echo ""
 echo "Next steps:"
-echo "1. Verify KServe is running: kubectl get pods -n kserve"
-echo "2. Check Service Mesh: kubectl get smcp -n istio-system"
-echo "3. Deploy your models using KServe InferenceService"
+echo "1. Deploy your models using KServe InferenceService"
 echo ""
 echo "If you encounter issues, check the logs:"
 echo "- ODH Operator: kubectl logs -n openshift-operators deployment/opendatahub-operator-controller-manager"
-echo "- DSCInitialization: kubectl describe dscinitializations -n opendatahub default-dsci"
-echo "- DataScienceCluster: kubectl describe datasciencecluster -n opendatahub default-dsc" 
+echo "- DSCInitialization: kubectl describe dscinitializations default-dsci"
+echo "- DataScienceCluster: kubectl describe datasciencecluster default-dsc"

docs/content/architecture.md

@@ -241,7 +241,9 @@ sequenceDiagram
     MaaS-->>User: {<br/>  "token": "...",<br/>  "expiration": "4h",<br/>  "expiresAt": 1234567890<br/>}
 ```
 
-### 2. Model Inference Flow
+### 3. Model Inference Flow
+
+The inference flow routes validated requests to RHOAI models:
 
 The Gateway API and RHCL components validate service account tokens and enforce policies: