Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Address github.com/pkg/sftp Denial of Service (DoS) #267

Merged
merged 1 commit into from
Jan 17, 2024
Merged

Address github.com/pkg/sftp Denial of Service (DoS) #267

merged 1 commit into from
Jan 17, 2024

Conversation

Jooho
Copy link

@Jooho Jooho commented Jan 16, 2024

Address github.com/pkg/sftp Denial of Service (DoS)
https://app.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMPKGSFTP-569475

Motivation

Modifications

Result

PR checklist

Checklist items below are applicable for development targeted to both fast and stable branches/tags

  • Unit tests pass locally
  • FVT tests pass locally
  • If the PR adds a new container image or updates the tag of an existing image (not build within cpaas), is the corresponding change made in live-builder and cpaas-midstream to add/update the image tag in the operator CSV? Link the PRs if applicable

Checklist items below are applicable for development targeted to both fast and stable branches/tags

  • Tested modelmesh serving deployment with odh-manifests and ran odh-manifests-e2e tests locally

@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented Jan 16, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Jooho

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@Jooho
Copy link
Author

Jooho commented Jan 17, 2024

it turned out that the build issue only happened with release-0.11.1 so I created another PR (#268)

@Jooho
Copy link
Author

Jooho commented Jan 17, 2024

/retest

@Jooho Jooho added the lgtm label Jan 17, 2024
@Jooho Jooho self-assigned this Jan 17, 2024
@openshift-merge-bot openshift-merge-bot bot merged commit aa97175 into opendatahub-io:release-0.11.1 Jan 17, 2024
5 checks passed
@Jooho Jooho mentioned this pull request Jan 17, 2024
Merged
VedantMahabaleshwarkar pushed a commit to VedantMahabaleshwarkar/modelmesh-serving that referenced this pull request Apr 26, 2024
@chinhuang007
Feat: Add PVC storage support (opendatahub-io#267)
f794ffc 
* Add PVC support

Add PVC support according to the design and discussions
captured in the issue, kserve#230

Signed-off-by: Chin Huang <[email protected]>

* add predictor controller login

Signed-off-by: Chin Huang <[email protected]>

* code restructure, cleanup based on review

Signed-off-by: Chin Huang <[email protected]>

* fix addPullerSidecar to include all pvcs

Signed-off-by: Chin Huang <[email protected]>

* restructure and simplify code, use global configmap rather than env var

Signed-off-by: Chin Huang <[email protected]>

* make AllowAnyPVC dynamic, update docs

Signed-off-by: Chin Huang <[email protected]>

* add runtimeSupportsPredictor check

Signed-off-by: Chin Huang <[email protected]>

* use PredictorRegistry and add storage to find()

Signed-off-by: Chin Huang <[email protected]>

---------

Signed-off-by: Chin Huang <[email protected]>
VedantMahabaleshwarkar pushed a commit to VedantMahabaleshwarkar/modelmesh-serving that referenced this pull request Apr 26, 2024
@ckadner
Bug fixes and E2E tests for PVC storage (kserve#340)
3f01857 
Motivation

Address PVC follow-up work items outlined in kserve#337 for PVC storage introduced in opendatahub-io#267

Modifications

Code changes:
- Sort PVC mounts on serving runtime specs to avoid unstable repeated
runtime rollouts as Kubernetes treat two otherwise identical deployment
specs as different if the same set of volume mounts are in different order
- Don't add non-existent PVCs from predictor/ISVC when allowAnyPVC is
enabled as this would cause all serving pods for that runtime to stay in
- Pending state with unbound (pending) volumes
- Tolerate missing storage-config secret when allowAnyPVC is enabled
- Lint: fix "io/ioutil" deprecations

FVT changes:
- Add Storage test suite
- Add helper methods to add PVC to storage-config during FVT
- Allow for additional time in WaitForReadyDeployStatus but allow early abort on success
- Check if pod still running before gRPC/REST requests, reconnect if necessary
- Only choose "Ready" runtime pod for port-forwards
- Include ISVC tests in Predictor test suite to ensure "serial" execution of TLS tests

Resolves kserve#337

Signed-off-by: Christian Kadner <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@heyselbi heyselbi Awaiting requested review from heyselbi

@VedantMahabaleshwarkar VedantMahabaleshwarkar Awaiting requested review from VedantMahabaleshwarkar

Assignees

@Jooho Jooho

Labels
approved lgtm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@Jooho