tlsInsecureSkipVerify to ExternalModel spec validation with PR: opendatahub-io/models-as-a-service#646
- Commands to validate:
# Discover gateway
HOST=$(kubectl get maasmodelref facebook-opt-125m-simulated -n llm \
-o jsonpath='{.status.endpoint}' | sed -E 's#(https://[^/]+).*#\1#')
echo "HOST=$HOST"
# Mint API key
TOKEN=$(oc whoami -t)
API_KEY=$(curl -sSk -X POST "$HOST/maas-api/v1/api-keys" \
-H "Authorization: Bearer $TOKEN" \
-H 'Content-Type: application/json' \
-d '{"name":"validate-key","expiresIn":"2h"}' | jq -r '.key')
echo "API_KEY=$API_KEY"
# Internal model
curl -sSk "$HOST/llm/facebook-opt-125m-simulated/v1/chat/completions" \
-H 'Content-Type: application/json' \
-H "Authorization: Bearer $API_KEY" \
-d '{"model":"facebook/opt-125m","messages":[{"role":"user","content":"hello"}],"max_tokens":8}' | jq .
# External model (OpenAI)
curl -sSk "$HOST/gpt-4o/v1/chat/completions" \
-H 'Content-Type: application/json' \
-H "Authorization: Bearer $API_KEY" \
-d '{"model":"gpt-4o","messages":[{"role":"user","content":"say hi in one word"}],"max_tokens":8}' | jq .
# TLS: simulator (insecureSkipVerify=true)
kubectl get destinationrule maas-model-simulator-model-dr -n llm \
-o jsonpath='{.spec.trafficPolicy.tls}' | jq .
# TLS: OpenAI (no skip, production default)
kubectl get destinationrule maas-model-gpt-4o-dr -n llm \
-o jsonpath='{.spec.trafficPolicy.tls}' | jq .
- stdout:
$ HOST=$(kubectl get maasmodelref facebook-opt-125m-simulated -n llm \
-o jsonpath='{.status.endpoint}' | sed -E 's#(https://[^/]+).*#\1#')
echo "HOST=$HOST"
HOST=https://maas.apps.ci-ln-dp1ps9t-76ef8.aws-4.ci.openshift.org
$ TOKEN=$(oc whoami -t)
API_KEY=$(curl -sSk -X POST "$HOST/maas-api/v1/api-keys" \
-H "Authorization: Bearer $TOKEN" \
-H 'Content-Type: application/json' \
-d '{"name":"validate-key","expiresIn":"2h"}' | jq -r '.key')
echo "API_KEY=$API_KEY"
API_KEY=sk-oai-Ra5mfR1KuVNBMgbY_IsDL1jPMwbo5f2U9RQkdppx8GnfxvEVlumzyzw9jidQ
$ curl -sSk "$HOST/llm/facebook-opt-125m-simulated/v1/chat/completions" \
-H 'Content-Type: application/json' \
-H "Authorization: Bearer $API_KEY" \
-d '{"model":"facebook/opt-125m","messages":[{"role":"user","content":"hello"}],"max_tokens":8}' | jq .
{
"id": "chatcmpl-c07966dc-503d-5a59-8723-75ac404866b9",
"created": 1774904989,
"model": "facebook/opt-125m",
"usage": {
"prompt_tokens": 1,
"completion_tokens": 2,
"total_tokens": 3
},
"object": "chat.completion",
"kv_transfer_params": null,
"choices": [
{
"index": 0,
"finish_reason": "stop",
"message": {
"role": "assistant",
"content": "To be "
}
}
]
}
$ curl -sSk "$HOST/gpt-4o/v1/chat/completions" \
-H 'Content-Type: application/json' \
-H "Authorization: Bearer $API_KEY" \
-d '{"model":"gpt-4o","messages":[{"role":"user","content":"say hi in one word"}],"max_tokens":8}' | jq .
{
"id": "chatcmpl-DPE9vRJuXyoCnWceWxfSXxOSWmtkd",
"object": "chat.completion",
"created": 1774904999,
"model": "gpt-4o-2024-08-06",
"choices": [
{
"index": 0,
"message": {
"role": "assistant",
"content": "Hello!",
"refusal": null,
"annotations": []
},
"logprobs": null,
"finish_reason": "stop"
}
],
"usage": {
"prompt_tokens": 12,
"completion_tokens": 2,
"total_tokens": 14,
"prompt_tokens_details": {
"cached_tokens": 0,
"audio_tokens": 0
},
"completion_tokens_details": {
"reasoning_tokens": 0,
"audio_tokens": 0,
"accepted_prediction_tokens": 0,
"rejected_prediction_tokens": 0
}
},
"service_tier": "default",
"system_fingerprint": "fp_77cb783272"
}
$ kubectl get destinationrule maas-model-simulator-model-dr -n llm \
-o jsonpath='{.spec.trafficPolicy.tls}' | jq .
{
"insecureSkipVerify": true,
"mode": "SIMPLE"
}
$ kubectl get destinationrule maas-model-gpt-4o-dr -n llm \
-o jsonpath='{.spec.trafficPolicy.tls}' | jq .
{
"mode": "SIMPLE"
}