Support continuous model validation #89
Conversation
miyunari
force-pushed
the
continues_check
branch
from
49f515e to
0da7550
Compare
miyunari
changed the title
miyunari
force-pushed
the
continues_check
branch
from
0da7550 to
71e1468
Compare
| } | ||
|
|
||
| func runValidation(args []string, logger logr.Logger) error { | ||
| cmd := exec.Command("/usr/local/bin/model_signing", args...) |
There was a problem hiding this comment.
In the future it might be more ideal to use the go library.
miyunari
force-pushed
the
continues_check
branch
4 times, most recently
from
de401ee to
fb05249
Compare
Provide optional continuous model validation supported on k8s 1.28 or newer.
The continuousValidation entry currently only supports checking the model
on a given interval.
In the future we may want to extend it to support things like:
- onCRDChange
- onSigChange
- ...
Example:
```yaml
apiVersion: ml.sigstore.dev/v1alpha1
kind: ModelValidation
metadata:
name: continuous-signed-test
spec:
config:
publicKeyConfig:
keyPath: /keys/test_public_key.pub
model:
path: /data
signaturePath: /data/model.sig
imagePullPolicy: Always
continuousValidation:
enabled: true
interval: "5m"
```
Signed-off-by: Nina Bongartz <pnink@web.de>
E2E tests were failing with Init:ErrImagePull because the operator expected ghcr.io/sigstore/model-validation-agent:v0.1.0 but e2e built ghcr.io/sigstore/model-validation-operator-agent:v0.0.1. Fix by building the agent image with the correct name that matches the hardcoded constant in internal/constants/images.go. Also set imagePullPolicy: IfNotPresent in test templates to ensure e2e tests use locally loaded images instead of trying to pull from the registry. Signed-off-by: Nina Bongartz <pnink@web.de>
miyunari
force-pushed
the
continues_check
branch
2 times, most recently
from
30ee8ab to
a3a9e13
Compare
The e2e test "should successfully validate with public key signature" was failing with permission denied errors when the validation-agent tried to read model files. Root cause: - The validation-agent runs as UID 65532 (non-root) per Dockerfile.agent - The model-data-setup DaemonSet runs as root and copies files to hostPath - Files copied by root were not readable by the non-root agent process Fix: - Added chmod -R a+rX to make files readable by all users - The 'a+rX' flag makes files readable and directories executable - Capital X only adds execute on directories, not regular files This allows the validation-agent to successfully read model files during validation. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> Signed-off-by: Nina Bongartz <pnink@web.de>
miyunari
force-pushed
the
continues_check
branch
from
a3a9e13 to
c9b93d8
Compare
|
|
||
| # AGENT_IMG defines the image:tag used for the validation agent. | ||
| # Use the same agent image name as hardcoded in internal/constants/images.go | ||
| AGENT_IMG ?= ghcr.io/sigstore/model-validation-agent:v0.1.0 |
There was a problem hiding this comment.
As mentioned in comment, we probably shouldn't hardcode the same image version in two different places, might cause image drift in the future/not needed extra maintenance
There was a problem hiding this comment.
It can be added as a build flag
|
|
||
| if err := server.ListenAndServe(); err != nil { | ||
| logger.Error(err, "Health server failed") | ||
| os.Exit(1) |
There was a problem hiding this comment.
We should have some sort of graceful shutdown for the health server, otherwise it will keep running until terminated if we have an issue with the main app
There was a problem hiding this comment.
+1, we should be able to pass in a context and have that trigger the shutdown.
| // Interval defines how often to re-validate the model (e.g., "5m", "1h"). | ||
| // Only used when Enabled is true. | ||
| // +kubebuilder:default="5m" | ||
| // +kubebuilder:validation:Pattern=`^([0-9]+(\.[0-9]+)?(s|m|h))+$` |
There was a problem hiding this comment.
This regex allows for patterns like 1s and such, we probably don't want to cause massive CPU usage. We should add a minimum interval like 1m/5m to prevent a DOS scenario
|
|
||
| container := corev1.Container{ | ||
| Name: constants.ModelValidationInitContainerName, | ||
| Image: constants.ModelValidationAgentImage, |
There was a problem hiding this comment.
From my understanding, even if continuous validation is not enabled, we still use ModelValidationAgentImage instead of ModelTransparencyCliImage?
| imagePullPolicy = mv.Spec.ImagePullPolicy | ||
| } | ||
|
|
||
| container := corev1.Container{ |
There was a problem hiding this comment.
We should add resource limits to the sidecar container to prevent unbounded resource allocation
| if pp.Annotations == nil { | ||
| pp.Annotations = make(map[string]string) | ||
| } | ||
| pp.Annotations[constants.ContinuousValidationAnnotationKey] = "true" |
There was a problem hiding this comment.
I don't see this annotation actually being used anywhere, is this purely just for tracking/not to be used programatically to achieve something?
|
Looks good so far, left some questions/review on the PR :) |
| } | ||
|
|
||
| // ContinuousValidation defines the configuration for continuous model validation. | ||
| // When enabled, the validation container runs as a native sidecar (requires Kubernetes 1.28+) |
There was a problem hiding this comment.
FYI this feature is only enabled by default from 1.29, when it became beta, and needs to be enabled in 1.28
|
|
||
| # AGENT_IMG defines the image:tag used for the validation agent. | ||
| # Use the same agent image name as hardcoded in internal/constants/images.go | ||
| AGENT_IMG ?= ghcr.io/sigstore/model-validation-agent:v0.1.0 |
There was a problem hiding this comment.
It can be added as a build flag
|
|
||
| if err := server.ListenAndServe(); err != nil { | ||
| logger.Error(err, "Health server failed") | ||
| os.Exit(1) |
There was a problem hiding this comment.
+1, we should be able to pass in a context and have that trigger the shutdown.
3 participants
Provide optional continuous model validation supported on k8s 1.28 or newer.
The continuousValidation entry currently only supports checking the model
on a given interval.
In the future we may want to extend it to support things like:
Example:
Signed-off-by: Nina Bongartz pnink@web.de