feat: default allowed domains for huggingface inference deployments (#189)

Author: Pasichniuk

docs/configuration.md

@@ -242,11 +242,12 @@ TLS and routing rules are generated automatically from `app.nim.deploy.cluster-h
 | `app.mcp-registry.base-url` | `MCP_REGISTRY_BASE_URL`  | `https://registry.modelcontextprotocol.io` | No       | -            | Base URL of the MCP Registry API (used by the proxy). |
 
 ### Hugging Face Configuration
-| Property                         | Environment Variable             | Default Value            | Required | Applied when | Description                                |
-|----------------------------------|----------------------------------|--------------------------|----------|--------------|--------------------------------------------|
-| `huggingface.base-url`           | `HUGGINGFACE_BASE_URL`           | `https://huggingface.co` | No       | -            | Base URL for Hugging Face API              |
-| `huggingface.api-token`          | `HUGGINGFACE_API_TOKEN`          | -                        | No       | -            | API token for authentication               |
-| `huggingface.tag-cache-duration` | `HUGGINGFACE_TAG_CACHE_DURATION` | `24h`                    | No       | -            | Duration to cache tag data (e.g. 24h, 60m) |
+| Property                                   | Environment Variable                   | Default Value                                                   | Required | Applied when | Description                                                                                                                      |
+|--------------------------------------------|----------------------------------------|-----------------------------------------------------------------|----------|--------------|----------------------------------------------------------------------------------------------------------------------------------|
+| `app.huggingface.base-url`                 | `HUGGINGFACE_BASE_URL`                 | `https://huggingface.co`                                        | No       | -            | Base URL for Hugging Face API                                                                                                    |
+| `app.huggingface.api-token`                | `HUGGINGFACE_API_TOKEN`                | -                                                               | No       | -            | API token for authentication                                                                                                     |
+| `app.huggingface.tag-cache-duration`       | `HUGGINGFACE_TAG_CACHE_DURATION`       | `24h`                                                           | No       | -            | Duration to cache tag data (e.g. 24h, 60m)                                                                                       |
+| `app.huggingface.default-allowed-domains`  | `HUGGINGFACE_DEFAULT_ALLOWED_DOMAINS`  | `huggingface.co,transfer.xethub.hf.co,cas-server.xethub.hf.co`  | No       | -            | Comma-separated list of default domains added to Cilium network policy egress for inference deployments with HuggingFace source. |
 
 ### Validation Configuration
 

src/main/java/com/epam/aidial/deployment/manager/huggingface/properties/HuggingFaceProperties.java

@@ -1,18 +1,56 @@
 package com.epam.aidial.deployment.manager.huggingface.properties;
 
+import lombok.AccessLevel;
 import lombok.Getter;
 import lombok.Setter;
+import org.apache.commons.lang3.StringUtils;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.stereotype.Component;
 
 import java.time.Duration;
+import java.util.Collections;
+import java.util.List;
+import java.util.stream.Stream;
+import javax.annotation.PostConstruct;
+
+import static java.util.stream.Collectors.toList;
 
 @Getter
 @Setter
 @Component
 @ConfigurationProperties(prefix = "app.huggingface")
 public class HuggingFaceProperties {
+
     private String baseUrl;
     private String apiToken;
     private Duration tagCacheDuration;
+
+    @Getter(AccessLevel.NONE)
+    private String defaultAllowedDomains;
+
+    @Getter(AccessLevel.NONE)
+    private List<String> parsedDefaultAllowedDomains;
+
+    @PostConstruct
+    void initDefaultAllowedDomains() {
+        if (StringUtils.isBlank(defaultAllowedDomains)) {
+            parsedDefaultAllowedDomains = List.of();
+        } else {
+            parsedDefaultAllowedDomains = Stream.of(defaultAllowedDomains.split(","))
+                    .map(String::trim)
+                    .filter(s -> !s.isEmpty())
+                    .collect(toList());
+        }
+    }
+
+    /**
+     * Returns the default allowed domains for HuggingFace inference deployments egress.
+     * Parsed once at startup from the comma-separated {@link #defaultAllowedDomains} property.
+     * Null check is required for cases when method is called before init is done.
+     */
+    public List<String> getDefaultAllowedDomains() {
+        return parsedDefaultAllowedDomains == null
+                ? List.of()
+                : Collections.unmodifiableList(parsedDefaultAllowedDomains);
+    }
 }

src/main/java/com/epam/aidial/deployment/manager/service/deployment/AbstractDeploymentManager.java

@@ -113,7 +113,7 @@ public Deployment deploy(String id) {
                 @Override
                 public void afterCommit() {
                     try {
-                        createCiliumNetworkPolicy(id, deployment.getAllowedDomains(), getCiliumIngressPorts(deployment));
+                        createCiliumNetworkPolicy(id, getEffectiveDeploymentAllowedDomains(deployment), getCiliumIngressPorts(deployment));
                         createService(namespace, serviceSpec);
                     } catch (Exception e) {
                         var errorMessage = "Failed to deploy service '%s'".formatted(id);
@@ -741,7 +741,7 @@ public void updateCiliumNetworkPolicy(String id) {
         var deployment = getDeployment(id);
 
         try {
-            updateCiliumNetworkPolicy(id, deployment.getAllowedDomains(), getCiliumIngressPorts(deployment));
+            updateCiliumNetworkPolicy(id, getEffectiveDeploymentAllowedDomains(deployment), getCiliumIngressPorts(deployment));
         } catch (Exception e) {
             var errorMessage = "Cilium Network Policy update failed for deployment '%s'".formatted(id);
             log.warn(errorMessage, e);
@@ -785,10 +785,15 @@ private void deleteCiliumNetworkPolicy(String name) {
     protected Set<Integer> getCiliumIngressPorts(D deployment) {
         Set<Integer> ports = new HashSet<>();
         Optional.ofNullable(deployment.getContainerPort()).ifPresent(ports::add);
-        Optional.ofNullable(defaultContainerPort).ifPresent(ports::add);
+        ports.add(defaultContainerPort);
         return ports;
     }
 
+    protected List<String> getEffectiveDeploymentAllowedDomains(D deployment) {
+        var domains = deployment.getAllowedDomains();
+        return domains != null ? new ArrayList<>(domains) : new ArrayList<>();
+    }
+
     private Map<String, String> transformEnvs(Map<String, EnvVarValue> envs) {
         return MapUtils.emptyIfNull(envs).entrySet().stream()
                 .map(entry -> {

src/main/java/com/epam/aidial/deployment/manager/service/deployment/InferenceDeploymentManager.java

@@ -5,13 +5,15 @@
 import com.epam.aidial.deployment.manager.configuration.KserveDeployProperties;
 import com.epam.aidial.deployment.manager.configuration.logging.LogExecution;
 import com.epam.aidial.deployment.manager.dao.repository.DeploymentRepository;
+import com.epam.aidial.deployment.manager.huggingface.properties.HuggingFaceProperties;
 import com.epam.aidial.deployment.manager.kubernetes.K8sClient;
 import com.epam.aidial.deployment.manager.kubernetes.kserve.K8sKserveClient;
 import com.epam.aidial.deployment.manager.model.DeploymentStatus;
 import com.epam.aidial.deployment.manager.model.SensitiveEnvVar;
 import com.epam.aidial.deployment.manager.model.SimpleEnvVar;
 import com.epam.aidial.deployment.manager.model.deployment.Deployment;
 import com.epam.aidial.deployment.manager.model.deployment.InferenceDeployment;
+import com.epam.aidial.deployment.manager.model.deployment.InferenceDeploymentHuggingFaceSource;
 import com.epam.aidial.deployment.manager.service.manifest.InferenceManifestGenerator;
 import com.epam.aidial.deployment.manager.service.manifest.ManifestGenerator;
 import com.epam.aidial.deployment.manager.service.pipeline.specification.CiliumNetworkPolicyCreator;
@@ -22,11 +24,13 @@
 import io.kserve.serving.v1beta1.inferenceservicestatus.ModelStatus;
 import io.kserve.serving.v1beta1.inferenceservicestatus.modelstatus.States;
 import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.collections4.CollectionUtils;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.stereotype.Component;
 
 import java.util.List;
 import java.util.Optional;
+import java.util.stream.Stream;
 
 @Slf4j
 @Component
@@ -40,6 +44,7 @@ public class InferenceDeploymentManager extends AbstractModelDeploymentManager<I
     private final InferenceManifestGenerator inferenceManifestGenerator;
     private final K8sKserveClient k8sKserveClient;
     private final boolean useClusterInternalUrl;
+    private final List<String> defaultAllowedDomains;
 
     public InferenceDeploymentManager(
             K8sClient k8sClient,
@@ -50,14 +55,16 @@ public InferenceDeploymentManager(
             CiliumNetworkPolicyCreator ciliumNetworkPolicyCreator,
             DeploymentRepository deploymentRepository,
             K8sKserveClient k8sKserveClient,
-            KserveDeployProperties kserveDeployProperties
+            KserveDeployProperties kserveDeployProperties,
+            HuggingFaceProperties huggingFaceProperties
     ) {
         super(k8sClient, disposableResourceManager, manifestGenerator, deploymentRepository,
                 containerPortResolver, ciliumNetworkPolicyCreator, kserveDeployProperties.getNamespace(),
                 kserveDeployProperties.getStartupTimeout(), DEFAULT_KSERVE_SERVICE_PORT);
         this.inferenceManifestGenerator = inferenceManifestGenerator;
         this.k8sKserveClient = k8sKserveClient;
         this.useClusterInternalUrl = kserveDeployProperties.isUseClusterInternalUrl();
+        this.defaultAllowedDomains = huggingFaceProperties.getDefaultAllowedDomains();
     }
 
     @Override
@@ -228,6 +235,22 @@ protected String getServiceNameLabel() {
         return SERVICE_NAME_LABEL;
     }
 
+    @Override
+    protected List<String> getEffectiveDeploymentAllowedDomains(InferenceDeployment deployment) {
+        List<String> allowedDomains = super.getEffectiveDeploymentAllowedDomains(deployment);
+
+        if (!(deployment.getSource() instanceof InferenceDeploymentHuggingFaceSource)
+                || CollectionUtils.isEmpty(defaultAllowedDomains)) {
+            return allowedDomains;
+        }
+
+        return Stream.concat(
+                        allowedDomains.stream(),
+                        defaultAllowedDomains.stream())
+                .distinct()
+                .toList();
+    }
+
     private String getClusterInternalUrl(Components predictor, String serviceName) {
         var address = predictor.getAddress();
         if (address == null) {

src/main/resources/application.yml

@@ -30,6 +30,7 @@ app:
     base-url: ${HUGGINGFACE_BASE_URL:https://huggingface.co}
     api-token: ${HUGGINGFACE_API_TOKEN:}
     tag-cache-duration: ${HUGGINGFACE_TAG_CACHE_DURATION:24h}
+    default-allowed-domains: ${HUGGINGFACE_DEFAULT_ALLOWED_DOMAINS:huggingface.co,transfer.xethub.hf.co,cas-server.xethub.hf.co}
 
   mcp-registry:
     base-url: ${MCP_REGISTRY_BASE_URL:https://registry.modelcontextprotocol.io}

src/test/java/com/epam/aidial/deployment/manager/functional/config/FunctionalTestConfiguration.java

@@ -29,6 +29,7 @@
     "com.epam.aidial.deployment.manager.configuration",
     "com.epam.aidial.deployment.manager.dao",
     "com.epam.aidial.deployment.manager.docker",
+    "com.epam.aidial.deployment.manager.huggingface",
     "com.epam.aidial.deployment.manager.kubernetes",
     "com.epam.aidial.deployment.manager.mapper",
     "com.epam.aidial.deployment.manager.model",