From f0060edb09a9fa7775f7ea51cd8a56216894ae5e Mon Sep 17 00:00:00 2001 From: Murphy Chen Date: Tue, 23 Sep 2025 17:48:38 +0800 Subject: [PATCH 1/7] Adding a flag to control whether auth is added to the EPP metrics server --- cmd/epp/runner/runner.go | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/cmd/epp/runner/runner.go b/cmd/epp/runner/runner.go index 2842704bb..f82c6d974 100644 --- a/cmd/epp/runner/runner.go +++ b/cmd/epp/runner/runner.go @@ -36,6 +36,7 @@ import ( healthPb "google.golang.org/grpc/health/grpc_health_v1" "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apimachinery/pkg/types" + "k8s.io/client-go/rest" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/log" "sigs.k8s.io/controller-runtime/pkg/log/zap" @@ -77,6 +78,7 @@ var ( grpcPort = flag.Int("grpc-port", runserver.DefaultGrpcPort, "The gRPC port used for communicating with Envoy proxy") grpcHealthPort = flag.Int("grpc-health-port", runserver.DefaultGrpcHealthPort, "The port used for gRPC liveness and readiness probes") metricsPort = flag.Int("metrics-port", runserver.DefaultMetricsPort, "The metrics port") + metricsAuth = flag.Bool("metrics-auth", true, "Enables secure of EPP metrics endpoint") enablePprof = flag.Bool("enable-pprof", runserver.DefaultEnablePprof, "Enables pprof handlers. Defaults to true. Set to false to disable pprof handlers.") poolName = flag.String("pool-name", runserver.DefaultPoolName, "Name of the InferencePool this Endpoint Picker is associated with.") poolGroup = flag.String("pool-group", runserver.DefaultPoolGroup, "group of the InferencePool this Endpoint Picker is associated with.") @@ -184,8 +186,14 @@ func (r *Runner) Run(ctx context.Context) error { // - https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.19.1/pkg/metrics/server // - https://book.kubebuilder.io/reference/metrics.html metricsServerOptions := metricsserver.Options{ - BindAddress: fmt.Sprintf(":%d", *metricsPort), - FilterProvider: filters.WithAuthenticationAndAuthorization, + BindAddress: fmt.Sprintf(":%d", *metricsPort), + FilterProvider: func() func(c *rest.Config, httpClient *http.Client) (metricsserver.Filter, error) { + if *metricsAuth { + return filters.WithAuthenticationAndAuthorization + } + + return nil + }(), } // Determine pool namespace: if --pool-namespace is non-empty, use it; else NAMESPACE env var; else default From 9b4db3b53a545cd2553f8b10b150ebc9dc1ae198 Mon Sep 17 00:00:00 2001 From: Murphy Chen Date: Wed, 24 Sep 2025 00:26:13 +0800 Subject: [PATCH 2/7] Update cmd/epp/runner/runner.go Co-authored-by: Cong Liu --- cmd/epp/runner/runner.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/epp/runner/runner.go b/cmd/epp/runner/runner.go index f82c6d974..4a175b8cd 100644 --- a/cmd/epp/runner/runner.go +++ b/cmd/epp/runner/runner.go @@ -78,7 +78,7 @@ var ( grpcPort = flag.Int("grpc-port", runserver.DefaultGrpcPort, "The gRPC port used for communicating with Envoy proxy") grpcHealthPort = flag.Int("grpc-health-port", runserver.DefaultGrpcHealthPort, "The port used for gRPC liveness and readiness probes") metricsPort = flag.Int("metrics-port", runserver.DefaultMetricsPort, "The metrics port") - metricsAuth = flag.Bool("metrics-auth", true, "Enables secure of EPP metrics endpoint") + metricsEndpointAuth = flag.Bool("metrics-endpoint-auth", true, "Enables authentication and authorization of the metrics endpoint") enablePprof = flag.Bool("enable-pprof", runserver.DefaultEnablePprof, "Enables pprof handlers. Defaults to true. Set to false to disable pprof handlers.") poolName = flag.String("pool-name", runserver.DefaultPoolName, "Name of the InferencePool this Endpoint Picker is associated with.") poolGroup = flag.String("pool-group", runserver.DefaultPoolGroup, "group of the InferencePool this Endpoint Picker is associated with.") From cce635d2628fff0a9f760f3dc898125a993a4712 Mon Sep 17 00:00:00 2001 From: Murphy Chen Date: Wed, 24 Sep 2025 00:27:09 +0800 Subject: [PATCH 3/7] update --- cmd/epp/runner/runner.go | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/cmd/epp/runner/runner.go b/cmd/epp/runner/runner.go index 4a175b8cd..3f0c2e1e0 100644 --- a/cmd/epp/runner/runner.go +++ b/cmd/epp/runner/runner.go @@ -75,18 +75,18 @@ const ( ) var ( - grpcPort = flag.Int("grpc-port", runserver.DefaultGrpcPort, "The gRPC port used for communicating with Envoy proxy") - grpcHealthPort = flag.Int("grpc-health-port", runserver.DefaultGrpcHealthPort, "The port used for gRPC liveness and readiness probes") - metricsPort = flag.Int("metrics-port", runserver.DefaultMetricsPort, "The metrics port") - metricsEndpointAuth = flag.Bool("metrics-endpoint-auth", true, "Enables authentication and authorization of the metrics endpoint") - enablePprof = flag.Bool("enable-pprof", runserver.DefaultEnablePprof, "Enables pprof handlers. Defaults to true. Set to false to disable pprof handlers.") - poolName = flag.String("pool-name", runserver.DefaultPoolName, "Name of the InferencePool this Endpoint Picker is associated with.") - poolGroup = flag.String("pool-group", runserver.DefaultPoolGroup, "group of the InferencePool this Endpoint Picker is associated with.") - poolNamespace = flag.String("pool-namespace", "", "Namespace of the InferencePool this Endpoint Picker is associated with.") - logVerbosity = flag.Int("v", logging.DEFAULT, "number for the log level verbosity") - secureServing = flag.Bool("secure-serving", runserver.DefaultSecureServing, "Enables secure serving. Defaults to true.") - healthChecking = flag.Bool("health-checking", runserver.DefaultHealthChecking, "Enables health checking") - certPath = flag.String("cert-path", runserver.DefaultCertPath, "The path to the certificate for secure serving. The certificate and private key files "+ + grpcPort = flag.Int("grpc-port", runserver.DefaultGrpcPort, "The gRPC port used for communicating with Envoy proxy") + grpcHealthPort = flag.Int("grpc-health-port", runserver.DefaultGrpcHealthPort, "The port used for gRPC liveness and readiness probes") + metricsPort = flag.Int("metrics-port", runserver.DefaultMetricsPort, "The metrics port") + metricsEndpointAuth = flag.Bool("metrics-endpoint-auth", true, "Enables authentication and authorization of the metrics endpoint") + enablePprof = flag.Bool("enable-pprof", runserver.DefaultEnablePprof, "Enables pprof handlers. Defaults to true. Set to false to disable pprof handlers.") + poolName = flag.String("pool-name", runserver.DefaultPoolName, "Name of the InferencePool this Endpoint Picker is associated with.") + poolGroup = flag.String("pool-group", runserver.DefaultPoolGroup, "group of the InferencePool this Endpoint Picker is associated with.") + poolNamespace = flag.String("pool-namespace", "", "Namespace of the InferencePool this Endpoint Picker is associated with.") + logVerbosity = flag.Int("v", logging.DEFAULT, "number for the log level verbosity") + secureServing = flag.Bool("secure-serving", runserver.DefaultSecureServing, "Enables secure serving. Defaults to true.") + healthChecking = flag.Bool("health-checking", runserver.DefaultHealthChecking, "Enables health checking") + certPath = flag.String("cert-path", runserver.DefaultCertPath, "The path to the certificate for secure serving. The certificate and private key files "+ "are assumed to be named tls.crt and tls.key, respectively. If not set, and secureServing is enabled, "+ "then a self-signed certificate is used.") // metric flags @@ -188,7 +188,7 @@ func (r *Runner) Run(ctx context.Context) error { metricsServerOptions := metricsserver.Options{ BindAddress: fmt.Sprintf(":%d", *metricsPort), FilterProvider: func() func(c *rest.Config, httpClient *http.Client) (metricsserver.Filter, error) { - if *metricsAuth { + if *metricsEndpointAuth { return filters.WithAuthenticationAndAuthorization } From 503b050aacceae70ae652fd370bc9790b8689fab Mon Sep 17 00:00:00 2001 From: Murphy Chen Date: Wed, 24 Sep 2025 15:41:10 +0800 Subject: [PATCH 4/7] update chart --- .../templates/epp-deployment.yaml | 3 +++ .../templates/epp-sa-token-secret.yaml | 4 ++-- .../templates/epp-servicemonitor.yaml | 11 +++++++--- .../charts/inferencepool/templates/gke.yaml | 4 ++-- .../charts/inferencepool/templates/rbac.yaml | 2 +- config/charts/inferencepool/values.yaml | 21 ++++++++----------- 6 files changed, 25 insertions(+), 20 deletions(-) diff --git a/config/charts/inferencepool/templates/epp-deployment.yaml b/config/charts/inferencepool/templates/epp-deployment.yaml index f012c2e47..6083ffeec 100644 --- a/config/charts/inferencepool/templates/epp-deployment.yaml +++ b/config/charts/inferencepool/templates/epp-deployment.yaml @@ -62,6 +62,9 @@ spec: - "--{{ .name }}" - "{{ .value }}" {{- end }} + {{- if not .Values.inferenceExtension.serviceMonitor.auth.enabled }} + - --metrics-endpoint-auth=false + {{- end }} ports: - name: grpc containerPort: 9002 diff --git a/config/charts/inferencepool/templates/epp-sa-token-secret.yaml b/config/charts/inferencepool/templates/epp-sa-token-secret.yaml index df54b3475..838208dc1 100644 --- a/config/charts/inferencepool/templates/epp-sa-token-secret.yaml +++ b/config/charts/inferencepool/templates/epp-sa-token-secret.yaml @@ -1,8 +1,8 @@ -{{- if .Values.inferenceExtension.monitoring.prometheus.enabled }} +{{- if and .Values.inferenceExtension.serviceMonitor.enabled .Values.inferenceExtension.serviceMonitor.auth.enabled (ne (lower .Values.provider.name) "gke") }} apiVersion: v1 kind: Secret metadata: - name: {{ .Values.inferenceExtension.monitoring.secret.name }} + name: {{ .Values.inferenceExtension.serviceMonitor.auth.secretName }} namespace: {{ .Release.Namespace }} labels: {{- include "gateway-api-inference-extension.labels" . | nindent 4 }} diff --git a/config/charts/inferencepool/templates/epp-servicemonitor.yaml b/config/charts/inferencepool/templates/epp-servicemonitor.yaml index e4788ba83..90eddb1cd 100644 --- a/config/charts/inferencepool/templates/epp-servicemonitor.yaml +++ b/config/charts/inferencepool/templates/epp-servicemonitor.yaml @@ -1,4 +1,4 @@ -{{- if .Values.inferenceExtension.monitoring.prometheus.enabled }} +{{- if and .Values.inferenceExtension.serviceMonitor.enabled (ne (lower .Values.provider.name) "gke") }} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: @@ -6,15 +6,20 @@ metadata: namespace: {{ .Release.Namespace }} labels: {{- include "gateway-api-inference-extension.labels" . | nindent 4 }} + {{- with .Values.inferenceExtension.serviceMonitor.extraLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: endpoints: - - interval: {{ .Values.inferenceExtension.monitoring.interval }} + - interval: {{ .Values.inferenceExtension.serviceMonitor.interval }} port: "http-metrics" path: "/metrics" + {{- if .Values.inferenceExtension.serviceMonitor.auth.enabled }} authorization: credentials: key: token - name: {{ .Values.inferenceExtension.monitoring.secret.name }} + name: {{ .Values.inferenceExtension.serviceMonitor.auth.secretName }} + {{- end }} jobLabel: {{ include "gateway-api-inference-extension.name" . }} namespaceSelector: matchNames: diff --git a/config/charts/inferencepool/templates/gke.yaml b/config/charts/inferencepool/templates/gke.yaml index 77855c35a..f64d70b6c 100644 --- a/config/charts/inferencepool/templates/gke.yaml +++ b/config/charts/inferencepool/templates/gke.yaml @@ -40,7 +40,7 @@ spec: logging: enabled: true # log all requests by default --- -{{- if .Values.inferenceExtension.monitoring.gke.enabled }} +{{- if and .Values.inferenceExtension.serviceMonitor.enabled .Values.inferenceExtension.serviceMonitor.auth.enabled }} {{- $metricsReadSA := printf "%s-metrics-reader-sa" .Release.Name -}} {{- $metricsReadSecretName := printf "%s-metrics-reader-secret" .Release.Name -}} {{- $metricsReadRoleName := printf "%s-%s-metrics-reader" .Release.Namespace .Release.Name -}} @@ -83,7 +83,7 @@ spec: endpoints: - port: metrics scheme: http - interval: {{ .Values.inferenceExtension.monitoring.interval }} + interval: {{ .Values.inferenceExtension.serviceMonitor.interval }} path: /metrics authorization: type: Bearer diff --git a/config/charts/inferencepool/templates/rbac.yaml b/config/charts/inferencepool/templates/rbac.yaml index ebe68c3ea..0eb154fb9 100644 --- a/config/charts/inferencepool/templates/rbac.yaml +++ b/config/charts/inferencepool/templates/rbac.yaml @@ -17,7 +17,7 @@ rules: - subjectaccessreviews verbs: - create -{{- if .Values.inferenceExtension.monitoring.prometheus.enabled }} +{{- if .Values.inferenceExtension.serviceMonitor.enabled }} - nonResourceURLs: - "/metrics" verbs: diff --git a/config/charts/inferencepool/values.yaml b/config/charts/inferencepool/values.yaml index 91d6a48e6..97d35a100 100644 --- a/config/charts/inferencepool/values.yaml +++ b/config/charts/inferencepool/values.yaml @@ -40,19 +40,16 @@ inferenceExtension: tolerations: [] - # Monitoring configuration for EPP - monitoring: + # Prometheus ServiceMonitor will be created when enabled for EPP metrics collection + serviceMonitor: + enabled: true interval: "10s" - # Service account token secret for authentication - secret: - name: inference-gateway-sa-metrics-reader-secret - - # Prometheus ServiceMonitor will be created when enabled for EPP metrics collection - prometheus: - enabled: false - - gke: - enabled: false + auth: + enabled: true + # Service account token secret for authentication + secretName: inference-gateway-sa-metrics-reader-secret + # additional labels for the ServiceMonitor + extraLabels: {} inferencePool: targetPorts: From 4c67c4fa5c86c5849b6d26b5aabc234d5bcd99e1 Mon Sep 17 00:00:00 2001 From: Murphy Chen Date: Mon, 29 Sep 2025 21:35:23 +0800 Subject: [PATCH 5/7] apply reviewer's suggestion --- .../templates/epp-deployment.yaml | 2 +- .../templates/epp-sa-token-secret.yaml | 4 ++-- .../templates/epp-servicemonitor.yaml | 10 ++++----- .../charts/inferencepool/templates/gke.yaml | 4 ++-- .../charts/inferencepool/templates/rbac.yaml | 2 +- config/charts/inferencepool/values.yaml | 22 ++++++++++--------- 6 files changed, 23 insertions(+), 21 deletions(-) diff --git a/config/charts/inferencepool/templates/epp-deployment.yaml b/config/charts/inferencepool/templates/epp-deployment.yaml index 6083ffeec..c690539e3 100644 --- a/config/charts/inferencepool/templates/epp-deployment.yaml +++ b/config/charts/inferencepool/templates/epp-deployment.yaml @@ -62,7 +62,7 @@ spec: - "--{{ .name }}" - "{{ .value }}" {{- end }} - {{- if not .Values.inferenceExtension.serviceMonitor.auth.enabled }} + {{- if not .Values.inferenceExtension.monitoring.prometheus.enabled }} - --metrics-endpoint-auth=false {{- end }} ports: diff --git a/config/charts/inferencepool/templates/epp-sa-token-secret.yaml b/config/charts/inferencepool/templates/epp-sa-token-secret.yaml index 838208dc1..16d935f96 100644 --- a/config/charts/inferencepool/templates/epp-sa-token-secret.yaml +++ b/config/charts/inferencepool/templates/epp-sa-token-secret.yaml @@ -1,8 +1,8 @@ -{{- if and .Values.inferenceExtension.serviceMonitor.enabled .Values.inferenceExtension.serviceMonitor.auth.enabled (ne (lower .Values.provider.name) "gke") }} +{{- if and .Values.inferenceExtension.monitoring.prometheus.enabled .Values.inferenceExtension.monitoring.prometheus.auth.enabled (ne (lower .Values.provider.name) "gke") }} apiVersion: v1 kind: Secret metadata: - name: {{ .Values.inferenceExtension.serviceMonitor.auth.secretName }} + name: {{ .Values.inferenceExtension.monitoring.prometheus.auth.secretName }} namespace: {{ .Release.Namespace }} labels: {{- include "gateway-api-inference-extension.labels" . | nindent 4 }} diff --git a/config/charts/inferencepool/templates/epp-servicemonitor.yaml b/config/charts/inferencepool/templates/epp-servicemonitor.yaml index 90eddb1cd..15071340b 100644 --- a/config/charts/inferencepool/templates/epp-servicemonitor.yaml +++ b/config/charts/inferencepool/templates/epp-servicemonitor.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.inferenceExtension.serviceMonitor.enabled (ne (lower .Values.provider.name) "gke") }} +{{- if and .Values.inferenceExtension.monitoring.prometheus.enabled (ne (lower .Values.provider.name) "gke") }} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: @@ -6,19 +6,19 @@ metadata: namespace: {{ .Release.Namespace }} labels: {{- include "gateway-api-inference-extension.labels" . | nindent 4 }} - {{- with .Values.inferenceExtension.serviceMonitor.extraLabels }} + {{- with .Values.inferenceExtension.monitoring.prometheus.extraLabels }} {{- toYaml . | nindent 4 }} {{- end }} spec: endpoints: - - interval: {{ .Values.inferenceExtension.serviceMonitor.interval }} + - interval: {{ .Values.inferenceExtension.monitoring.prometheus.interval }} port: "http-metrics" path: "/metrics" - {{- if .Values.inferenceExtension.serviceMonitor.auth.enabled }} + {{- if .Values.inferenceExtension.monitoring.prometheus.auth.enabled }} authorization: credentials: key: token - name: {{ .Values.inferenceExtension.serviceMonitor.auth.secretName }} + name: {{ .Values.inferenceExtension.monitoring.prometheus.auth.secretName }} {{- end }} jobLabel: {{ include "gateway-api-inference-extension.name" . }} namespaceSelector: diff --git a/config/charts/inferencepool/templates/gke.yaml b/config/charts/inferencepool/templates/gke.yaml index f64d70b6c..f219a78b9 100644 --- a/config/charts/inferencepool/templates/gke.yaml +++ b/config/charts/inferencepool/templates/gke.yaml @@ -40,7 +40,7 @@ spec: logging: enabled: true # log all requests by default --- -{{- if and .Values.inferenceExtension.serviceMonitor.enabled .Values.inferenceExtension.serviceMonitor.auth.enabled }} +{{- if and .Values.inferenceExtension.monitoring.prometheus.enabled .Values.inferenceExtension.monitoring.prometheus.auth.enabled }} {{- $metricsReadSA := printf "%s-metrics-reader-sa" .Release.Name -}} {{- $metricsReadSecretName := printf "%s-metrics-reader-secret" .Release.Name -}} {{- $metricsReadRoleName := printf "%s-%s-metrics-reader" .Release.Namespace .Release.Name -}} @@ -83,7 +83,7 @@ spec: endpoints: - port: metrics scheme: http - interval: {{ .Values.inferenceExtension.serviceMonitor.interval }} + interval: {{ .Values.inferenceExtension.monitoring.prometheus.interval }} path: /metrics authorization: type: Bearer diff --git a/config/charts/inferencepool/templates/rbac.yaml b/config/charts/inferencepool/templates/rbac.yaml index 0eb154fb9..ebe68c3ea 100644 --- a/config/charts/inferencepool/templates/rbac.yaml +++ b/config/charts/inferencepool/templates/rbac.yaml @@ -17,7 +17,7 @@ rules: - subjectaccessreviews verbs: - create -{{- if .Values.inferenceExtension.serviceMonitor.enabled }} +{{- if .Values.inferenceExtension.monitoring.prometheus.enabled }} - nonResourceURLs: - "/metrics" verbs: diff --git a/config/charts/inferencepool/values.yaml b/config/charts/inferencepool/values.yaml index 97d35a100..4dbcd954f 100644 --- a/config/charts/inferencepool/values.yaml +++ b/config/charts/inferencepool/values.yaml @@ -40,16 +40,18 @@ inferenceExtension: tolerations: [] - # Prometheus ServiceMonitor will be created when enabled for EPP metrics collection - serviceMonitor: - enabled: true - interval: "10s" - auth: - enabled: true - # Service account token secret for authentication - secretName: inference-gateway-sa-metrics-reader-secret - # additional labels for the ServiceMonitor - extraLabels: {} + # Monitoring configuration for EPP + monitoring: + # Prometheus ServiceMonitor will be created when enabled for EPP metrics collection + prometheus: + enabled: false + interval: "10s" + auth: + enabled: true + # Service account token secret for authentication + secretName: inference-gateway-sa-metrics-reader-secret + # additional labels for the ServiceMonitor + extraLabels: {} inferencePool: targetPorts: From 3925675aeeb976697a256dcf0acf8c605bf3a61b Mon Sep 17 00:00:00 2001 From: Murphy Chen Date: Tue, 30 Sep 2025 09:52:27 +0800 Subject: [PATCH 6/7] rollback interval --- config/charts/inferencepool/templates/epp-servicemonitor.yaml | 2 +- config/charts/inferencepool/templates/gke.yaml | 2 +- config/charts/inferencepool/values.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/config/charts/inferencepool/templates/epp-servicemonitor.yaml b/config/charts/inferencepool/templates/epp-servicemonitor.yaml index 15071340b..220be76dc 100644 --- a/config/charts/inferencepool/templates/epp-servicemonitor.yaml +++ b/config/charts/inferencepool/templates/epp-servicemonitor.yaml @@ -11,7 +11,7 @@ metadata: {{- end }} spec: endpoints: - - interval: {{ .Values.inferenceExtension.monitoring.prometheus.interval }} + - interval: {{ .Values.inferenceExtension.monitoring.interval }} port: "http-metrics" path: "/metrics" {{- if .Values.inferenceExtension.monitoring.prometheus.auth.enabled }} diff --git a/config/charts/inferencepool/templates/gke.yaml b/config/charts/inferencepool/templates/gke.yaml index f219a78b9..2ee2e13fc 100644 --- a/config/charts/inferencepool/templates/gke.yaml +++ b/config/charts/inferencepool/templates/gke.yaml @@ -83,7 +83,7 @@ spec: endpoints: - port: metrics scheme: http - interval: {{ .Values.inferenceExtension.monitoring.prometheus.interval }} + interval: {{ .Values.inferenceExtension.monitoring.interval }} path: /metrics authorization: type: Bearer diff --git a/config/charts/inferencepool/values.yaml b/config/charts/inferencepool/values.yaml index 4dbcd954f..2103a5be1 100644 --- a/config/charts/inferencepool/values.yaml +++ b/config/charts/inferencepool/values.yaml @@ -42,10 +42,10 @@ inferenceExtension: # Monitoring configuration for EPP monitoring: + interval: "10s" # Prometheus ServiceMonitor will be created when enabled for EPP metrics collection prometheus: enabled: false - interval: "10s" auth: enabled: true # Service account token secret for authentication From 3a3cf79a85a3a3a69b453f0bfbe0bc93f26fa131 Mon Sep 17 00:00:00 2001 From: Murphy Chen Date: Tue, 30 Sep 2025 11:44:02 +0800 Subject: [PATCH 7/7] update --- config/charts/inferencepool/README.md | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/config/charts/inferencepool/README.md b/config/charts/inferencepool/README.md index 41fee834d..2e2d18903 100644 --- a/config/charts/inferencepool/README.md +++ b/config/charts/inferencepool/README.md @@ -137,14 +137,16 @@ inferenceExtension: monitoring: interval: "10s" prometheus: - enabled: true - secret: - name: inference-gateway-sa-metrics-reader-secret + enabled: false + auth: + enabled: true + secretName: inference-gateway-sa-metrics-reader-secret + extraLabels: {} ``` **Note:** Prometheus monitoring requires the Prometheus Operator and ServiceMonitor CRD to be installed in the cluster. -For GKE environments, monitoring is enabled by setting `provider.name` to `gke` and `inferenceExtension.monitoring.gke.enabled` to `true`. This will create the necessary `PodMonitoring` and RBAC resources for metrics collection. +For GKE environments, you need to set `provider.name` to `gke` firstly. This will create the necessary `PodMonitoring` and RBAC resources for metrics collection. If you are using a GKE Autopilot cluster, you also need to set `provider.gke.autopilot` to `true`. @@ -186,7 +188,6 @@ The following table list the configurable parameters of the chart. | `inferenceExtension.monitoring.interval` | Metrics scraping interval for monitoring. Defaults to `10s`. | | `inferenceExtension.monitoring.secret.name` | Name of the service account token secret for metrics authentication. Defaults to `inference-gateway-sa-metrics-reader-secret`. | | `inferenceExtension.monitoring.prometheus.enabled` | Enable Prometheus ServiceMonitor creation for EPP metrics collection. Defaults to `false`. | -| `inferenceExtension.monitoring.gke.enabled` | Enable GKE monitoring resources (`PodMonitoring` and RBAC). Defaults to `false`. | | `inferenceExtension.pluginsCustomConfig` | Custom config that is passed to EPP as inline yaml. | | `provider.name` | Name of the Inference Gateway implementation being used. Possible values: [`none`, `gke`, or `istio`]. Defaults to `none`. | | `provider.gke.autopilot` | Set to `true` if the cluster is a GKE Autopilot cluster. This is only used if `provider.name` is `gke`. Defaults to `false`. |