forked from phoenix-oss/llama-stack-mirror
feat: Add Kubernetes authentication (#1778)
# What does this PR do?
This commit adds a new authentication system to the Llama Stack server
with support for Kubernetes and custom authentication providers. Key
changes include:
- Implemented KubernetesAuthProvider for validating Kubernetes service
account tokens
- Implemented CustomAuthProvider for validating tokens against external
endpoints - this is the same code that was already present.
- Added test for Kubernetes
- Updated server configuration to support authentication settings
- Added documentation for authentication configuration and usage
The authentication system supports:
- Bearer token validation
- Kubernetes service account token validation
- Custom authentication endpoints
## Test Plan
Setup a Kube cluster using Kind or Minikube.
Run a server with:
```
server:
port: 8321
auth:
provider_type: kubernetes
config:
api_server_url: http://url
ca_cert_path: path/to/cert (optional)
```
Run:
```
curl -s -L -H "Authorization: Bearer $(kubectl create token my-user)" http://127.0.0.1:8321/v1/providers
```
Or replace "my-user" with your service account.
Signed-off-by: Sébastien Han <seb@redhat.com>
This commit is contained in:
Sébastien Han
GitHub
parent
e6bbf8d20b
commit
79851d93aa
11 changed files with 886 additions and 154 deletions
|
|
@ -4,15 +4,18 @@ annotated-types==0.7.0
|
|||
anyio==4.8.0
|
||||
attrs==25.1.0
|
||||
blobfile==3.0.0
|
||||
cachetools==5.5.2
|
||||
certifi==2025.1.31
|
||||
charset-normalizer==3.4.1
|
||||
click==8.1.8
|
||||
colorama==0.4.6 ; sys_platform == 'win32'
|
||||
distro==1.9.0
|
||||
durationpy==0.9
|
||||
exceptiongroup==1.2.2 ; python_full_version < '3.11'
|
||||
filelock==3.17.0
|
||||
fire==0.7.0
|
||||
fsspec==2024.12.0
|
||||
google-auth==2.38.0
|
||||
h11==0.16.0
|
||||
httpcore==1.0.9
|
||||
httpx==0.28.1
|
||||
|
|
@ -22,18 +25,22 @@ jinja2==3.1.6
|
|||
jiter==0.8.2
|
||||
jsonschema==4.23.0
|
||||
jsonschema-specifications==2024.10.1
|
||||
kubernetes==32.0.1
|
||||
llama-stack-client==0.2.2
|
||||
lxml==5.3.1
|
||||
markdown-it-py==3.0.0
|
||||
markupsafe==3.0.2
|
||||
mdurl==0.1.2
|
||||
numpy==2.2.3
|
||||
oauthlib==3.2.2
|
||||
openai==1.71.0
|
||||
packaging==24.2
|
||||
pandas==2.2.3
|
||||
pillow==11.1.0
|
||||
prompt-toolkit==3.0.50
|
||||
pyaml==25.1.0
|
||||
pyasn1==0.6.1
|
||||
pyasn1-modules==0.4.2
|
||||
pycryptodomex==3.21.0
|
||||
pydantic==2.10.6
|
||||
pydantic-core==2.27.2
|
||||
|
|
@ -45,8 +52,10 @@ pyyaml==6.0.2
|
|||
referencing==0.36.2
|
||||
regex==2024.11.6
|
||||
requests==2.32.3
|
||||
requests-oauthlib==2.0.0
|
||||
rich==13.9.4
|
||||
rpds-py==0.22.3
|
||||
rsa==4.9
|
||||
setuptools==75.8.0
|
||||
six==1.17.0
|
||||
sniffio==1.3.1
|
||||
|
|
@ -57,3 +66,4 @@ typing-extensions==4.12.2
|
|||
tzdata==2025.1
|
||||
urllib3==2.3.0
|
||||
wcwidth==0.2.13
|
||||
websocket-client==1.8.0
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue