Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

kserve - add kserve-storage-controller, run strip #27550

Merged
merged 1 commit into from
Sep 5, 2024
Merged

kserve - add kserve-storage-controller, run strip #27550

merged 1 commit into from
Sep 5, 2024

Conversation

smoser
Copy link
Contributor

@smoser smoser commented Sep 4, 2024

based on
https://github.com/kserve/kserve/blob/master/python/storage-initializer.Dockerfile

Some notes:

  1. storage-initializer says it is <3.12, so we're using 3.11 here.

  2. we do not have python3.11 poetry, so a. let 'python3.11 -m pip' install poetry b. let that poetry to build a wheel c. install that wheel with 'python3.11 -m pip'

  3. This does use pip to install into the system path. There are lots of deps we already have that we could use, but for now let pip do it.

EyeCantCU
EyeCantCU reviewed Sep 4, 2024
View reviewed changes
kserve.yaml Outdated Show resolved Hide resolved
EyeCantCU
EyeCantCU previously approved these changes Sep 4, 2024
View reviewed changes
@EyeCantCU EyeCantCU dismissed their stale review September 4, 2024 19:31

aarch64 failed

@smoser
kserve - add kserve-storage-controller, run strip
072ae99 
based on
  https://github.com/kserve/kserve/blob/master/python/storage-initializer.Dockerfile

Some notes:
1. storage-initializer says it is <3.12, so we're using 3.11 here.

2. we do not have python3.11 poetry, so
   a. let 'python3.11 -m pip' install poetry
   b. let that poetry to build a wheel
   c. install that wheel with 'python3.11 -m pip'

3. This _does_ use pip to install into the system path.  There are lots
   of deps we already have that we could use, but for now let pip do it.
@smoser smoser force-pushed the feature/kserve-storage-controller branch from d849cf2 to 072ae99 Compare September 4, 2024 19:42
@smoser smoser marked this pull request as ready for review September 4, 2024 20:32
@smoser
Copy link
Contributor Author

smoser commented Sep 4, 2024

With regard to the CVE scan failures:

 🔎 Scanning "/tmp/artifacts-1/packages/x86_64/kserve-storage-controller-0.13.1-r2.apk"
├── 📄 /usr/lib/python3.11/site-packages/ray/_private/runtime_env/agent/thirdparty_files/aiohttp-3.9.3.dist-info/METADATA, 
       /usr/lib/python3.11/site-packages/ray/_private/runtime_env/agent/thirdparty_files/aiohttp-3.9.3.dist-info/RECORD, 
       /usr/lib/python3.11/site-packages/ray/_private/runtime_env/agent/thirdparty_files/aiohttp-3.9.3.dist-info/top_level.txt
│       📦 aiohttp 3.9.3 (python)
│           High CVE-2024-30251 GHSA-5m98-qgg9-wh84 fixed in 3.9.4
│           Medium CVE-2024-27306 GHSA-7gpw-8wmc-pm8g fixed in 3.9.4
│           Medium CVE-2024-42367 GHSA-jwhx-xcg6-8xhj fixed in 3.10.2
│
├── 📄 /usr/lib/python3.11/site-packages/ray/_private/runtime_env/agent/thirdparty_files/idna-3.6.dist-info/METADATA, 
       /usr/lib/python3.11/site-packages/ray/_private/runtime_env/agent/thirdparty_files/idna-3.6.dist-info/RECORD
│       📦 idna 3.6 (python)
│           Medium CVE-2024-3651 GHSA-jjg7-2v4v-x38h fixed in 3.7
│
└── 📄 /usr/lib/python3.11/site-packages/virtualenv/seed/wheels/embed/setuptools-68.0.0-py3-none-any.whl
        📦 setuptools 68.0.0 (python)
            High CVE-2024-6345 GHSA-cx63-2mw6-8hw5 fixed in 70.0.0
  1. Direct dependency 'ray' has a enbedded copy of aiohttp and idna. Installed version of ray is 2.10.0. Latest is 2.35.0. kserve pins ray[serve]<2.11.0,>=2.10.0"
  2. Indirect dependency virtualenv (kserve -> ray -> virtualenv) has a embedded copy of setuptools wheel

@EyeCantCU EyeCantCU merged commit dd1ecd7 into wolfi-dev:main Sep 5, 2024
8 of 9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@EyeCantCU EyeCantCU EyeCantCU approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@smoser @EyeCantCU