======================================== Cluster / Namespace Info ======================================== --- Current context --- admin --- Logged-in user --- system:admin --- Cluster domain --- apps.d231b65a-0ef0-4fdc-9f7f-3d0e95f504f6.prod.konfluxeaas.com DEPLOYMENT_NAMESPACE: opendatahub MAAS_SUBSCRIPTION_NAMESPACE: models-as-a-service AUTHORINO_NAMESPACE: kuadrant-system ======================================== MaaS API Deployment ======================================== --- maas-api pods --- NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES maas-api-5c87f7f96f-dmssh 0/1 CreateContainerConfigError 0 27m 10.134.0.46 ip-10-0-130-186.ec2.internal maas-api-7f4595bb66-9kzqf 0/1 CreateContainerConfigError 0 27m 10.134.0.44 ip-10-0-130-186.ec2.internal --- maas-api service --- NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR maas-api ClusterIP 172.31.20.199 8443/TCP 27m app.kubernetes.io/component=api,app.kubernetes.io/name=maas-api,app.kubernetes.io/part-of=models-as-a-service ======================================== maas-controller ======================================== --- maas-controller pods --- NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES maas-controller-67f5887d59-4c7xx 1/1 Running 0 27m 10.134.0.45 ip-10-0-130-186.ec2.internal --- maas-controller MAAS_API_NAMESPACE --- MAAS_API_NAMESPACE=metadata.namespace (resolves to: opendatahub) ======================================== Kuadrant Policies ======================================== --- AuthPolicies (all namespaces) --- NAMESPACE NAME ACCEPTED ENFORCED TARGETKIND TARGETNAME TARGETSECTION AGE llm maas-auth-facebook-opt-125m-simulated True True HTTPRoute facebook-opt-125m-simulated-kserve-route 6m34s llm maas-auth-premium-simulated-simulated-premium True True HTTPRoute premium-simulated-simulated-premium-kserve-route 6m22s opendatahub maas-api-auth-policy True True HTTPRoute maas-api-route 27m --- TokenRateLimitPolicies (all namespaces) --- NAMESPACE NAME ACCEPTED ENFORCED TARGETKIND TARGETNAME TARGETSECTION AGE llm maas-trlp-facebook-opt-125m-simulated True True HTTPRoute facebook-opt-125m-simulated-kserve-route 6m34s llm maas-trlp-premium-simulated-simulated-premium True True HTTPRoute premium-simulated-simulated-premium-kserve-route 6m22s ======================================== MaaS CRs ======================================== --- MaaSAuthPolicies --- NAME PHASE AGE AUTHPOLICIES premium-simulator-access Active 6m55s maas-auth-premium-simulated-simulated-premium simulator-access Active 6m55s maas-auth-facebook-opt-125m-simulated --- MaaSSubscriptions --- NAME PHASE PRIORITY AGE premium-simulator-subscription Active 20 6m56s simulator-subscription Active 10 6m56s --- MaaSSubscription status details --- premium-simulator-subscription: Active - successfully reconciled simulator-subscription: Active - successfully reconciled --- MaaSModelRefs (all namespaces) --- NAMESPACE NAME PHASE ENDPOINT HTTPROUTE GATEWAY AGE llm e2e-distinct-2-simulated Pending e2e-distinct-2-simulated-kserve-route maas-default-gateway 6m56s llm e2e-distinct-simulated Pending e2e-distinct-simulated-kserve-route maas-default-gateway 6m56s llm e2e-trlp-test-simulated Pending e2e-trlp-test-simulated-kserve-route maas-default-gateway 6m56s llm e2e-unconfigured-facebook-opt-125m-simulated Pending e2e-unconfigured-facebook-opt-125m-simulated-kserve-route maas-default-gateway 6m56s llm facebook-opt-125m-simulated Ready https://maas.apps.d231b65a-0ef0-4fdc-9f7f-3d0e95f504f6.prod.konfluxeaas.com/llm/facebook-opt-125m-simulated facebook-opt-125m-simulated-kserve-route maas-default-gateway 6m56s llm premium-simulated-simulated-premium Ready https://maas.apps.d231b65a-0ef0-4fdc-9f7f-3d0e95f504f6.prod.konfluxeaas.com/llm/premium-simulated-simulated-premium premium-simulated-simulated-premium-kserve-route maas-default-gateway 6m56s --- Tenants --- NAME READY REASON AGE default-tenant False PlatformReconcileFailed 27m --- Tenant status details --- default-tenant: False - apply: apply PodMonitor opendatahub/maas-api-metrics: podmonitors.monitoring.coreos.com "maas-api-metrics" is forbidden: User "system:serviceaccount:opendatahub:maas-controller" cannot patch resource "podmonitors" in API group "monitoring.coreos.com" in the namespace "opendatahub" ======================================== Test User Information ======================================== No test token available (not logged in via oc) ======================================== Subscription → Model Mapping ======================================== Subscription: premium-simulator-subscription Owner users: (none) Owner groups: premium-user Models: llm/premium-simulated-simulated-premium Subscription: simulator-subscription Owner users: (none) Owner groups: system:authenticated Models: llm/facebook-opt-125m-simulated ======================================== Available Models (MaaSModelRefs) ======================================== Model Reference → Model ID / Endpoint llm/e2e-distinct-2-simulated → e2e-distinct-2-simulated (Pending) llm/e2e-distinct-simulated → e2e-distinct-simulated (Pending) llm/e2e-trlp-test-simulated → e2e-trlp-test-simulated (Pending) llm/e2e-unconfigured-facebook-opt-125m-simulated → e2e-unconfigured-facebook-opt-125m-simulated (Pending) llm/facebook-opt-125m-simulated → facebook-opt-125m-simulated (Ready) Endpoint: https://maas.apps.d231b65a-0ef0-4fdc-9f7f-3d0e95f504f6.prod.konfluxeaas.com/llm/facebook-opt-125m-simulated llm/premium-simulated-simulated-premium → premium-simulated-simulated-premium (Ready) Endpoint: https://maas.apps.d231b65a-0ef0-4fdc-9f7f-3d0e95f504f6.prod.konfluxeaas.com/llm/premium-simulated-simulated-premium ======================================== Gateway / HTTPRoutes ======================================== --- Gateway --- NAME CLASS ADDRESS PROGRAMMED AGE maas-default-gateway openshift-default abebe1b0a3fc24aa1b4145fdc4737577-585375194.us-east-1.elb.amazonaws.com True 28m --- HTTPRoutes (maas-api) --- NAME HOSTNAMES AGE maas-api-route 27m ======================================== Authorino ======================================== --- Authorino pods --- --- ======================================== Subscription Selector Endpoint Validation ======================================== Expected URL (from maas-controller config): https://maas-api.opendatahub.svc.cluster.local:8443/internal/v1/subscriptions/select (MAAS_API_NAMESPACE resolved to: opendatahub) --- Sample AuthPolicy subscription-info configuration --- Inspecting: llm/maas-auth-facebook-opt-125m-simulated Actual URL in AuthPolicy: https://maas-api.opendatahub.svc.cluster.local:8443/internal/v1/subscriptions/select ✅ Request body includes requestedModel field Model reference: llm/facebook-opt-125m-simulated Request body preview: { "groups": (has(auth.metadata) && has(auth.metadata.apiKeyValidation)) ? auth.metadata.apiKeyValidation.groups : (has(auth.identity.groups) ? auth.identity.groups : auth.identity.user.groups), "username": (has(auth.metadata) && has(auth.metadata.apiKeyValidation)) ? auth.metadata.apiKeyValidation.username : (has(auth.identity.preferred_username) ? auth.identity.preferred_username : (has(auth.identity.sub) ? auth.identity.sub : auth.identity.user.username)), "requestedSubscription": (has(auth.metadata) && has(auth.metadata.apiKeyValidation)) ? auth.metadata.apiKeyValidation.subscription : ("x-maas-subscription" in request.headers ? request.headers["x-maas-subscription"] : ""), "requestedModel": "llm/facebook-opt-125m-simulated" --- Connectivity test (from kuadrant-system, simulates Authorino) --- curl -vsk -m 10 -X POST 'https://maas-api.opendatahub.svc.cluster.local:8443/internal/v1/subscriptions/select' -H 'Content-Type: application/json' -d '{}' kubectl run failed or timed out ======================================== DNS Resolution Check ======================================== Resolving: maas-api.opendatahub.svc.cluster.local nslookup failed ======================================== Configuration Summary ======================================== This summary helps compare local vs CI runs: MaaSModelRefs (all namespaces): 6 MaaSSubscriptions (models-as-a-service): 2 MaaSAuthPolicies (models-as-a-service): 2 Generated Kuadrant AuthPolicies: 2 Subscription selector URL: https://maas-api.opendatahub.svc.cluster.local:8443/internal/v1/subscriptions/select Test user: system:admin