Contour Ingress for Distributed Model Serving

Question

Pulumi · Accepted Answer

To create a Contour Ingress for distributed model serving in a Kubernetes cluster using Pulumi, we will take advantage of the `Ingress` resource from the Kubernetes provider. Contour is an open-source Kubernetes ingress controller providing the control plane for the Envoy edge and service proxy.​ It uses an `Ingress` or `HTTPProxy` resource to manage external access to the services in a cluster.

Here's how you can achieve this with Pulumi in Python:

1. **Namespace**: We'll create a dedicated namespace for Contour.
2. **Contour Deployment**: We'll apply the YAML configurations for Contour, which includes the deployment and the associated service of type `LoadBalancer`.
3. **Ingress Resources**: Using Contour, we'll create an `Ingress` resource that maps the external requests to the appropriate services for the distributed model serving.

Let's break down the following Pulumi program that sets up Contour Ingress in a Kubernetes cluster:

```python
import pulumi
import pulumi_kubernetes as k8s

# Initialize a Pulumi Kubernetes provider (assumes kubectl is configured to your cluster).
k8s_provider = k8s.Provider('k8s-provider')

# Create a namespace for Contour.
contour_namespace = k8s.core.v1.Namespace('contour-namespace',
    metadata={'name': 'contour'},
    opts=pulumi.ResourceOptions(provider=k8s_provider))

# Apply the Contour deployment YAML.
# This YAML includes the necessary ConfigMaps, Deployments, and Services needed for Contour.
contour_yaml = k8s.yaml.ConfigFile('contour-yaml',
    file='https://projectcontour.io/quickstart/contour.yaml',
    opts=pulumi.ResourceOptions(provider=k8s_provider, depends_on=[contour_namespace]))

# Define the Ingress for model serving.
# Replace 'model-service-name' with the name of your model serving service
# and 'your-model-domain.com' with the domain where you want to serve the model.
model_serving_ingress = k8s.networking.v1.Ingress('model-serving-ingress',
    metadata={
        'name': 'model-serving',
        'namespace': contour_namespace.metadata['name'],
        'annotations': {
            # Use Contour Ingress class
            'kubernetes.io/ingress.class': 'contour',
            # Enable TLS termination if you have a certificate
            # 'kubernetes.io/tls-acme': 'true'
        }
    },
    spec={
        'rules': [{
            'host': 'your-model-domain.com',
            'http': {
                'paths': [{
                    'path': '/model',
                    'pathType': 'Prefix',  
                    'backend': {
                        'service': {
                            'name': 'model-service-name',
                            'port': {'number': 80},  # The port on which your model service is running
                        }
                    },
                }],
            },
        }],
        # Uncomment the following lines and replace with the correct `secretName` to enable TLS.
        # 'tls': [{
        #     'hosts': ['your-model-domain.com'],
        #     'secretName': 'your-tls-secret',
        # }],
    },
    opts=pulumi.ResourceOptions(provider=k8s_provider, depends_on=[contour_yaml]))

# Export the ingress' IP to access it from the internet.
pulumi.export('ingress_ip', model_serving_ingress.status['load_balancer']['ingress'][0]['ip'])
```

In the program above:

- We initialize a Kubernetes provider which is used to interact with your Kubernetes cluster.
- A dedicated namespace for Contour is created.
- We apply a standard Contour YAML from its quickstart guide. It's a common practice to use official YAML files provided by the application maintainers.
- We define an `Ingress` resource to expose the model serving application. The `host` is where you want to serve your model, and you'll need to configure DNS to point to the Ingress controller's IP. Also, specify the backend service name and its port.
- Annotations are added to the `Ingress` resource metadata to use Contour's ingress class and enable TLS termination if you have a TLS certificate.

Finally, we export the external IP address of the Ingress controller so you can access the model serving endpoint from the internet.

Remember to replace `model-service-name`, `your-model-domain.com`, and `your-tls-secret` placeholders with actual values corresponding to your setup.

Please replace the `https://projectcontour.io/quickstart/contour.yaml` with the actual URL of the Contour YAML configuration if it's different or you prefer a specific version.

Note that Contour can be installed via YAML files, as shown here, or using Helm. The choice depends on your preference or organizational practices for Kubernetes deployment management.

This program should give you a fully functioning Ingress controller using Contour on your Kubernetes cluster, ready to route external requests to your distributed model serving application.