Envoy update (#18)

* moving all yaml to default namespace

* adding new files

* small updates

* Update PoC to support Envoy best Practices

* moving llm-gw ext-proc port to 8081

* Update envoy to patch an HTTPRoute virtual host. Also adding the manifests to the top level Ext-Proc implementation

* Removing image ref so the most recent image is used

* Grammatical changes

Author: kfswain

examples/poc/README.md

@@ -17,29 +17,41 @@ This project sets up an Envoy gateway with a custom external processing which im
 ### Steps
 
 1. **Deploy Sample vLLM Application**
+
    NOTE: Create a HuggingFace API token and store it in a secret named `hf-token` with key `token`. This is configured in the `HUGGING_FACE_HUB_TOKEN` and `HF_TOKEN` environment variables in `./manifests/samples/vllm-lora-deployment.yaml`.
 
    ```bash
-   kubectl apply -f ./manifests/samples/vllm-lora-deployment.yaml
-   kubectl apply -f ./manifests/samples/vllm-lora-service.yaml
+   kubectl apply -f ./manifests/vllm/vllm-lora-deployment.yaml
+   kubectl apply -f ./manifests/vllm/vllm-lora-service.yaml
    ```
 
-2. **Install GatewayClass with Ext Proc**
-   A custom GatewayClass `llm-gateway` which is configured with the llm routing ext proc will be installed into the `llm-gateway` namespace. It's configured to listen on port 8081 for traffic through ext-proc (in addition to the default 8080), see the `EnvoyProxy` configuration in `installation.yaml`. When you create Gateways, make sure the `llm-gateway` GatewayClass is used.
+1. **Update Envoy Gateway Config to enable Patch Policy**
+
+   Our custom LLM Gateway ext-proc is patched into the existing envoy gateway via `EnvoyPatchPolicy`. To enable this feature, we must extend the Envoy Gateway config map. To do this, simply run:
+   ```bash
+   kubectl apply -f ./manifests/gateway/enable_patch_policy.yaml
+   kubectl rollout restart deployment envoy-gateway -n envoy-gateway-system
 
-   NOTE: Ensure the `llm-route-ext-proc` deployment is updated with the pod names and internal IP addresses of the vLLM replicas. This step is crucial for the correct routing of requests based on headers. This won't be needed once we make ext proc dynamically read the pods.
+   ```
+   Additionally, if you would like to enable the admin interface, you can uncomment the admin lines and run this again.
+
+
+1. **Deploy Gateway**
 
    ```bash
-   kubectl apply -f ./manifests/installation.yaml
+   kubectl apply -f ./manifests/gateway/gateway.yaml
    ```
 
-3. **Deploy Gateway**
+1. **Deploy Ext-Proc**
 
    ```bash
-   kubectl apply -f ./manifests/samples/gateway.yaml
+   kubectl apply -f ./manifests/gateway/ext_proc.yaml
+   kubectl apply -f ./manifests/gateway/patch_policy.yaml
    ```
+   **NOTE**: Ensure the `instance-gateway-ext-proc` deployment is updated with the pod names and internal IP addresses of the vLLM replicas. This step is crucial for the correct routing of requests based on headers. This won't be needed once we make ext proc dynamically read the pods.
+
+1. **Try it out**
 
-4. **Try it out**
    Wait until the gateway is ready.
 
    ```bash

examples/poc/manifests/gateway/enable_patch_policy.yaml

@@ -0,0 +1,26 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: envoy-gateway-config
+  namespace: envoy-gateway-system
+data:
+# This manifest's main purpose is to set `enabledEnvoyPatchPolicy` to `true`.
+# Any field under `admin` is optional, and only for enabling the admin endpoints, for debugging.
+# Admin Interface: https://www.envoyproxy.io/docs/envoy/latest/operations/admin
+# PatchPolicy docs: https://gateway.envoyproxy.io/docs/tasks/extensibility/envoy-patch-policy/#enable-envoypatchpolicy 
+  envoy-gateway.yaml: |
+    apiVersion: gateway.envoyproxy.io/v1alpha1
+    kind: EnvoyGateway
+    provider:
+      type: Kubernetes
+    gateway:
+      controllerName: gateway.envoyproxy.io/gatewayclass-controller
+    extensionApis:
+      enableEnvoyPatchPolicy: true      
+      enableBackend: true
+#    admin:
+#      enablePprof: true
+#      address:
+#        host: 127.0.0.1
+#        port: 19000
+#      enabledDumpConfig: true

examples/poc/manifests/gateway/ext_proc.yaml

@@ -0,0 +1,69 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: instance-gateway-ext-proc
+  namespace: default
+  labels:
+    app: instance-gateway-ext-proc
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: instance-gateway-ext-proc
+  template:
+    metadata:
+      labels:
+        app: instance-gateway-ext-proc
+    spec:
+      containers:
+      - name: instance-gateway-ext-proc
+        image: ghcr.io/tomatillo-and-multiverse/ext-proc:demo
+        args:
+        #TODO: specify label selector and dynamically update pods
+        - -pods
+        - "vllm-78665f78c4-h4kx4,vllm-78665f78c4-hnz84"
+        - -podIPs
+        - "10.24.11.6:8000,10.24.5.7:8000"
+        - -enable-fairness
+        - "false"
+        ports:
+        - containerPort: 9002
+      - name: curl
+        image: curlimages/curl
+        command: ["sleep", "3600"]
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: instance-gateway-ext-proc
+  namespace: default
+spec:
+  selector:
+    app: instance-gateway-ext-proc
+  ports:
+    - protocol: TCP
+      port: 9002
+      targetPort: 9002
+  type: ClusterIP
+---
+apiVersion: gateway.envoyproxy.io/v1alpha1
+kind: EnvoyExtensionPolicy
+metadata:
+  name: ext-proc-policy
+  namespace: default
+spec:
+  extProc:
+    - backendRefs:
+      - group: ""
+        kind: Service
+        name: instance-gateway-ext-proc
+        port: 9002
+      processingMode:
+        request:
+          body: Buffered
+        response:
+      messageTimeout: 5s
+  targetRef:
+    group: gateway.networking.k8s.io
+    kind: HTTPRoute
+    name: llm-route

examples/poc/manifests/gateway/gateway.yaml

@@ -0,0 +1,47 @@
+
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: Gateway
+metadata:
+  name: <GATEWAY-NAME>
+spec:
+  gatewayClassName: <GATEWAY-NAME>
+  listeners:
+    - name: http
+      protocol: HTTP
+      port: 8080
+    - name: llm-gw
+      protocol: HTTP
+      port: 8081
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: GatewayClass
+metadata:
+  name: <GATEWAY-NAME>
+spec:
+  controllerName: gateway.envoyproxy.io/gatewayclass-controller
+---
+apiVersion: gateway.envoyproxy.io/v1alpha1
+kind: Backend
+metadata:
+  name: backend-dummy
+spec:
+  endpoints:
+    - fqdn:
+        # Both these values are arbitrary and unused as the PatchPolicy redirects requests.
+        hostname: 'foo.bar.com'
+        port: 8080
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: llm-route
+spec:
+  parentRefs:
+    - name: inference-gateway
+      sectionName: llm-gw
+  rules:
+  - backendRefs:
+      - group: gateway.envoyproxy.io
+        kind: Backend
+        name: backend-dummy

examples/poc/manifests/gateway/patch_policy.yaml

@@ -0,0 +1,38 @@
+apiVersion: gateway.envoyproxy.io/v1alpha1
+kind: EnvoyPatchPolicy
+metadata:
+  name: custom-response-patch-policy
+  namespace: default
+spec:
+  targetRef:
+    group: gateway.networking.k8s.io
+    kind: Gateway
+    name: <GATEWAY-NAME>
+  type: JSONPatch
+  jsonPatches:
+    # Necessary to create a cluster of the type: ORIGINAL_DST to allow for 
+    # direct pod scheduling. Which is heavily utilized in our scheduling.
+    # Specifically the field `original_dst_lb_config` allows us to enable
+    # `use_http_header` and `http_header_name`. 
+    # Source: https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto
+    - type: "type.googleapis.com/envoy.config.cluster.v3.Cluster"
+      name: original_destination_cluster
+      operation:
+        op: add
+        path: ""
+        value:
+          name: original_destination_cluster
+          type: ORIGINAL_DST
+          original_dst_lb_config:
+            use_http_header: true
+            http_header_name: "target-pod"
+          connect_timeout: 6s
+          lb_policy: CLUSTER_PROVIDED
+          dns_lookup_family: V4_ONLY
+
+    - type: "type.googleapis.com/envoy.config.route.v3.RouteConfiguration"
+      name: default/<GATEWAY-NAME>/llm-gw
+      operation:
+        op: replace
+        path: "/virtual_hosts/1/routes/0/route/cluster"
+        value: original_destination_cluster