feat: move to llsd for ca bundle and run.yaml config

Signed-off-by: Doug Edgar <dedgar@redhat.com>

Author: rhdedgar

README.md

@@ -94,14 +94,13 @@ spec:
 ```
 3. Verify the server pod is running in the user defined namespace.
 
-### Using a ConfigMap for run.yaml configuration
+### Using inline configuration
 
-A ConfigMap can be used to store run.yaml configuration for each LlamaStackDistribution.
-Updates to the ConfigMap will restart the Pod to load the new data.
+You can provide custom run.yaml configuration directly in the LlamaStackDistribution spec using the `userConfig.customConfig` field. The operator will automatically create and manage a ConfigMap containing this configuration.
 
-Example to create a run.yaml ConfigMap, and a LlamaStackDistribution that references it:
+Example to create a LlamaStackDistribution with a custom run.yaml configuration:
 ```
-kubectl apply -f config/samples/example-with-configmap.yaml
+kubectl apply -f config/samples/example-with-custom-config.yaml
 ```
 
 ## Developer Guide

api/v1alpha1/llamastackdistribution_types.go

@@ -2006,44 +2006,20 @@ spec:
                       server
                     properties:
                       caBundle:
-                        description: CABundle defines the CA bundle configuration
-                          for custom certificates
-                        properties:
-                          configMapKeys:
-                            description: |-
-                              ConfigMapKeys specifies multiple keys within the ConfigMap containing CA bundle data
-                              All certificates from these keys will be concatenated into a single CA bundle file
-                              If not specified, defaults to [DefaultCABundleKey]
-                            items:
-                              type: string
-                            maxItems: 50
-                            type: array
-                          configMapName:
-                            description: ConfigMapName is the name of the ConfigMap
-                              containing CA bundle certificates
-                            type: string
-                          configMapNamespace:
-                            description: ConfigMapNamespace is the namespace of the
-                              ConfigMap (defaults to the same namespace as the CR)
-                            type: string
-                        required:
-                        - configMapName
-                        type: object
+                        description: |-
+                          CABundle contains PEM-encoded CA bundle certificates as inline data
+                          The operator automatically creates and manages a ConfigMap for mounting into the llama-stack pod
+                        type: string
                     type: object
                   userConfig:
                     description: UserConfig defines the user configuration for the
                       llama-stack server
                     properties:
-                      configMapName:
-                        description: ConfigMapName is the name of the ConfigMap containing
-                          user configuration
-                        type: string
-                      configMapNamespace:
-                        description: ConfigMapNamespace is the namespace of the ConfigMap
-                          (defaults to the same namespace as the CR)
+                      customConfig:
+                        description: |-
+                          CustomConfig contains arbitrary text data that represents a user-provided run.yamlconfiguration file
+                          The operator automatically creates and manages a ConfigMap for mounting into the llama-stack pod
                         type: string
-                    required:
-                    - configMapName
                     type: object
                 required:
                 - distribution
@@ -2196,11 +2172,6 @@ spec:
         required:
         - spec
         type: object
-    selectableFields:
-    - jsonPath: .spec.server.userConfig.configMapName
-    - jsonPath: .spec.server.userConfig.configMapNamespace
-    - jsonPath: .spec.server.tlsConfig.caBundle.configMapName
-    - jsonPath: .spec.server.tlsConfig.caBundle.configMapNamespace
     served: true
     storage: true
     subresources:

api/v1alpha1/zz_generated.deepcopy.go

@@ -8,8 +8,11 @@ rules:
   - ""
   resources:
   - configmaps
+  - serviceaccounts
+  - services
   verbs:
   - create
+  - delete
   - get
   - list
   - patch
@@ -24,19 +27,6 @@ rules:
   - get
   - list
   - watch
-- apiGroups:
-  - ""
-  resources:
-  - serviceaccounts
-  - services
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
 - apiGroups:
   - apps
   resources:

config/crd/bases/llamastack.io_llamastackdistributions.yaml

@@ -1,31 +1,7 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: llama-stack-config
-data:
-  run.yaml: |
-    # Llama Stack Configuration
-    version: '2'
-    image_name: remote-vllm
-    apis:
-    - inference
-    providers:
-      inference:
-      - provider_id: vllm
-        provider_type: "remote::vllm"
-        config:
-          url: "https://vllm-server.vllm-dist.svc.cluster.local:8000/v1"
-    models:
-      - model_id: "meta-llama/Llama-3.2-1B-Instruct"
-        provider_id: vllm
-        model_type: llm
-    server:
-      port: 8321
----
 apiVersion: llamastack.io/v1alpha1
 kind: LlamaStackDistribution
 metadata:
-  name: llamastack-with-config
+  name: llamastack-with-ca-bundle
 spec:
   replicas: 1
   server:
@@ -41,13 +17,24 @@ spec:
       - name: VLLM_TLS_VERIFY
         value: "/etc/ssl/certs/ca-bundle.crt"
     userConfig:
-      configMapName: llama-stack-config
-      # configMapNamespace: ""  # Optional - defaults to the same namespace as the CR
+      customConfig: |
+        # Llama Stack Configuration
+        version: '2'
+        image_name: remote-vllm
+        apis:
+        - inference
+        providers:
+          inference:
+          - provider_id: vllm
+            provider_type: "remote::vllm"
+            config:
+              url: "https://vllm-server.vllm-dist.svc.cluster.local:8000/v1"
+        models:
+          - model_id: "meta-llama/Llama-3.2-1B-Instruct"
+            provider_id: vllm
+            model_type: llm
+        server:
+          port: 8321
     tlsConfig:
-      caBundle:
-        configMapName: custom-ca-bundle
-        # configMapNamespace: ""  # Optional - defaults to the same namespace as the CR
-        # configMapKeys not specified - defaults to ["ca-bundle.crt"]
-        # configMapKeys: # Specify multiple keys to concatenate into ca-bundle.crt
-        #   - ca-bundle1.crt
-        #   - ca-bundle2.crt
+      # caBundle must contain valid PEM formatted data
+      caBundle: "PLACEHOLDER_CA_BUNDLE"

config/rbac/role.yaml

@@ -0,0 +1,36 @@
+---
+apiVersion: llamastack.io/v1alpha1
+kind: LlamaStackDistribution
+metadata:
+  name: llamastack-with-custom-config
+spec:
+  replicas: 1
+  server:
+    distribution:
+      name: ollama
+    containerSpec:
+      port: 8321
+      env:
+      - name: INFERENCE_MODEL
+        value: "llama3.2:1b"
+      - name: OLLAMA_URL
+        value: "http://ollama-server-service.ollama-dist.svc.cluster.local:11434"
+    userConfig:
+      customConfig: |
+        # Llama Stack run.yaml Configuration
+        version: '2'
+        image_name: ollama
+        apis:
+        - inference
+        providers:
+          inference:
+          - provider_id: ollama
+            provider_type: "remote::ollama"
+            config:
+              url: "http://ollama-server-service.ollama-dist.svc.cluster.local:11434"
+        models:
+          - model_id: "llama3.2:1b"
+            provider_id: ollama
+            model_type: llm
+        server:
+          port: 8321

config/samples/example-with-ca-bundle.yaml

@@ -22,8 +22,8 @@ package controllers
 
 //+kubebuilder:rbac:groups="",resources=persistentvolumeclaims,verbs=get;list;watch;create
 
-// ConfigMap permissions - controller reads user configmaps and manages operator config configmaps
-//+kubebuilder:rbac:groups="",resources=configmaps,verbs=get;list;watch;create;update;patch
+// ConfigMap permissions - controller creates and manages operator-owned configmaps for CA bundles and user config
+//+kubebuilder:rbac:groups="",resources=configmaps,verbs=get;list;watch;create;update;patch;delete
 
 // NetworkPolicy permissions - controller creates and manages network policies
 //+kubebuilder:rbac:groups=networking.k8s.io,resources=networkpolicies,verbs=get;list;watch;create;update;patch;delete