Enable forwarding Authorization header in InferenceGraphs

This will configure all `InferenceGraph` workloads to forward the standard HTTP `Authorization` header to the backing `InferenceServices`. The `Authorization` header is used to receive/send credentials and let ODH stack to validate access. By enabling forwarding of the `Authorization` header, we cover the case when there is an (some) auth-protected InferenceService(s) as part of an InferenceGraph. Access is fine-grained, so access to an InferenceGraph does not guarantee access to some InferenceService. The user needs to provide credentials to all resources (IGs and ISVC) that the request needs to go through. Since each workload validates credentials on its own, credentials need to be forwarded to all workloads of an InferenceGraph. Signed-off-by: Edgar Hernández <[email protected]>
opendatahub-io · Jan 16, 2025 · 4e4c18b · 4e4c18b
1 parent 3222f0e
commit 4e4c18b
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/config/overlays/odh/inferenceservice-config-patch.yaml b/config/overlays/odh/inferenceservice-config-patch.yaml
@@ -60,7 +60,12 @@ data:
         "memoryRequest": "100Mi",
         "memoryLimit": "1Gi",
         "cpuRequest": "100m",
-        "cpuLimit": "1"
+        "cpuLimit": "1",
+        "headers": {
+          "propagate": [
+            "Authorization"
+          ]
+        }
     }
   deploy: |-
     {