kubeflow · madmecodes · Oct 2, 2025 · Oct 2, 2025 · Oct 2, 2025 · Oct 2, 2025
diff --git a/.github/workflows/full_kubeflow_integration_test.yaml b/.github/workflows/full_kubeflow_integration_test.yaml
@@ -195,8 +195,7 @@ jobs:
       run: ./tests/katib_test.sh "${KF_PROFILE}"
 
     - name: Run KServe Test
-      run: |
-        ./tests/kserve_test.sh ${KF_PROFILE}
+      run: ./tests/kserve_test.sh ${KF_PROFILE}
 
     - name: Run Spark Test
       run: chmod u+x tests/*.sh && ./tests/spark_test.sh "${KF_PROFILE}"

diff --git a/.github/workflows/kserve_test.yaml b/.github/workflows/kserve_test.yaml
@@ -9,23 +9,20 @@ on:
     - tests/kserve/**
     - tests/kserve_test.sh
     - tests/kserve_install.sh
-    - tests/kserve_jwt_authentication_test.sh
     - common/istio*/**
     - common/oauth2-proxy/**
     - tests/oauth2-proxy_install.sh
     - common/cert-manager/**
     - tests/istio*
     - common/knative/**
     - tests/knative_install.sh
-    - tests/*authentication*test.sh
-    - tests/final_validation.sh
 
 permissions:
   contents: read
   actions: read
 
 jobs:
-  test-basic-kserve:
+  test-kserve:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout
@@ -72,165 +69,13 @@ jobs:
     - name: Port forward
       run: ./tests/port_forward_gateway.sh
 
-    - name: Run KServe tests
-      run: ./tests/kserve_test.sh kubeflow-user-example-com
-
-    - name: Detailed KServe Access Diagnostics
-      run: |
-        export KSERVE_INGRESS_HOST_PORT=localhost:8080
-        export KSERVE_M2M_TOKEN="$(kubectl -n kubeflow-user-example-com create token default-editor)"
-
-        echo "=== AuthorizationPolicy Details ==="
-        kubectl get authorizationpolicy -n kubeflow-user-example-com -o yaml
-
-        echo "=== Detailed Curl Test ==="
-        curl -vv \
-          -H "Host: isvc-sklearn.kubeflow-user-example-com.example.com" \
-          -H "Authorization: Bearer ${KSERVE_M2M_TOKEN}" \
-          -H "Content-Type: application/json" \
-          "http://${KSERVE_INGRESS_HOST_PORT}/v1/models/isvc-sklearn:predict" \
-          -d '{"instances": [[6.8, 2.8, 4.8, 1.4], [6.0, 3.4, 4.5, 1.6]]}'
-
-    - name: Run kserve models webapp test
-      run: |
-        kubectl wait --for=condition=Available --timeout=300s -n kubeflow deployment/kserve-models-web-app
-
-    - name: Apply Pod Security Standards restricted levels
-      run: ./tests/PSS_enable.sh
-
-  test-jwt-authentication:
-    runs-on: ubuntu-latest
-    steps:
-    - name: Checkout
-      uses: actions/checkout@v4
-
-    - name: Install KinD, Create KinD cluster and Install kustomize
-      run: ./tests/install_KinD_create_KinD_cluster_install_kustomize.sh
-
-    - name: Install kubectl
-      run: ./tests/kubectl_install.sh
-
-    - name: Create kubeflow namespace
-      run: kustomize build common/kubeflow-namespace/base | kubectl apply -f -
-
-    - name: Install Istio CNI
-      run: ./tests/istio-cni_install.sh
-
-    - name: Install oauth2-proxy
-      run: ./tests/oauth2-proxy_install.sh
-
-    - name: Install knative CNI with secure cluster-local-gateway
-      run: ./tests/knative_install.sh
-
-    - name: Verify secure cluster-local-gateway configuration
-      run: |
-        kubectl get authorizationpolicy,requestauthentication -n istio-system | grep cluster-local-gateway
-        kubectl get requestauthentication cluster-local-gateway-jwt -n istio-system -o yaml
-        kubectl get authorizationpolicy cluster-local-gateway -n istio-system -o yaml
-        kubectl get authorizationpolicy cluster-local-gateway-require-jwt -n istio-system -o yaml
-
-    - name: Setup python 3.12
-      uses: actions/setup-python@v4
-      with:
-        python-version: 3.12
-
-    - name: Port forward
-      run: ./tests/port_forward_gateway.sh
-
-    - name: Wait for cluster-local-gateway to be ready
+    - name: Wait for Istio configurations to propagate
       run: |
         kubectl wait --for=condition=Available --timeout=120s deployment/cluster-local-gateway -n istio-system
-        sleep 100
-
-    - name: Run Basic JWT Authentication Tests
-      run: |
-        export KSERVE_INGRESS_HOST_PORT=localhost:8080
-        curl -s -o /dev/null -w "%{http_code}" -H "Host: test.example.com" "http://localhost:8080/" | grep -q "403"
-
-    - name: Run Knative Service JWT Authentication Tests
-      run: |
-        export KSERVE_INGRESS_HOST_PORT=localhost:8080
-        ./tests/knative_authentication_test.sh
+        sleep 60
 
-    - name: Test External Access Configuration
-      run: |
-        export KSERVE_INGRESS_HOST_PORT=localhost:8080
-        ./tests/kserve_setup_external_access.sh kubeflow-user-example-com secure-model-predictor
-        # Test external access pattern
-        TOKEN=$(kubectl -n kubeflow-user-example-com create token default-editor)
-        RESPONSE=$(curl -s -o /dev/null -w "%{http_code}" \
-          -H "Authorization: Bearer $TOKEN" \
-          -H "Content-Type: application/json" \
-          "http://localhost:8080/kserve/kubeflow-user-example-com/secure-model-predictor/" \
-          2>/dev/null || echo "404")
-        if [ "$RESPONSE" != "404" ] && [ "$RESPONSE" != "200" ] && [ "$RESPONSE" != "503" ]; then
-          exit 1
-        fi
-
-    - name: Apply Pod Security Standards restricted levels
-      run: ./tests/PSS_enable.sh
-
-  test-secure-authentication:
-    runs-on: ubuntu-latest
-    steps:
-    - name: Checkout
-      uses: actions/checkout@v4
-
-    - name: Install KinD, Create KinD cluster and Install kustomize
-      run: ./tests/install_KinD_create_KinD_cluster_install_kustomize.sh
-
-    - name: Install kubectl
-      run: ./tests/kubectl_install.sh
-
-    - name: Create kubeflow namespace
-      run: kustomize build common/kubeflow-namespace/base | kubectl apply -f -
-
-    - name: Install Istio CNI
-      run: ./tests/istio-cni_install.sh
-
-    - name: Install oauth2-proxy
-      run: ./tests/oauth2-proxy_install.sh
-
-    - name: Install cert-manager
-      run: ./tests/cert_manager_install.sh
-
-    - name: Install knative CNI (with secure cluster-local-gateway)
-      run: ./tests/knative_install.sh
-
-    - name: Install KServe
-      run: ./tests/kserve_install.sh
-
-    - name: Install KF Multi Tenancy
-      run: ./tests/multi_tenancy_install.sh
-
-    - name: Install kubeflow-istio-resources
-      run: kustomize build common/istio/kubeflow-istio-resources/base | kubectl apply -f -
-
-    - name: Create KF Profile
-      run: ./tests/kubeflow_profile_install.sh
-
-    - name: Setup python 3.12
-      uses: actions/setup-python@v4
-      with:
-        python-version: 3.12
-
-    - name: Port forward
-      run: ./tests/port_forward_gateway.sh
-
-    - name: Verify JWT authentication policies are applied
-      run: |
-        kubectl get authorizationpolicy cluster-local-gateway-require-jwt -n istio-system
-        kubectl get requestauthentication cluster-local-gateway-jwt -n istio-system
-        kubectl get authorizationpolicy cluster-local-gateway -n istio-system
-        kubectl get deployment cluster-local-gateway -n istio-system
-        kubectl wait --for=condition=Available deployment/cluster-local-gateway -n istio-system --timeout=120s
-        kubectl get pods -n istio-system -l app=cluster-jwks-proxy | grep -q Running || kubectl get pods -n istio-system -l app=cluster-jwks-proxy
-
-    - name: Wait for configurations to propagate
-      run: sleep 60
-
-    - name: Run KServe secure authentication tests
-      run: ./tests/kserve_jwt_authentication_test.sh kubeflow-user-example-com
+    - name: Run KServe tests
+      run: ./tests/kserve_test.sh kubeflow-user-example-com
 
     - name: Apply Pod Security Standards restricted levels
       run: ./tests/PSS_enable.sh
diff --git a/tests/knative_authentication_test.sh b/tests/knative_authentication_test.sh