Initial commit

Author: kfswain

docs/proposals/1199-multitenant-api-proposal/README.md

@@ -0,0 +1,250 @@
+# Scheduling Subsystem Architecture
+
+Author(s): @kfswain, @ahg-g, @lukeavandrie
+## Proposal Status
+ ***Draft***
+
+## Summary
+Multiple docs have discussed the restructuring of the InferenceModel API. This [doc](https://docs.google.com/document/d/1x6aI9pbTF5oOsaEQYc9n4pBBY3_AuEY2X51VKxmBSnU/edit?tab=t.0#heading=h.towq7jyczzgo) proposes an InferenceSchedulingObjective CRD, and this [doc](https://docs.google.com/document/d/1G-CQ17CM4j1vNE3T6u9uP2q-m6jK14ANPCwTfJ2qLS4/edit?tab=t.0) builds upon the previous document to solidify the requirement for the new iteration of the InferenceModel API to continue to solve the identity problem. Both these documents were useful in continuing to gather feedback & iterate on a proper solution. 
+
+This proposal is intended to act as the plan of record for solution that will be implemented.
+
+## Implementation Phases
+
+### Phase 1 - Rename & Modify InferenceModel 
+Due to these facts:
+ - the Criticality field of InferenceModel is in use, & provides functionality 
+ - InferenceModel is an Alpha API
+ - InferenceModel is not depended upon by upstream or downstream components
+
+ Phase 1 will retain the Criticality functionality, but will rename the InferenceModel API as well as slimming down the spec.
+
+### Phase 2 - Introduce new Policy fields
+Phase 2 will happen over a longer period of time & slowly introduce new policies to the API, much of what is discussed in this proposal is keeping Phase 2 in mind. 
+Primarily phase 2 will introduce these policies:
+- Fairness
+- SLO 
+
+Due to the behavior added & required for these policies to function correctly, naming of the API must necessarily consider this second phase.
+
+## Design Principles
+
+### Goals
+- Reliable and predictable fairness allocation
+- Disconnect identity from policy-like objects where possible
+- Anonymous identity/defaults are graceful (fault-tolerant) & unsurprising
+- Scalable, simple, and reusable config
+- Retain the functionality of InferenceModel
+  - Traffic splitting models & modelName rewrite
+  - Criticality
+
+### Non-Goals
+- Addressing security concerns with the API, this is currently expected to either be:
+  - Entirely contained within a trusted system
+  - Or auth handled upstream
+- IGW implementing a custom auth mechanism
+
+
+## Definitions
+
+- **Tenant** (synonymous with: *Flow* or *Identity*) - In the context of Inference Gateway these names are synonymous. Kuberenetes chooses the term ***tenant*** as described [here](https://kubernetes.io/docs/concepts/security/multi-tenancy/#tenants).
+
+# Proposal
+
+Discussion of the problem(s) can be seen in the linked documents. Here we will describe the new API surface.
+
+## Phase 1
+
+### Naming
+This API solves 3 general pillars of problem, that can also be categorized into 2 areas:
+
+ - This API describes Resource Sharing (Criticality/Fairness)
+ - This API describes Identification (used in Fairness)
+ - This API describes Specific Request Policy (SLO)
+
+
+As such, the name of the API should convey these concepts well. The `Inference-` prefix will remain, as that is a succint & accepted term related to generative AI serving.
+
+The accompanying name should also convey some or all of the other pillars, some of the names that have been considered:
+
+- `Tenant`
+  - Pros:
+    - Resource Sharing is implicit due to evocation of the 'multitenancy' concept
+	- Identification is well understood from a term like Tenant
+  - Cons: 
+    - Due to the prevalance of the 'multitenancy' concept, the term of tenant may clash with a user-defined term of 'tenant' causing a confusing interaction
+	- Does not convey Specific Request Policy well
+
+- `Flow`
+  - Pros:
+    - A common networking term helpful in describing request traffic rate control 
+  - Cons:
+    - Doesnt well describe Identification or Resource Sharing
+
+- `Objectives` (preferred)
+  - Pros:
+    - Specific Request Policy is easily understood
+	- Resource Sharing is a natural fit
+  - Cons:
+    - Identity is not well conveyed
+
+
+### CRD spec
+
+This CRD definition is a slimmed version of InferenceModel with a name change. Example here:
+
+```golang
+type InferenceObjectives struct {
+  metav1.TypeMeta
+  metav1.ObjectMeta
+
+  Spec InferenceObjectivesSpec
+}
+
+type InferenceObjectivesSpec struct {
+  PoolRef InferenceObjectReference
+
+  Criticality *int
+}
+
+```
+
+### Other changes
+- The EPP will expose a flag to define the header key that will be used to assign InferenceObjectives to
+- The modelName rewrite functionality will be included into EPP as a core feature (also handled by header) 
+- Traffic splitting on model name will be pushed to HTTPRoute using the BBR tool to extract the modelName to the header
+
+## Phase 2
+
+### CRD spec
+```golang
+
+type InferenceObjectives struct {
+  metav1.TypeMeta
+  metav1.ObjectMeta
+
+  Spec InferenceObjectivesSpec
+}
+
+type InferenceObjectivesSpec struct {
+	// Scope: Identifier
+    ID string
+
+	// Scope: Pool binding
+    PoolRef InferenceObjectReference
+
+
+	// Scope: Policy Handles (the following are different options on how policy binding may look)
+
+	// Include core policies as a field of the object
+	Criticality *int
+	FairnessPolicy NotYetDefinedFairnessPolicy
+	SLOPolicy InferenceSLOPolicy
+
+	// or
+
+	// Create an array fields that can bind arbitrary policies (including the 'core' policies)
+	Policies []InferenceObjectReference
+
+	// or 
+
+	// one-of: (Where Policy class would contain all 'core' policies that can be configured.)
+	PolicyProfileRef InferenceObjectReference
+	PolicyProfile PolicyProfile
+}
+
+// PoolObjectReference identifies an API object within the namespace of the
+// referrer.
+type InferenceObjectReference struct {
+	// Group is the group of the referent.
+	//
+	// +optional
+	// +kubebuilder:default="inference.networking.x-k8s.io"
+	Group Group `json:"group,omitempty"`
+
+	// Kind is kind of the referent. For example "InferencePool".
+	//
+	// +optional
+	// +kubebuilder:default="InferencePool"
+	Kind Kind `json:"kind,omitempty"`
+
+	// Name is the name of the referent.
+	//
+	// +kubebuilder:validation:Required
+	Name ObjectName `json:"name"`
+}
+
+
+type PolicyProfile struct {
+	metav1.TypeMeta
+    metav1.ObjectMeta
+
+    Spec PolicyProfileSpec
+}
+
+type PolicyProfileSpec struct {
+	// this is a departure from InferenceModel that used string for criticality.
+	// We got quite a bit of feedback around allowing for custom criticality bands, so an int/enum is more flexible & carries inherent stack rank value.
+	Criticality *int
+	FairnessPolicy NotYetDefinedFairnessPolicy
+	SLOPolicy InferenceSLOPolicy
+}
+
+type InferenceCriticalityPolicy struct {
+    Criticality int32
+}
+```
+
+### Intent
+
+The purpose(s) of the `InferenceObjectives` is:
+- Create a strong concept of a tenant within the inference pool, used to associate groups of requests together for the purpose of Flow Clontrol - which can enforce:
+  - Fair resource sharing
+  - Inter-tenant prioritization
+  - SLO attainment
+- Create a handle with which to attach scheduling policies, allowing for heterogenous scheduling behavior across tenants 
+  - Such as the [InferenceSLOPolicy](https://docs.google.com/document/d/1j2KRAT68_FYxq1iVzG0xVL-DHQhGVUZBqiM22Hd_0hc/edit?resourcekey=0-5cSovS8QcRQNYXj0_kRMiw&tab=t.0#heading=h.emkaixupvf39).
+- Detach identification from the modelName field
+
+## Usage
+
+The InferenceObjectives API surface has 3 general scopes:
+- Identification
+- Pool Binding
+- Policy Handle
+
+### Pool Binding
+
+Tackling the simplest first; the single Pool Binding field `PoolRef` is simply to associate a given InferenceObjectives object with a pool. Meaning that InferenceObjectives with duplicate ID's across different pools are considered valid.
+
+### Identification
+**Note**: This ID field is proposed for Phase 2, & Phase 1 will use the kube name as the identifier in the short term. To make a smooth transition, the ID field would default to the kube name.
+
+The only field associated with identification is the `ID` field. A unique ID field was chosen (rather than using the metadata name), because:
+- We do not want to put the same restrictions on the string that is enfored on a kube resource name
+- The ID name may be duplicated across different pools
+- Use of a kube-generated name would force an upstream Auth mechanism to be aware of the `InferenceObjectives` API
+
+This ID can be any string; in the case of a MaaS platform, it may identify a customer via a one-way hashed JWT. Or for sharing an InferencePool between teams, it may be a team-id. 
+
+***Important***: In order to support a high volume of tenants, by default IGW will _allow_ unique IDs that do not have an explicit InferenceObjectives object defined. Instead the default for all policies will be used.
+
+#### Alternative consideration(s)
+- Expanding the PoolRef field to be plural was considered, however that was not selected to maintain simplicity. It is a decision that can be revisited in the future, however.
+
+### Policy Specification
+There are a few options with regards to how we handle policy binding. Some options that have been considered:
+
+- An `array` field on the `InferenceObjectives` which would contain `ObjectReferences`, allowing for binding of arbitrary policies
+  - Pros: highly flexible, allows user defined policy
+  - Cons: highly abstract & difficult to enforce meaningful defaults/limits on the policies allowed 
+- A one-of per policy field to either allow embedded configuration of a policy, or a reference to a policy
+  - Pros: flexibility of selection, reuse of policies
+  - Cons: reusability is only per policy, composite policy structure is still defined on the `InferenceObjectives`.
+- A `PolicyProfile` type object that can configure multiple policies together, and multiple `InferenceObjectives`s can reference
+  - Pros: Allows complex configuration to be reused
+  - Cons: Creates another CRD layer, potentially increasing complexity of the API surface
+
+The preferred path forward is a utilization of `PolicyProfile` that can be referenced, or directly configured in the embedded field on the `InferenceObjectives`.
+
+This allows for a tradeoff of clear configuration, or reuse of complex config.