[CLI] Secure OSS secrets in cluster, fix engine port args, and add Qwen3.6 model#279
[CLI] Secure OSS secrets in cluster, fix engine port args, and add Qwen3.6 model#279Syspretor merged 6 commits intosgl-project:mainfrom
Conversation
|
Warning You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again! |
There was a problem hiding this comment.
Pull request overview
This PR improves the kubectl rbg llm CLI by hardening storage credential handling (moving OSS credentials into Kubernetes Secrets), ensuring engine plugins bind to the configured port, and expanding/reshaping the LLM command surface (svc/model subgroups + model config updates).
Changes:
- Add
PreAddhook for storage plugins and migrate OSS credentials from local config into Kubernetes Secrets (secretName/secretNamespacereferences). - Fix SGLang/vLLM engine arg generation so
--host 0.0.0.0 --port <configured>is always applied. - Restructure
llmcommands intollm svcandllm model, add a chat implementation, and update builtin model configurations (including Qwen3.6 + distributed mode name fixes).
Reviewed changes
Copilot reviewed 36 out of 43 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| cmd/cli/plugin/storage/interface.go | Adds PreAdd to storage plugin interface and sorts registered plugin names. |
| cmd/cli/plugin/storage/oss.go | Switches OSS config to secret references and adds Secret-creating PreAdd. |
| cmd/cli/plugin/storage/oss_test.go | Updates OSS tests for SecretRef-based config and adds PreAdd coverage. |
| cmd/cli/plugin/storage/pvc.go | Implements no-op PreAdd for PVC storage. |
| cmd/cli/plugin/engine/sglang.go | Adds explicit --host/--port args to SGLang server startup. |
| cmd/cli/plugin/engine/sglang_test.go | Asserts SGLang args include --host/--port. |
| cmd/cli/plugin/engine/vllm.go | Adds explicit --host/--port args to vLLM startup args (leader + worker). |
| cmd/cli/plugin/engine/vllm_test.go | Asserts vLLM args include --host/--port. |
| cmd/cli/plugin/engine/interface.go | Sorts registered engine plugin names. |
| cmd/cli/plugin/source/interface.go | Sorts registered source plugin names. |
| cmd/cli/cmd/llm/llm.go | Registers new svc and model command groups; wires config with ConfigFlags. |
| cmd/cli/cmd/llm/llm_test.go | Updates subcommand expectations to match new command grouping. |
| cmd/cli/cmd/llm/config/config.go | Updates config command constructor signature and wiring. |
| cmd/cli/cmd/llm/config/config_test.go | Updates tests for new config constructor signature. |
| cmd/cli/cmd/llm/config/storage.go | Calls storage PreAdd before persisting storage config. |
| cmd/cli/cmd/llm/config/storage_test.go | Updates tests for newAddStorageCmd(cf) signature. |
| cmd/cli/cmd/llm/config/misc.go | Adds sorted/masked config printing and calls PreAdd during interactive init. |
| cmd/cli/cmd/llm/config/misc_test.go | Updates init tests for new signature and new helper usage. |
| cmd/cli/cmd/llm/model/model.go | Introduces llm model command group. |
| cmd/cli/cmd/llm/model/list.go | Renames “models” command to model list subcommand. |
| cmd/cli/cmd/llm/model/list_test.go | Improves stdout assertions around model list printing. |
| cmd/cli/cmd/llm/model/pull.go | Updates command path text and uses shared sanitization; tweaks job polling cadence. |
| cmd/cli/cmd/llm/model/pull_test.go | Fixes shell escaping test helper behavior and package rename. |
| cmd/cli/cmd/llm/svc/svc.go | Introduces llm svc command group (run/list/delete/chat). |
| cmd/cli/cmd/llm/svc/run.go | Updates run command for new paths and shared helpers. |
| cmd/cli/cmd/llm/svc/run_test.go | Package rename + metadata import path update. |
| cmd/cli/cmd/llm/svc/list.go | Updates list command text/examples to llm svc list. |
| cmd/cli/cmd/llm/svc/list_test.go | Updates metadata import path and package rename. |
| cmd/cli/cmd/llm/svc/list_printer.go | Package rename to svc. |
| cmd/cli/cmd/llm/svc/delete.go | Updates delete command text/examples to llm svc delete. |
| cmd/cli/cmd/llm/svc/delete_test.go | Package rename and removes old llm-root subcommand coverage. |
| cmd/cli/cmd/llm/svc/metadata/metadata.go | Adds svc-scoped metadata constants/types. |
| cmd/cli/cmd/llm/svc/chat/chat.go | Implements llm svc chat behavior and updates metadata expectations. |
| cmd/cli/cmd/llm/svc/chat/client.go | Implements OpenAI-compatible chat HTTP client (streaming + non-streaming). |
| cmd/cli/cmd/llm/svc/chat/portforward.go | Adds kubectl port-forward session manager for chat. |
| cmd/cli/cmd/llm/svc/chat/chat_test.go | Adds comprehensive tests for chat client + basic REPL behaviors. |
| cmd/cli/cmd/llm/svc/run/models.yaml | Fixes distributed mode names/resources and adds Qwen/Qwen3.6-35B-A3B. |
| cmd/cli/cmd/llm/svc/run/model_embed.go | Embeds builtin models.yaml for runtime loading. |
| cmd/cli/cmd/llm/svc/run/model_config.go | Adds builtin+user model config loader with conflict warnings and lookup helpers. |
| cmd/cli/cmd/llm/svc/run/model_config_test.go | Adds tests for user model loading/override/duplicates. |
| cmd/cli/cmd/llm/shared/shared.go | Exports shared sanitization/printing helpers for new package structure. |
| cmd/cli/cmd/llm/shared/shared_test.go | Updates tests for exported shared helper names. |
| cmd/cli/README.md | Updates docs for new command grouping and usage examples. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
cheyang
left a comment
cheyang
left a comment
There was a problem hiding this comment.
Bug: StorageName uses storageType instead of the actual storage name in init
In newInitCmd() (misc.go line 263), PreAddOptions.StorageName is set to storageType (the plugin type like "oss"), but it should use the user-provided storage name name. This results in Secret names like oss-oss-secret instead of my-pvc-oss-secret.
Compare with add-storage where name is correctly used. The init flow already has the variable name available — it just needs to be passed instead of storageType.
Suggested fix:
StorageName: name, // instead of storageTypeBug: injectMetadataSave Case 2 missing {{DOWNLOADED_AT}} timestamp replacement
In injectMetadataSave() (model/pull.go), Case 1 (existing /bin/sh -c) correctly builds a metadataCmd that uses sed to replace the {{DOWNLOADED_AT}} placeholder with an actual timestamp. But Case 2 (direct binary execution) uses wrappedCmd which only does printf ... > file without sed replacement — so the metadata JSON will contain literal {{DOWNLOADED_AT}} string instead of the actual download timestamp.
The two cases should produce equivalent metadata. Case 2 should also include the downloadedAt=$(date -u ...) + sed replacement logic.
Suggestion: PreAdd should allow updating existing Secret on credential mismatch
Currently, when PreAdd finds an existing Secret with different credentials, it returns an error: "already exists with different credentials". This blocks credential rotation (AK key updates). Consider either:
- Updating the Secret when credentials differ (with a warning)
- Adding a
--force/--update-secretflag toadd-storageandinit
Nit: chat_test.go copyright year is 2025, rest of PR uses 2026
Minor inconsistency in cmd/cli/cmd/llm/svc/chat/chat_test.go header: Copyright 2025 vs Copyright 2026 everywhere else.
To streamline the |
PR Description
Summary
This PR includes three CLI improvements:
1. OSS Storage Credential Security Enhancement
PreAddplugin interface to automatically create Secret resources before adding a storage configurationakId/akSecret; instead they usesecretRefreferencescmd/cli/plugin/storage/interface.go,cmd/cli/plugin/storage/oss.go, and related tests2. Fix Engine Plugin Port Arguments Not Taking Effect
--host 0.0.0.0and--portstartup arguments to both SGLang and vLLM enginescmd/cli/plugin/engine/sglang.go,cmd/cli/plugin/engine/vllm.go, and tests3. New Model Support & Configuration Corrections
Qwen/Qwen3.6-35B-A3B(SGLang engine, 2 GPUs, 128Gi memory)distributed-tp2→distributed-sglangdistributed-vllm-tp→distributed-vllmdistributed-vllmGPU resources:2→1cmd/cli/cmd/llm/run/models.yamlChanged Files (15 files changed, +573 / -213)
cmd/cli/plugin/storage/interface.go,oss.go,pvc.go,oss_test.gocmd/cli/cmd/llm/config/config.go,config_test.go,storage.go,storage_test.gocmd/cli/cmd/llm/llm.go,pull.gocmd/cli/plugin/engine/sglang.go,sglang_test.go,vllm.go,vllm_test.gocmd/cli/cmd/llm/run/models.yamlAddition
a70130f — Flatten plugin config & improve config CLI
55229bd — Restructure CLI subcommands into resource groups