LCORE-694: new configuration option

docs/config.html

@@ -261,6 +261,11 @@ <h2 id="action">Action</h2>
     <h2 id="authenticationconfiguration">AuthenticationConfiguration</h2>
     <p>Authentication configuration.</p>
     <table>
+      <colgroup>
+        <col style="width: 26%"/>
+        <col style="width: 23%"/>
+        <col style="width: 50%"/>
+      </colgroup>
       <thead>
         <tr class="header">
           <th>Field</th>
@@ -280,26 +285,31 @@ <h2 id="authenticationconfiguration">AuthenticationConfiguration</h2>
           <td/>
         </tr>
         <tr class="odd">
+          <td>skip_for_health_probes</td>
+          <td>boolean</td>
+          <td>Skip authorization for readiness and liveness probes</td>
+        </tr>
+        <tr class="even">
           <td>k8s_cluster_api</td>
           <td>string</td>
           <td/>
         </tr>
-        <tr class="even">
+        <tr class="odd">
           <td>k8s_ca_cert_path</td>
           <td>string</td>
           <td/>
         </tr>
-        <tr class="odd">
+        <tr class="even">
           <td>jwk_config</td>
           <td/>
           <td/>
         </tr>
-        <tr class="even">
+        <tr class="odd">
           <td>api_key_config</td>
           <td/>
           <td/>
         </tr>
-        <tr class="odd">
+        <tr class="even">
           <td>rh_identity_config</td>
           <td/>
           <td/>

docs/config.md

@@ -72,6 +72,7 @@ Authentication configuration.
 |-------|------|-------------|
 | module | string |  |
 | skip_tls_verification | boolean |  |
+| skip_for_health_probes | boolean | Skip authorization for readiness and liveness probes |
 | k8s_cluster_api | string |  |
 | k8s_ca_cert_path | string |  |
 | jwk_config |  |  |

docs/openapi.json

@@ -4891,6 +4891,12 @@
                         "title": "Skip Tls Verification",
                         "default": false
                     },
+                    "skip_for_health_probes": {
+                        "type": "boolean",
+                        "title": "Skip authentication for probes",
+                        "description": "Skip authentication for readiness and liveness probes",
+                        "default": false
+                    },
                     "k8s_cluster_api": {
                         "anyOf": [
                             {
@@ -8858,4 +8864,4 @@
             }
         }
     }
-}
+}

src/models/config.py

@@ -942,6 +942,13 @@ class AuthenticationConfiguration(ConfigurationBase):
 
     module: str = constants.DEFAULT_AUTHENTICATION_MODULE
     skip_tls_verification: bool = False
+
+    # LCORE-694: Config option to skip authorization for readiness and liveness probe
+    skip_for_health_probes: bool = Field(
+        False,
+        title="Skip authorization for probes",
+        description="Skip authorization for readiness and liveness probes",
+    )
     k8s_cluster_api: Optional[AnyHttpUrl] = None
     k8s_ca_cert_path: Optional[FilePath] = None
     jwk_config: Optional[JwkConfiguration] = None
@@ -1518,7 +1525,9 @@ class Configuration(ConfigurationBase):
     )
 
     authentication: AuthenticationConfiguration = Field(
-        default_factory=AuthenticationConfiguration,
+        default_factory=lambda: AuthenticationConfiguration(
+            skip_for_health_probes=False
+        ),
         title="Authentication configuration",
         description="Authentication configuration",
     )

tests/unit/models/config/test_authentication_configuration.py

@@ -32,12 +32,14 @@ def test_authentication_configuration() -> None:
     auth_config = AuthenticationConfiguration(
         module=AUTH_MOD_NOOP,
         skip_tls_verification=False,
+        skip_for_health_probes=False,
         k8s_ca_cert_path=None,
         k8s_cluster_api=None,
     )
     assert auth_config is not None
     assert auth_config.module == AUTH_MOD_NOOP
     assert auth_config.skip_tls_verification is False
+    assert auth_config.skip_for_health_probes is False
     assert auth_config.k8s_ca_cert_path is None
     assert auth_config.k8s_cluster_api is None
     assert auth_config.rh_identity_config is None
@@ -295,6 +297,36 @@ def test_authentication_configuration_in_config_noop() -> None:
     assert cfg.authentication.k8s_cluster_api is None
 
 
+def test_authentication_configuration_skip_readiness_probe() -> None:
+    """Test the authentication configuration in main config."""
+    # pylint: disable=no-member
+    cfg = Configuration(
+        name="test_name",
+        service=ServiceConfiguration(),
+        llama_stack=LlamaStackConfiguration(
+            use_as_library_client=True,
+            library_client_config_path="tests/configuration/run.yaml",
+        ),
+        user_data_collection=UserDataCollection(
+            feedback_enabled=False, feedback_storage=None
+        ),
+        mcp_servers=[],
+        authentication=AuthenticationConfiguration(
+            module=AUTH_MOD_K8S,
+            skip_tls_verification=True,
+            skip_for_health_probes=True,
+            k8s_ca_cert_path="tests/configuration/server.crt",
+            k8s_cluster_api=None,
+        ),
+    )
+    assert cfg.authentication is not None
+    assert cfg.authentication.module == AUTH_MOD_K8S
+    assert cfg.authentication.skip_tls_verification is True
+    assert cfg.authentication.skip_for_health_probes is True
+    assert cfg.authentication.k8s_ca_cert_path == Path("tests/configuration/server.crt")
+    assert cfg.authentication.k8s_cluster_api is None
+
+
 def test_authentication_configuration_in_config_k8s() -> None:
     """Test the authentication configuration in main config."""
     # pylint: disable=no-member

tests/unit/models/config/test_dump_configuration.py

@@ -152,6 +152,7 @@ def test_dump_configuration(tmp_path: Path) -> None:
             "authentication": {
                 "module": "noop",
                 "skip_tls_verification": False,
+                "skip_for_health_probes": False,
                 "k8s_ca_cert_path": None,
                 "k8s_cluster_api": None,
                 "jwk_config": None,
@@ -461,6 +462,7 @@ def test_dump_configuration_with_quota_limiters(tmp_path: Path) -> None:
             "authentication": {
                 "module": "noop",
                 "skip_tls_verification": False,
+                "skip_for_health_probes": False,
                 "k8s_ca_cert_path": None,
                 "k8s_cluster_api": None,
                 "jwk_config": None,
@@ -676,6 +678,7 @@ def test_dump_configuration_with_quota_limiters_different_values(
             "authentication": {
                 "module": "noop",
                 "skip_tls_verification": False,
+                "skip_for_health_probes": False,
                 "k8s_ca_cert_path": None,
                 "k8s_cluster_api": None,
                 "jwk_config": None,
@@ -871,6 +874,7 @@ def test_dump_configuration_byok(tmp_path: Path) -> None:
             "authentication": {
                 "module": "noop",
                 "skip_tls_verification": False,
+                "skip_for_health_probes": False,
                 "k8s_ca_cert_path": None,
                 "k8s_cluster_api": None,
                 "jwk_config": None,
@@ -1055,6 +1059,7 @@ def test_dump_configuration_pg_namespace(tmp_path: Path) -> None:
             "authentication": {
                 "module": "noop",
                 "skip_tls_verification": False,
+                "skip_for_health_probes": False,
                 "k8s_ca_cert_path": None,
                 "k8s_cluster_api": None,
                 "jwk_config": None,