feat: Moved the Routing Sidecar from its own repo to the inference-scheduler repo (#379)

* Moved prefill header definition to common import

Signed-off-by: Shmuel Kallner <kallner@il.ibm.com>

* Moved Routing Sidecar into this repo

Signed-off-by: Shmuel Kallner <kallner@il.ibm.com>

* Moved Routing Sidecar tests into this repo

Signed-off-by: Shmuel Kallner <kallner@il.ibm.com>

* Moved Routing Sidecar Dockerfile into this repo

Signed-off-by: Shmuel Kallner <kallner@il.ibm.com>

* Added Routing Sidecar to Makefile

Signed-off-by: Shmuel Kallner <kallner@il.ibm.com>

* Added Routing Sidecar to CI stream

Signed-off-by: Shmuel Kallner <kallner@il.ibm.com>

* Fixed lint error

Signed-off-by: Shmuel Kallner <kallner@il.ibm.com>

* Review fixes and added version info

Signed-off-by: Shmuel Kallner <kallner@il.ibm.com>

* Test Nixl V2 instead of the deleted Nixl V1

Signed-off-by: Shmuel Kallner <kallner@il.ibm.com>

* Fixed lint errors

Signed-off-by: Shmuel Kallner <kallner@il.ibm.com>

---------

Signed-off-by: Shmuel Kallner <kallner@il.ibm.com>

Author: shmuelk

.github/actions/docker-build-and-push/action.yml

@@ -1,6 +1,9 @@
 name: Docker Build - ghcr
 description: Build image using buildx
 inputs:
+  docker-file:
+    required: true
+    description: Dockerfile name
   image-name:
     required: true
     description: Image name
@@ -43,5 +46,5 @@ runs:
         docker buildx build \
           --platform linux/amd64,linux/arm64 \
           -t ${{ inputs.registry }}/${{ inputs.image-name }}:${{ inputs.tag }} \
-          ${LATEST_TAG} --push .
+          ${LATEST_TAG} -f ${{ inputs.docker-file }} --push .
       shell: bash

.github/workflows/ci-pr-checks.yaml

@@ -45,9 +45,9 @@ jobs:
       - name: Run make test
         shell: bash 
         run: |
-          make test
+          make test sidecar-test
 
       - name: Run make build
         shell: bash
         run: |
-          make build
+          make build sidecar-build

.github/workflows/ci-release.yaml

@@ -37,15 +37,26 @@ jobs:
           echo "prerelease=${PRE_RELEASE}" >> "$GITHUB_OUTPUT"
         shell: bash
 
-      - name: Build and push image
+      - name: Build and push EPP image
         uses: ./.github/actions/docker-build-and-push
         with:
+          docker-file: Dockerfile
           tag: ${{ steps.tag.outputs.tag }}
           image-name: ${{ steps.version.outputs.project_name }}
           registry: ghcr.io/llm-d
           github-token: ${{ secrets.GHCR_TOKEN }}
           prerelease: ${{ steps.tag.outputs.prerelease }}
 
+      - name: Build and push sidecar image
+        uses: ./.github/actions/docker-build-and-push
+        with:
+          docker-file: Dockerfile.sidecar
+          tag: ${{ steps.tag.outputs.tag }}
+          image-name: llm-d-routing-sidecar
+          registry: ghcr.io/llm-d
+          github-token: ${{ secrets.GHCR_TOKEN }}
+          prerelease: ${{ steps.tag.outputs.prerelease }}
+
       - name: Run Trivy scan
         uses: ./.github/actions/trivy-scan
         with:

Dockerfile.sidecar

@@ -0,0 +1,38 @@
+# Build Stage: using Go 1.25 image
+FROM quay.io/projectquay/golang:1.25 AS builder
+ARG TARGETOS
+ARG TARGETARCH
+ARG COMMIT_SHA=unknown
+ARG BUILD_REF
+
+WORKDIR /workspace
+# Copy the Go Modules manifests
+COPY go.mod go.mod
+COPY go.sum go.sum
+# cache deps before building and copying source so that we don't need to re-download as much
+# and so that source changes don't invalidate our downloaded layer
+RUN go mod download
+
+# Copy the go source
+COPY cmd/pd-sidecar/main.go cmd/cmd.go
+COPY pkg/sidecar pkg/sidecar
+COPY pkg/common pkg/common
+
+# Build
+# the GOARCH has not a default value to allow the binary be built according to the host where the command
+# was called. For example, if we call make image-build in a local env which has the Apple Silicon M1 SO
+# the docker BUILDPLATFORM arg will be linux/arm64 when for Apple x86 it will be linux/amd64. Therefore,
+# by leaving it empty we can ensure that the container and binary shipped on it will have the same platform.
+ENV CGO_ENABLED=0
+ENV GOOS=${TARGETOS:-linux}
+ENV GOARCH=${TARGETARCH}
+RUN go build -a -o bin/pd-sidecar \
+       -ldflags="-X github.com/llm-d/llm-d-inference-scheduler/pkg/sidecar/version.CommitSHA=${COMMIT_SHA} -X github.com/llm-d/llm-d-inference-scheduler/pkg/sidecar/version.BuildRef=${BUILD_REF}" \
+       cmd/cmd.go
+
+FROM registry.access.redhat.com/ubi9/ubi-micro:latest
+WORKDIR /
+COPY --from=builder /workspace/bin/pd-sidecar /app/pd-sidecar
+USER 65532:65532
+
+ENTRYPOINT ["/app/pd-sidecar"]

Makefile

@@ -7,10 +7,15 @@ SHELL := /usr/bin/env bash
 TARGETOS ?= $(shell go env GOOS)
 TARGETARCH ?= $(shell go env GOARCH)
 PROJECT_NAME ?= llm-d-inference-scheduler
+SIDECAR_IMAGE_NAME ?= llm-d-routing-sidecar
+SIDECAR_NAME ?= pd-sidecar
 IMAGE_REGISTRY ?= ghcr.io/llm-d
 IMAGE_TAG_BASE ?= $(IMAGE_REGISTRY)/$(PROJECT_NAME)
 EPP_TAG ?= dev
 IMG = $(IMAGE_TAG_BASE):$(EPP_TAG)
+SIDECAR_TAG ?= dev
+SIDECAR_IMAGE_TAG_BASE ?= ghcr.io/llm-d/$(SIDECAR_IMAGE_NAME)
+SIDECAR_IMG = $(SIDECAR_IMAGE_TAG_BASE):$(SIDECAR_TAG)
 NAMESPACE ?= hc4ai-operator
 
 # Map go arch to typos arch
@@ -103,6 +108,14 @@ post-deploy-test: ## Run post deployment tests
 	echo Success!
 	@echo "Post-deployment tests passed."
 
+.PHONY: sidecar-test
+sidecar-test: sidecar-test-unit ## Run Sidecar tests
+
+.PHONY: sidecar-test-unit
+sidecar-test-unit: ## Run Sidecar unit tests
+	@printf "\033[33;1m==== Running tests ====\033[0m\n"
+	go test -v $$(echo $$(go list ./pkg/sidecar/...)) -ginkgo.v
+
 .PHONY: lint
 lint: check-golangci-lint check-typos ## Run lint
 	@printf "\033[33;1m==== Running linting ====\033[0m\n"
@@ -116,6 +129,11 @@ build: check-go install-dependencies download-tokenizer ## Build the project
 	@printf "\033[33;1m==== Building ====\033[0m\n"
 	go build -ldflags="$(LDFLAGS)" -o bin/epp cmd/epp/main.go
 
+.PHONY: sidecar-build
+sidecar-build: check-go ## Build the Sidecar
+	@printf "\033[33;1m==== Building the Sidecar ====\033[0m\n"
+	go build -o bin/$(SIDECAR_NAME) cmd/$(SIDECAR_NAME)/main.go
+
 ##@ Container Build/Push
 
 .PHONY:	image-build
@@ -134,6 +152,21 @@ image-push: check-container-tool ## Push Docker image $(IMG) to registry
 	@printf "\033[33;1m==== Pushing Docker image $(IMG) ====\033[0m\n"
 	$(CONTAINER_TOOL) push $(IMG)
 
+.PHONY: sidecar-image-build
+sidecar-image-build: check-container-tool ## Build Sidecar Docker image ## Build Sidecar Docker image using $(CONTAINER_TOOL)
+	@printf "\033[33;1m==== Building Sidecar Docker image $(SIDECAR_IMG) ====\033[0m\n"
+	$(CONTAINER_TOOL) build \
+		--build-arg TARGETOS=linux \
+		--build-arg TARGETARCH=$(TARGETARCH) \
+		--build-arg COMMIT_SHA=${GIT_COMMIT_SHA} \
+		--build-arg BUILD_REF=${BUILD_REF} \
+		-t $(SIDECAR_IMG) -f Dockerfile.sidecar .
+
+.PHONY: sidecar-image-push
+sidecar-image-push: check-container-tool load-version-json ## Push Sidecar Docker image $(SIDECAR_IMG) to registry
+	@printf "\033[33;1m==== Pushing Sidecar Docker image $(SIDECAR_IMG) ====\033[0m\n"
+	$(CONTAINER_TOOL) push $(SIDECAR_IMG)
+
 ##@ Install/Uninstall Targets
 
 # Default install/uninstall (Docker)

cmd/pd-sidecar/main.go

@@ -0,0 +1,108 @@
+/*
+Copyright 2025 The llm-d Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+package main
+
+import (
+	"flag"
+	"net/url"
+	"os"
+
+	"k8s.io/klog/v2"
+	ctrl "sigs.k8s.io/controller-runtime"
+
+	"github.com/llm-d/llm-d-inference-scheduler/pkg/sidecar/proxy"
+	"github.com/llm-d/llm-d-inference-scheduler/pkg/sidecar/version"
+)
+
+func main() {
+	port := flag.String("port", "8000", "the port the sidecar is listening on")
+	vLLMPort := flag.String("vllm-port", "8001", "the port vLLM is listening on")
+	connector := flag.String("connector", "nixlv2", "the P/D connector being used. Either nixl, nixlv2 or lmcache")
+	prefillerUseTLS := flag.Bool("prefiller-use-tls", false, "whether to use TLS when sending requests to prefillers")
+	decoderUseTLS := flag.Bool("decoder-use-tls", false, "whether to use TLS when sending requests to the decoder")
+	prefillerInsecureSkipVerify := flag.Bool("prefiller-tls-insecure-skip-verify", false, "configures the proxy to skip TLS verification for requests to prefiller")
+	decoderInsecureSkipVerify := flag.Bool("decoder-tls-insecure-skip-verify", false, "configures the proxy to skip TLS verification for requests to decoder")
+	secureProxy := flag.Bool("secure-proxy", true, "Enables secure proxy. Defaults to true.")
+	certPath := flag.String(
+		"cert-path", "", "The path to the certificate for secure proxy. The certificate and private key files "+
+			"are assumed to be named tls.crt and tls.key, respectively. If not set, and secureProxy is enabled, "+
+			"then a self-signed certificate is used (for testing).")
+	enableSSRFProtection := flag.Bool("enable-ssrf-protection", false, "enable SSRF protection using InferencePool allowlisting")
+	inferencePoolNamespace := flag.String("inference-pool-namespace", os.Getenv("INFERENCE_POOL_NAMESPACE"), "the Kubernetes namespace to watch for InferencePool resources (defaults to INFERENCE_POOL_NAMESPACE env var)")
+	inferencePoolName := flag.String("inference-pool-name", os.Getenv("INFERENCE_POOL_NAME"), "the specific InferencePool name to watch (defaults to INFERENCE_POOL_NAME env var)")
+
+	klog.InitFlags(nil)
+	flag.Parse()
+
+	// make sure to flush logs before exiting
+	defer klog.Flush()
+
+	ctx := ctrl.SetupSignalHandler()
+	logger := klog.FromContext(ctx)
+
+	logger.Info("Proxy starting", "Built on", version.BuildRef, "From Git SHA", version.CommitSHA)
+
+	if *connector != proxy.ConnectorNIXLV2 && *connector != proxy.ConnectorLMCache {
+		logger.Info("Error: --connector must either be 'nixlv2' or 'lmcache'")
+		return
+	}
+	logger.Info("p/d connector validated", "connector", connector)
+
+	// Determine namespace and pool name for SSRF protection
+	if *enableSSRFProtection {
+		if *inferencePoolNamespace == "" {
+			logger.Info("Error: --inference-pool-namespace or INFERENCE_POOL_NAMESPACE environment variable is required when --enable-ssrf-protection is true")
+			return
+		}
+		if *inferencePoolName == "" {
+			logger.Info("Error: --inference-pool-name or INFERENCE_POOL_NAME environment variable is required when --enable-ssrf-protection is true")
+			return
+		}
+
+		logger.Info("SSRF protection enabled", "namespace", inferencePoolNamespace, "poolName", inferencePoolName)
+	}
+
+	// start reverse proxy HTTP server
+	scheme := "http"
+	if *decoderUseTLS {
+		scheme = "https"
+	}
+	targetURL, err := url.Parse(scheme + "://localhost:" + *vLLMPort)
+	if err != nil {
+		logger.Error(err, "failed to create targetURL")
+		return
+	}
+
+	config := proxy.Config{
+		Connector:                   *connector,
+		PrefillerUseTLS:             *prefillerUseTLS,
+		SecureProxy:                 *secureProxy,
+		CertPath:                    *certPath,
+		PrefillerInsecureSkipVerify: *prefillerInsecureSkipVerify,
+		DecoderInsecureSkipVerify:   *decoderInsecureSkipVerify,
+		EnableSSRFProtection:        *enableSSRFProtection,
+		InferencePoolNamespace:      *inferencePoolNamespace,
+		InferencePoolName:           *inferencePoolName,
+	}
+
+	proxy, err := proxy.NewProxy(*port, targetURL, config)
+	if err != nil {
+		logger.Error(err, "Failed to create proxy")
+	}
+	if err := proxy.Start(ctx); err != nil {
+		logger.Error(err, "failed to start proxy server")
+	}
+}

pkg/common/common.go

@@ -0,0 +1,8 @@
+// Package common contains items common to both the
+// EPP/Inference-Scheduler and the Routing Sidecar
+package common
+
+const (
+	// PrefillPodHeader is the header name used to indicate Prefill worker <ip:port>
+	PrefillPodHeader = "x-prefiller-host-port"
+)

pkg/plugins/pre-request/pd_prerequest.go

@@ -11,13 +11,13 @@ import (
 	"sigs.k8s.io/gateway-api-inference-extension/pkg/epp/plugins"
 	"sigs.k8s.io/gateway-api-inference-extension/pkg/epp/requestcontrol"
 	"sigs.k8s.io/gateway-api-inference-extension/pkg/epp/scheduling/types"
+
+	"github.com/llm-d/llm-d-inference-scheduler/pkg/common"
 )
 
 const (
 	// PrefillHeaderHandlerType is the type of the PrefillHeaderHandler
 	PrefillHeaderHandlerType = "prefill-header-handler"
-	// prefillPodHeader is the header name used to indicate Prefill worker <ip:port>
-	prefillPodHeader = "x-prefiller-host-port"
 
 	defaultPrefillProfile = "prefill"
 )
@@ -69,8 +69,8 @@ func (p *PrefillHeaderHandler) WithName(name string) *PrefillHeaderHandler {
 
 // PreRequest wires prefill SchedulerProfile result into a header to indicate prefill worker
 func (p *PrefillHeaderHandler) PreRequest(_ context.Context, request *types.LLMRequest, schedulingResult *types.SchedulingResult, targetPort int) {
-	if _, found := request.Headers[prefillPodHeader]; found {
-		request.Headers[prefillPodHeader] = "" // clear header, if already set
+	if _, found := request.Headers[common.PrefillPodHeader]; found {
+		request.Headers[common.PrefillPodHeader] = "" // clear header, if already set
 	}
 
 	prefillProfileRunResult, exists := schedulingResult.ProfileResults[p.prefillProfile]
@@ -79,5 +79,5 @@ func (p *PrefillHeaderHandler) PreRequest(_ context.Context, request *types.LLMR
 	}
 
 	prefillHostPort := net.JoinHostPort(prefillProfileRunResult.TargetPods[0].GetPod().Address, strconv.Itoa(targetPort))
-	request.Headers[prefillPodHeader] = prefillHostPort // in the form of <ip:port>
+	request.Headers[common.PrefillPodHeader] = prefillHostPort // in the form of <ip:port>
 }