Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

updates #114

Merged
merged 17 commits into from
Nov 7, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions .wordlist-md
Original file line number Diff line number Diff line change
Expand Up @@ -151,6 +151,7 @@ httpErrorCodePages
https
iam
IAM
ide
idp
IgnoreExtraneous
igor
Expand Down Expand Up @@ -321,6 +322,8 @@ RollingUpdate
Rollout
rolloutStrategy
rpardini
rstudio
RStudio
runtime
sagemaker
Sagemaker
Expand Down
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

namespace: custom-notebooks

commonAnnotations:
opendatahub.io/notebook-image-creator: ai-catalog

Expand All @@ -12,12 +14,8 @@ labels:
# note: byon = bring your own notebook?
app.kubernetes.io/created-by: byon

namespace: custom-notebooks

resources:
- ./code-server
- ./lightgbm
- ./opencv
- ./rstudio
- namespace.yaml
- namespace-rb.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,8 @@ spec:
type: Git
git:
uri: https://github.com/redhat-na-ssa/demo-ai-gitops-catalog.git
contextDir: components/app-configs/custom-notebook-images/base/opencv
ref: main
contextDir: components/app-configs/rhoai-custom-images/base/opencv
strategy:
type: Docker
dockerStrategy:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,8 @@ metadata:
CUDA, TensorFlow, OpenCV, mesa-libGL, Graphviz for Computer Vision
opendatahub.io/notebook-image-name: 'OpenCV'
opendatahub.io/notebook-image-order: '10'
opendatahub.io/notebook-image-url: >-
https://github.com/redhat-na-ssa/demo-ai-gitops-catalog
opendatahub.io/notebook-image-url: https://github.com/redhat-na-ssa/demo-ai-gitops-catalog
opendatahub.io/recommended-accelerators: '["nvidia.com/gpu"]'
name: opencv-notebook
labels:
# note: the following label allows the notebook to show up in the dashboard
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1alpha1
kind: Component

resources:
- namespace.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,4 +3,4 @@ kind: Namespace
metadata:
name: custom-notebooks
annotations:
openshift.io/display-name: Custom Jupyter Notebooks
openshift.io/display-name: Custom Notebook Images
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1alpha1
kind: Component

resources:
- rb-notebooks.yaml
- rb-ods-apps.yaml
Original file line number Diff line number Diff line change
@@ -1,17 +1,4 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: custom-notebooks-admin
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: admin
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: Group
name: workshop-admins
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: custom-notebooks-pusher
namespace: redhat-ods-applications
subjects:
- kind: ServiceAccount
name: builder
namespace: custom-notebooks
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: 'system:image-pusher'
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1alpha1
kind: Component

resources:
- rolebinding.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: custom-notebooks-admin
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: admin
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: Group
name: workshop-admins
Original file line number Diff line number Diff line change
@@ -1,6 +1,10 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

components:
- ../../components/namespace
- ../../components/rbac

resources:
- ../../base

Expand Down Expand Up @@ -29,7 +33,6 @@ patches:
- target:
group: build.openshift.io
kind: BuildConfig
# name: opencv-notebook-graphviz
patch: |-
- op: replace
path: /spec/strategy/dockerStrategy/from/namespace
Expand Down

This file was deleted.

This file was deleted.

3 changes: 3 additions & 0 deletions components/app-configs/rhoai-rhel-subscription/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
# Build RStudio Images

See https://docs.redhat.com/en/documentation/red_hat_openshift_ai_self-managed/2.13/html/getting_started_with_red_hat_openshift_ai_self-managed/creating-a-workbench-select-ide_get-started#building-the-rstudio-server-workbench-images_get-started
Original file line number Diff line number Diff line change
Expand Up @@ -3,5 +3,5 @@ kind: Kustomization

resources:
- banner-cluster.yaml
- link-github.yaml
- link-gh-ssa.yaml
- link-help.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -9,3 +9,5 @@ spec:
applicationMenu:
section: Git Repos
imageURL: /static/assets/public/imgs/logos/github.svg
# see /static/assets in the web console for more icons
# oc -n openshift-console exec -it deploy/console -- find /opt/bridge/static/assets/public -type f
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ spec:
operand:
# bug: an image has to be defined otherwise the deployment fails
# bug: this behavior recently changed
image: registry.redhat.io/openshift4/ose-node-feature-discovery@sha256:06408039019ce11ce4a3913b04eadf37091c105ebe592bad66284636af601e8c
image: registry.redhat.io/openshift4/ose-node-feature-discovery-rhel9:v4.16
# image: registry.redhat.io/openshift4/ose-node-feature-discovery:latest
servicePort: 12000
workerConfig:
Expand Down
8 changes: 5 additions & 3 deletions components/operators/rhacs-operator/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -23,25 +23,27 @@ The current *overlays* available are for the following channels:
* [rhacs-4.1](operator/overlays/rhacs-4.1)
* [rhacs-4.2](operator/overlays/rhacs-4.2)
* [rhacs-4.3](operator/overlays/rhacs-4.3)
* [rhacs-4.4](operator/overlays/rhacs-4.4)
* [rhacs-4.5](operator/overlays/rhacs-4.5)
* [stable](operator/overlays/stable)

## Usage

If you have cloned the `gitops-catalog` repository, you can install Advanced Cluster Security for Kubernetes based on the overlay of your choice by running from the root (`gitops-catalog`) directory.

```
```sh
oc apply -k rhacs-operator/operator/overlays/<channel>
```

Or, without cloning:

```
```sh
oc apply -k https://github.com/redhat-cop/gitops-catalog/rhacs-operator/operator/overlays/<channel>
```

As part of a different overlay in your own GitOps repo:

```
```yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -26,24 +26,23 @@ spec:
else

# Wait for central to be ready
attempt_counter=0
max_attempts=20

echo "Waiting for central to be available..."
until $(curl -k --output /dev/null --silent --head --fail https://central); do
if [ ${attempt_counter} -eq ${max_attempts} ];then
echo "Max attempts reached"
exit 1
fi
until $(curl -s -k --output /dev/null --head --fail https://central); do
if [ ${max_attempts} -lt 1 ];then
echo "Max attempts reached"
exit 1
fi

printf '.'
attempt_counter=$(($attempt_counter+1))
echo "Made attempt $attempt_counter, waiting..."
sleep 5
max_attempts=$(($max_attempts-1))
echo "Attempts remaining $max_attempts, waiting..."
sleep 5
done

echo "Configuring cluster-init bundle"
export DATA={\"name\":\"local-cluster\"}
curl -k -o /tmp/bundle.json -X POST -u "admin:${PASSWORD}" -H "Content-Type: application/json" --data ${DATA} https://central/v1/cluster-init/init-bundles
curl -s -k -o /tmp/bundle.json -X POST -u "admin:${PASSWORD}" -H "Content-Type: application/json" --data ${DATA} https://central/v1/cluster-init/init-bundles

echo "Bundle received"
cat /tmp/bundle.json
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

resources:
- ../../base

patches:
- target:
kind: Subscription
name: rhacs-operator
path: patch-channel.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
- op: replace
path: /spec/channel
value: rhacs-4.4
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

resources:
- ../../base

patches:
- target:
kind: Subscription
name: rhacs-operator
path: patch-channel.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
- op: replace
path: /spec/channel
value: rhacs-4.5
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
# wait-for-servicemesh

## Purpose

This component is designed prevent OpenShift AI before the ServiceMesh resources have been successfully installed that are required for KServe.

## Usage

This component can be added to a base by adding the `components` section to your overlay `kustomization.yaml` file:

```yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

resources:
- ../../base

components:
- ../../components/wait-for-servicemesh
```
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
#!/usr/bin/bash
set -e

TIMEOUT_SECONDS=60

patch_approval(){
APPROVAL=${1:-Automatic}

echo -n 'Waiting for RHOAI subscription.'
until oc get -n redhat-ods-operator subscription rhods-operator -o name 2>/dev/null
do
echo -n .
sleep 5
done; echo

oc -n redhat-ods-operator \
patch subscription rhods-operator \
--type=merge --patch '{"spec":{"installPlanApproval":"'"${APPROVAL}"'"}}'

echo -n 'Waiting for RHOAI install plan.'
until oc -n redhat-ods-operator get installplan -l operators.coreos.com/rhods-operator.redhat-ods-operator 2>/dev/null
do
echo -n .
sleep 5
done; echo

INSTALL_PLAN=$(oc -n redhat-ods-operator get installplan -l operators.coreos.com/rhods-operator.redhat-ods-operator -o name)
oc -n redhat-ods-operator \
patch "${INSTALL_PLAN}" \
--type=merge --patch '{"spec":{"approved":true}}'
}

wait_for_service_mesh(){
echo "Checking status of all service_mesh pre-reqs"

SERVICEMESH_RESOURCES=(
crd/knativeservings.operator.knative.dev:condition=established
crd/servicemeshcontrolplanes.maistra.io:condition=established
)

for crd in "${SERVICEMESH_RESOURCES[@]}"
do
RESOURCE=$(echo "$crd" | cut -d ":" -f 1)
CONDITION=$(echo "$crd" | cut -d ":" -f 2)

echo "Waiting for ${RESOURCE} state to be ${CONDITION}..."

oc wait --for="${CONDITION}" "${RESOURCE}" --timeout="1s" 2>/dev/null && continue
patch_approval Manual

oc wait --for="${CONDITION}" "${RESOURCE}" --timeout="${TIMEOUT_SECONDS}s"
done
}

wait_for_service_mesh
patch_approval
Loading
Loading