diff --git a/README.md b/README.md index 8ce82e0..b6ba39d 100644 --- a/README.md +++ b/README.md @@ -10,11 +10,11 @@ At the moment one template has helm chart support and this is the [chatbot appli The gitops component, handled by ArgoCD for the RHDH case, is replaced by the `application_gitops` project. Therefore, post application deployment a kubernetes Job is taking care of the github application repository creation. The source code is [here](https://github.com/redhat-ai-dev/developer-images/tree/main/helm-charts/application-gitops) -## OpenShift Pipelines Configuration +## OpenShift Pipelines -For OpenShift Pipelines configuration there's a separate (optional) helm chart, that a user can use to install and configure the pipelines for their project. The configuration helm chart is [here](/charts/openshift-pipelines/). +For OpenShift Pipelines configuration there's an [OpenShift Pipelines Configuration Guide](/docs/PIPELINES_CONFIGURATION.md) that the user can follow to configure their pipelines, prior to installing the helm chart. -The helm chart mainly uses the pipelines under [rhdh-pipelines](https://github.com/redhat-ai-dev/rhdh-pipelines) repo. The only customized resources used for the helm chart case are: +The helm chart mainly uses the tekton pipelines under [rhdh-pipelines](https://github.com/redhat-ai-dev/rhdh-pipelines) repo. The only customized resources used for the helm chart case are: - The [.tekton/docker-push.yaml](/pac/pipelineRuns/.tekton/docker-push.yaml) PipelineRun used to manage `push` events received from the github app webhook. - The [update-deployment.yaml](/pac/tasks/update-deployment.yaml) Task which is used to update the application deployment whenever a new image is pushed to the image registry. diff --git a/charts/ai-software-templates/chatbot/0.1.0/Chart.yaml b/charts/ai-software-templates/chatbot/0.1.0/Chart.yaml index 4bbc114..f0f2ff0 100644 --- a/charts/ai-software-templates/chatbot/0.1.0/Chart.yaml +++ b/charts/ai-software-templates/chatbot/0.1.0/Chart.yaml @@ -1,4 +1,7 @@ apiVersion: v2 +kubeVersion: ">= 1.27.0-0" +annotations: + charts.openshift.io/name: Chatbot AI Software Template description: A helm chart for the AI Software Templates. For more information please check https://github.com/redhat-ai-dev/ai-lab-helm-charts.git name: chatbot-ai-software-template tags: chatbot,llama.cpp,ai-lab diff --git a/charts/ai-software-templates/chatbot/0.1.0/README.md b/charts/ai-software-templates/chatbot/0.1.0/README.md index 66cd1b5..f41ba50 100644 --- a/charts/ai-software-templates/chatbot/0.1.0/README.md +++ b/charts/ai-software-templates/chatbot/0.1.0/README.md @@ -8,8 +8,9 @@ The deployment flow, will create an application instance, a model server and a g - You have a Github APP created with sufficient permissions for the organization that the application repository will be created. Detailed instructions for the github application creation can be found [here](https://github.com/redhat-ai-dev/ai-rhdh-installer/blob/main/docs/APP-SETUP.md#github-app). - You need to have access to a cluster for each operation with OpenShift 4, like deploying and testing. -- Your cluster should have [Openshift Pipelines Operator](https://www.redhat.com/en/technologies/cloud-computing/openshift/pipelines) installed and should be connected to your Github APP's webhook. In case your cluster is not configured yet, check the ["Setup Openshift Pipelines Operator"](#setup-openshift-pipelines-operator) below for further instructions. -- A Secret is already created in the Namespace that you are planning to install your helm release, containing a [Github Token](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#creating-a-personal-access-token-classic) with sufficient access to the given Github Organization. You can find the exact permissions [here](https://github.com/redhat-ai-dev/ai-rhdh-installer/blob/main/docs/APP-SETUP.md#procedure). +- The Namespace that your application will run is already created in your cluster. +- Your cluster should have [Openshift Pipelines Operator](https://www.redhat.com/en/technologies/cloud-computing/openshift/pipelines) installed and should be connected to your Github APP's webhook. In case your cluster is not configured yet, check the ["Pipelines Configuration Guide"](../../../../docs/PIPELINES_CONFIGURATION.md) for further instructions. +- A `key/value` Secret is already created in the Namespace that you are planning to install your helm release, containing a [Github Token](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#creating-a-personal-access-token-classic) with sufficient access to the given Github Organization. You can find the exact permissions [here](https://github.com/redhat-ai-dev/ai-rhdh-installer/blob/main/docs/APP-SETUP.md#procedure). Your Secret's name and the Key of the github token will be provided as values to the helm chart. ## Background @@ -27,12 +28,6 @@ Apart from the two main deployments, the gitops & OpenShift Pipelines parts are The helm chart can be directly installed from the OpenShift Dev Console. Check [here](https://docs.redhat.com/en/documentation/openshift_container_platform/4.8/html/building_applications/working-with-helm-charts#understanding-helm) for more information. -### Setup Openshift Pipelines Operator - -The suggested way to subscribe to, configure and connect the Openshift Pipelines and your Github App, is the through [openshift-pipelines](../../../openshift-pipelines/) helm chart. - - - ### Install using Helm In order to install AI Software Template Helm chart using helm directly, you can run: @@ -43,34 +38,34 @@ helm upgrade --install --namespace . ## Values -Below is a table of each value used to configure this chart. +Below is a table of each value used to configure this chart. Note: + +- Your helm release's name will be used to as the name of the application github repository. ### Application -| Value | Description | Default | Additional Information | -| -------------- | ------------------------------------------------------------- | -------------------------------------- | ---------------------- | -| `name` | The name of the application. | `chatbot-helm-chart` | | -| `namespace` | The namespace that the application will be deployed. | `ai-software-templates-dev` | | -| `appPort` | The exposed port of the application | 8501 | | -| `appContainer` | The initial image used for the chatbot application interface. | `quay.io/redhat-ai-dev/chatbot:latest` | | +| Value | Description | Default | Additional Information | +| -------------------------- | ------------------------------------------------------------- | -------------------------------------- | ---------------------- | +| `application.appPort` | The exposed port of the application | 8501 | | +| `application.appContainer` | The initial image used for the chatbot application interface. | `quay.io/redhat-ai-dev/chatbot:latest` | | ### Model -| Value | Description | Default | Additional Information | -| ----------------------- | --------------------------------------------------------------------- | ------------------------------------------------------- | ---------------------- | -| `modelServicePort` | The exposed port of the model service. | 8001 | | -| `modelServiceContainer` | The image used for the model service. | `quay.io/ai-lab/llamacpp_python:latest` | | -| `initContainer` | The image used for the initContainer of the model service deployment. | `quay.io/redhat-ai-dev/granite-7b-lab:latest` | | -| `modelInitCommand` | The model service initContainer command. | `['/usr/bin/install', '/model/model.file', '/shared/']` | | -| `modelPath` | The path of the model file inside the model service container. | `/model/model.file` | | +| Value | Description | Default | Additional Information | +| ----------------------------- | --------------------------------------------------------------------- | ------------------------------------------------------- | ---------------------- | +| `model.modelServicePort` | The exposed port of the model service. | 8001 | | +| `model.modelServiceContainer` | The image used for the model service. | `quay.io/ai-lab/llamacpp_python:latest` | | +| `initContainer` | The image used for the initContainer of the model service deployment. | `quay.io/redhat-ai-dev/granite-7b-lab:latest` | | +| `model.modelInitCommand` | The model service initContainer command. | `['/usr/bin/install', '/model/model.file', '/shared/']` | | +| `model.modelPath` | The path of the model file inside the model service container. | `/model/model.file` | | ### Gitops -| Value | Description | Default | Additional Information | -| ------------------- | ------------------------------------------------------------------------------------------------------ | ---------------------------------- | ---------------------- | -| `gitSecretName` | The name of the Secret containing the required Github token. | `git-secrets` | | -| `gitSecretKeyToken` | The name of the Secret's key with the Github token value. | `GITHUB_TOKEN` | | -| `githubOrgName` | `[REQUIRED]` The Github Organization name that the chatbot application repository will be created into | | | -| `gitSourceRepo` | The Github Repository with the contents of the chatbot application. | `redhat-ai-dev/ai-lab-helm-charts` | | -| `gitDefaultBranch` | The default branch for the chatbot application Github repository. | `main` | | -| `quayAccountName` | `[REQUIRED]` The quay.io account that the application image will be pushed. | | | +| Value | Description | Default | Additional Information | +| -------------------------- | ------------------------------------------------------------------------------------------------------ | ---------------------------------- | ---------------------- | +| `gitops.gitSecretName` | The name of the Secret containing the required Github token. | `git-secrets` | | +| `gitops.gitSecretKeyToken` | The name of the Secret's key with the Github token value. | `GITHUB_TOKEN` | | +| `gitops.githubOrgName` | `[REQUIRED]` The Github Organization name that the chatbot application repository will be created into | | | +| `gitops.gitSourceRepo` | The Github Repository with the contents of the chatbot application. | `"thepetk/chatbot-test-chart-repo` | | +| `gitops.gitDefaultBranch` | The default branch for the chatbot application Github repository. | `main` | | +| `gitops.quayAccountName` | `[REQUIRED]` The quay.io account that the application image will be pushed. | | | diff --git a/charts/ai-software-templates/chatbot/0.1.0/templates/app-config.yaml b/charts/ai-software-templates/chatbot/0.1.0/templates/app-config.yaml index 6fb5be4..1c4e764 100644 --- a/charts/ai-software-templates/chatbot/0.1.0/templates/app-config.yaml +++ b/charts/ai-software-templates/chatbot/0.1.0/templates/app-config.yaml @@ -2,14 +2,14 @@ apiVersion: v1 kind: ConfigMap metadata: labels: - app.kubernetes.io/instance: {{ .Values.application.name }}-app-config - app.kubernetes.io/name: {{ .Values.application.name }}-app-config - app.kubernetes.io/part-of: {{ .Values.application.name }} - name: {{ .Values.application.name }}-app-config - namespace: {{ .Values.application.namespace }} + app.kubernetes.io/instance: {{ .Release.Name }}-app-config + app.kubernetes.io/name: {{ .Release.Name }}-app-config + app.kubernetes.io/part-of: {{ .Release.Name }} + name: {{ .Release.Name }}-app-config + namespace: {{ .Release.Namespace }} data: - APP_NAME: "{{ .Values.application.name }}" - APP_NAMESPACE: "{{ .Values.application.namespace }}" + APP_NAME: "{{ .Release.Name }}" + APP_NAMESPACE: "{{ .Release.Namespace }}" GITHUB_ORG_NAME: "{{ .Values.gitops.githubOrgName }}" GITHUB_SOURCE_REPO: "{{ .Values.gitops.gitSourceRepo }}" GITHUB_TETKON_SOURCE_REPO: "redhat-ai-dev/ai-lab-helm-charts" diff --git a/charts/ai-software-templates/chatbot/0.1.0/templates/app-deployment.yaml b/charts/ai-software-templates/chatbot/0.1.0/templates/app-deployment.yaml index f8ac0b3..91698a6 100644 --- a/charts/ai-software-templates/chatbot/0.1.0/templates/app-deployment.yaml +++ b/charts/ai-software-templates/chatbot/0.1.0/templates/app-deployment.yaml @@ -7,27 +7,27 @@ metadata: tad.gitops.set/replicas: ".spec.replicas" tad.gitops.get/replicas: ".spec.replicas" labels: - app.kubernetes.io/instance: {{ .Values.application.name }} - app.kubernetes.io/name: {{ .Values.application.name }} - app.kubernetes.io/part-of: {{ .Values.application.name }} - name: {{ .Values.application.name }} - namespace: {{ .Values.application.namespace }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/name: {{ .Release.Name }} + app.kubernetes.io/part-of: {{ .Release.Name }} + name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} spec: replicas: 1 selector: matchLabels: - app.kubernetes.io/instance: {{ .Values.application.name }} + app.kubernetes.io/instance: {{ .Release.Name }} template: metadata: labels: - app.kubernetes.io/instance: {{ .Values.application.name }} + app.kubernetes.io/instance: {{ .Release.Name }} spec: containers: - image: {{ .Values.application.appContainer }} name: app-inference envFrom: - configMapRef: - name: {{ .Values.application.name }}-model-config + name: {{ .Release.Name }}-model-config ports: - containerPort: {{ .Values.application.appPort }} securityContext: diff --git a/charts/ai-software-templates/chatbot/0.1.0/templates/app-route.yaml b/charts/ai-software-templates/chatbot/0.1.0/templates/app-route.yaml index 036a27f..c0fc7b4 100644 --- a/charts/ai-software-templates/chatbot/0.1.0/templates/app-route.yaml +++ b/charts/ai-software-templates/chatbot/0.1.0/templates/app-route.yaml @@ -2,10 +2,10 @@ apiVersion: route.openshift.io/v1 kind: Route metadata: labels: - app.kubernetes.io/instance: {{ .Values.application.name }} - app.kubernetes.io/name: {{ .Values.application.name }} - name: {{ .Values.application.name }} - namespace: {{ .Values.application.namespace }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/name: {{ .Release.Name }} + name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} spec: port: targetPort: {{ .Values.application.appPort }} @@ -14,6 +14,6 @@ spec: termination: edge to: kind: Service - name: {{ .Values.application.name }} - weight: 100 + name: {{ .Release.Name }} + weight: 100 wildcardPolicy: None diff --git a/charts/ai-software-templates/chatbot/0.1.0/templates/app-service.yaml b/charts/ai-software-templates/chatbot/0.1.0/templates/app-service.yaml index e1feaa3..269630f 100644 --- a/charts/ai-software-templates/chatbot/0.1.0/templates/app-service.yaml +++ b/charts/ai-software-templates/chatbot/0.1.0/templates/app-service.yaml @@ -2,14 +2,14 @@ apiVersion: v1 kind: Service metadata: labels: - app.kubernetes.io/instance: {{ .Values.application.name }} - app.kubernetes.io/name: {{ .Values.application.name }} - name: {{ .Values.application.name }} - namespace: {{ .Values.application.namespace }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/name: {{ .Release.Name }} + name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} spec: ports: - port: {{ .Values.application.appPort }} protocol: TCP targetPort: {{ .Values.application.appPort }} selector: - app.kubernetes.io/instance: {{ .Values.application.name }} + app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/charts/ai-software-templates/chatbot/0.1.0/templates/application-gitops-job.yaml b/charts/ai-software-templates/chatbot/0.1.0/templates/application-gitops-job.yaml index dab1fb4..af7b24f 100644 --- a/charts/ai-software-templates/chatbot/0.1.0/templates/application-gitops-job.yaml +++ b/charts/ai-software-templates/chatbot/0.1.0/templates/application-gitops-job.yaml @@ -2,11 +2,11 @@ apiVersion: batch/v1 kind: Job metadata: labels: - app.kubernetes.io/instance: {{ .Values.application.name }}-github-repo-creator - app.kubernetes.io/name: {{ .Values.application.name }}-github-repo-creator - app.kubernetes.io/part-of: {{ .Values.application.name }} - namespace: {{ .Values.application.namespace }} - name: {{ .Values.application.name }}-github-repo-creator + app.kubernetes.io/instance: {{ .Release.Name }}-github-repo-creator + app.kubernetes.io/name: {{ .Release.Name }}-github-repo-creator + app.kubernetes.io/part-of: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} + name: {{ .Release.Name }}-github-repo-creator spec: template: spec: @@ -21,5 +21,5 @@ spec: key: {{ .Values.gitops.gitSecretKeyToken }} envFrom: - configMapRef: - name: {{ .Values.application.name }}-app-config + name: {{ .Release.Name }}-app-config restartPolicy: Never \ No newline at end of file diff --git a/charts/ai-software-templates/chatbot/0.1.0/templates/model-config.yaml b/charts/ai-software-templates/chatbot/0.1.0/templates/model-config.yaml index 659a0db..2b01367 100644 --- a/charts/ai-software-templates/chatbot/0.1.0/templates/model-config.yaml +++ b/charts/ai-software-templates/chatbot/0.1.0/templates/model-config.yaml @@ -1,7 +1,7 @@ apiVersion: v1 kind: ConfigMap metadata: - name: {{ .Values.application.name }}-model-config - namespace: {{ .Values.application.namespace }} + name: {{ .Release.Name }}-model-config + namespace: {{ .Release.Namespace }} data: - MODEL_ENDPOINT: "http://{{ .Values.application.name }}-model-server:{{ .Values.model.modelServicePort }}" \ No newline at end of file + MODEL_ENDPOINT: "http://{{ .Release.Name }}-model-server:{{ .Values.model.modelServicePort }}" \ No newline at end of file diff --git a/charts/ai-software-templates/chatbot/0.1.0/templates/model-server-deployment.yaml b/charts/ai-software-templates/chatbot/0.1.0/templates/model-server-deployment.yaml index 6ca3115..36845a8 100644 --- a/charts/ai-software-templates/chatbot/0.1.0/templates/model-server-deployment.yaml +++ b/charts/ai-software-templates/chatbot/0.1.0/templates/model-server-deployment.yaml @@ -2,20 +2,20 @@ apiVersion: apps/v1 kind: Deployment metadata: labels: - app.kubernetes.io/instance: {{ .Values.application.name }}-model-server - app.kubernetes.io/name: {{ .Values.application.name }}-model-server - app.kubernetes.io/part-of: {{ .Values.application.name }} - name: {{ .Values.application.name }}-model-server - namespace: {{ .Values.application.namespace }} + app.kubernetes.io/instance: {{ .Release.Name }}-model-server + app.kubernetes.io/name: {{ .Release.Name }}-model-server + app.kubernetes.io/part-of: {{ .Release.Name }} + name: {{ .Release.Name }}-model-server + namespace: {{ .Release.Namespace }} spec: replicas: 1 selector: matchLabels: - app.kubernetes.io/instance: {{ .Values.application.name }}-model-server + app.kubernetes.io/instance: {{ .Release.Name }}-model-server template: metadata: labels: - app.kubernetes.io/instance: {{ .Values.application.name }}-model-server + app.kubernetes.io/instance: {{ .Release.Name }}-model-server spec: initContainers: - name: model-file diff --git a/charts/ai-software-templates/chatbot/0.1.0/templates/model-server-service.yaml b/charts/ai-software-templates/chatbot/0.1.0/templates/model-server-service.yaml index 551183f..76cb96d 100644 --- a/charts/ai-software-templates/chatbot/0.1.0/templates/model-server-service.yaml +++ b/charts/ai-software-templates/chatbot/0.1.0/templates/model-server-service.yaml @@ -2,14 +2,14 @@ apiVersion: v1 kind: Service metadata: labels: - app.kubernetes.io/instance: {{ .Values.application.name }}-model-server - app.kubernetes.io/name: {{ .Values.application.name }}-model-server - name: {{ .Values.application.name }}-model-server - namespace: {{ .Values.application.namespace }} + app.kubernetes.io/instance: {{ .Release.Name }}-model-server + app.kubernetes.io/name: {{ .Release.Name }}-model-server + name: {{ .Release.Name }}-model-server + namespace: {{ .Release.Namespace }} spec: ports: - port: {{ .Values.model.modelServicePort }} protocol: TCP targetPort: {{ .Values.model.modelServicePort }} selector: - app.kubernetes.io/instance: {{ .Values.application.name }}-model-server + app.kubernetes.io/instance: {{ .Release.Name }}-model-server diff --git a/charts/ai-software-templates/chatbot/0.1.0/templates/pvc.yaml b/charts/ai-software-templates/chatbot/0.1.0/templates/pvc.yaml index ceffb4a..46193ce 100644 --- a/charts/ai-software-templates/chatbot/0.1.0/templates/pvc.yaml +++ b/charts/ai-software-templates/chatbot/0.1.0/templates/pvc.yaml @@ -3,10 +3,10 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: labels: - app.kubernetes.io/instance: {{ .Values.application.name }} - app.kubernetes.io/name: {{ .Values.application.name }} - name: {{ .Values.application.name }} - namespace: {{ .Values.application.namespace }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/name: {{ .Release.Name }} + name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} spec: accessModes: - ReadWriteOnce diff --git a/charts/ai-software-templates/chatbot/0.1.0/templates/tekton-repository.yaml b/charts/ai-software-templates/chatbot/0.1.0/templates/tekton-repository.yaml index bbf552e..aba81fd 100644 --- a/charts/ai-software-templates/chatbot/0.1.0/templates/tekton-repository.yaml +++ b/charts/ai-software-templates/chatbot/0.1.0/templates/tekton-repository.yaml @@ -1,13 +1,13 @@ apiVersion: "pipelinesascode.tekton.dev/v1alpha1" kind: Repository metadata: - name: {{ .Values.application.name }}-tekton-repository - namespace: {{ .Values.application.namespace }} + name: {{ .Release.Name }}-tekton-repository + namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/instance: {{ .Values.application.name }} - app.kubernetes.io/name: {{ .Values.application.name }} - app.kubernetes.io/part-of: {{ .Values.application.name }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/name: {{ .Release.Name }} + app.kubernetes.io/part-of: {{ .Release.Name }} spec: - url: "https://github.com/{{ .Values.gitops.githubOrgName }}/{{ .Values.application.name }}" + url: "https://github.com/{{ .Values.gitops.githubOrgName }}/{{ .Release.Name }}" diff --git a/charts/ai-software-templates/chatbot/0.1.0/templates/tests/test-connection-app.yaml b/charts/ai-software-templates/chatbot/0.1.0/templates/tests/test-connection-app.yaml new file mode 100644 index 0000000..20e3c4e --- /dev/null +++ b/charts/ai-software-templates/chatbot/0.1.0/templates/tests/test-connection-app.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ .Release.Name }}-test" + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/hook": test + "helm.sh/hook-delete-policy": before-hook-creation +spec: + containers: + - name: wget + image: quay.io/quay/busybox:latest + command: ["wget"] + args: ["{{ .Release.Name }}:{{ .Values.application.appPort }}/"] + restartPolicy: Never diff --git a/charts/ai-software-templates/chatbot/0.1.0/values.schema.json b/charts/ai-software-templates/chatbot/0.1.0/values.schema.json index f7ab2f8..4d480bb 100644 --- a/charts/ai-software-templates/chatbot/0.1.0/values.schema.json +++ b/charts/ai-software-templates/chatbot/0.1.0/values.schema.json @@ -5,16 +5,6 @@ "application": { "type": "object", "properties": { - "name": { - "type": "string", - "description": "The name of the application, if blank it defaults to 'chatbot-helm-chart'.", - "default": "chatbot-helm-chart" - }, - "namespace": { - "type": ["string", "null"], - "description": "The namespace that the application will be deployed, if blank it defaults to 'ai-software-templates-dev'.", - "default": "ai-software-templates-dev" - }, "appPort": { "type": "integer", "description": "The exposed port of the application, if blank it defaults to 8501.", diff --git a/charts/ai-software-templates/chatbot/0.1.0/values.yaml b/charts/ai-software-templates/chatbot/0.1.0/values.yaml index 9ffaf6f..63fdd9b 100644 --- a/charts/ai-software-templates/chatbot/0.1.0/values.yaml +++ b/charts/ai-software-templates/chatbot/0.1.0/values.yaml @@ -1,7 +1,5 @@ application: - name: "helm-chart-chatbot" - namespace: "ai-software-templates-dev" appPort: 8501 appContainer: "quay.io/redhat-ai-dev/chatbot:latest" diff --git a/charts/openshift-pipelines/Chart.yaml b/charts/openshift-pipelines/Chart.yaml deleted file mode 100644 index 8966f9c..0000000 --- a/charts/openshift-pipelines/Chart.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v2 -description: This chart is part of the chatbot ai software template chart and configures the openshift pipelines. -name: chatbot-ai-software-template-pipelines-configuration -tags: chatbot,python,llama.cpp,vllm -version: 0.1.0 diff --git a/charts/openshift-pipelines/README.md b/charts/openshift-pipelines/README.md deleted file mode 100644 index 3f96bae..0000000 --- a/charts/openshift-pipelines/README.md +++ /dev/null @@ -1,36 +0,0 @@ -# OpenShift Pipelines Configuration - AI Software Template Helm Chart - -This helm chart tries to provide an easy way to configure OpenShift Pipelines on your cluster and set everything up for the installation of the [AI Software Template Chat Application Helm Chart](../ai-software-templates/chatbot/0.1.0/). - -## Requirements - -Before installing the pipelines configuration helm chart, make sure you have created a Secret inside the Namespace you plan to release your Chat Application. The necessary fields are mentioned in the [values.gitops](#gitops) section. - -## Usage - -To install the configuration helm chart simply run: - -``` -helm upgrade --install --namespace . -``` - -## Values - -### application - -| Value | Description | Default | Additional Information | -| ----------- | --------------------------------------------------------- | --------------------------- | ---------------------- | -| `name` | The name of the configuration helm chart release. | `chatbot-configuration` | | -| `namespace` | The namespace that the chat application will be released. | `ai-software-templates-dev` | | - -### gitops - -| Value | Description | Default | Additional Information | -| ---------------------------------- | ----------------------------------------------------------------------------------- | --------------------------- | ---------------------- | -| `gitSecretName` | The name of the Secret containing the required Github credentials. | `git-secrets` | | -| `gitSecretKeyToken` | The name of the Secret's key with your Github token value. | `GITHUB_TOKEN` | | -| `gitSecretKeyAppId` | The name of the Secret's key with your Github App's application id value. | `GITHUB_APP_APP_ID` | | -| `gitSecretKeyWebhookURL` | The name of the Secret's key with your Github App's webhook url value. | `GITHUB_APP_WEBHOOK_URL` | | -| `gitSecretKeyWebhookSecret` | The name of the Secret's key with your Github App's webhook secret value. | `GITHUB_APP_WEBHOOK_SECRET` | | -| `gitSecretKeyPrivateKey` | The name of the Secret's key with your Github App's private key value. | `GITHUB_APP_PRIVATE_KEY` | | -| `gitSecretKeyQuayDockerConfigJSON` | The name of the Secret's key with your Github App's quay.io DockerConfigJson value. | `QUAY_DOCKERCONFIGJSON` | | diff --git a/charts/openshift-pipelines/templates/service-account.yaml b/charts/openshift-pipelines/templates/service-account.yaml deleted file mode 100644 index b7a56fb..0000000 --- a/charts/openshift-pipelines/templates/service-account.yaml +++ /dev/null @@ -1,19 +0,0 @@ ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: helm-manager - namespace: {{.Release.Namespace}} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: helm-manager-admin -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-admin -subjects: - - kind: ServiceAccount - name: helm-manager - namespace: {{.Release.Namespace}} diff --git a/charts/openshift-pipelines/templates/setup-pipelines-job.yaml b/charts/openshift-pipelines/templates/setup-pipelines-job.yaml deleted file mode 100644 index 33e81b4..0000000 --- a/charts/openshift-pipelines/templates/setup-pipelines-job.yaml +++ /dev/null @@ -1,325 +0,0 @@ ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: "{{.Release.Name}}-configure-openshift-pipelines" - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - helm.sh/chart: "{{.Chart.Name}}-{{.Chart.Version}}" -spec: - template: - metadata: - name: "{{.Release.Name}}-configure-operators" - labels: - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - helm.sh/chart: "{{.Chart.Name}}-{{.Chart.Version}}" - spec: - containers: - - name: configure-operators - image: "registry.redhat.io/openshift4/ose-tools-rhel8:latest" - workingDir: /tmp - env: - - name: GITHUB_TOKEN - valueFrom: - secretKeyRef: - name: {{ .Values.gitops.gitSecretName }} - key: {{ .Values.gitops.gitSecretKeyToken }} - - name: GITHUB_APP_APP_ID - valueFrom: - secretKeyRef: - name: {{ .Values.gitops.gitSecretName }} - key: {{ .Values.gitops.gitSecretKeyAppId }} - - name: GITHUB_APP_WEBHOOK_URL - valueFrom: - secretKeyRef: - name: {{ .Values.gitops.gitSecretName }} - key: {{ .Values.gitops.gitSecretKeyWebhookURL }} - - name: GITHUB_APP_WEBHOOK_SECRET - valueFrom: - secretKeyRef: - name: {{ .Values.gitops.gitSecretName }} - key: {{ .Values.gitops.gitSecretKeyWebhookSecret }} - - name: GITHUB_APP_PRIVATE_KEY - valueFrom: - secretKeyRef: - name: {{ .Values.gitops.gitSecretName }} - key: {{ .Values.gitops.gitSecretKeyPrivateKey }} - - name: QUAY_DOCKERCONFIGJSON - valueFrom: - secretKeyRef: - name: {{ .Values.gitops.gitSecretName }} - key: {{ .Values.gitops.gitSecretKeyQuayDockerConfigJSON }} - - name: NAMESPACE - value: {{ .Values.application.namespace }} - command: - - /bin/bash - - -c - - | - echo "Step 1: Configure Operators" - set -o errexit - set -o nounset - set -o pipefail - - echo -n "* Fetching sigstore/cosign: " - curl -sL https://github.com/sigstore/cosign/releases/latest/download/cosign-linux-amd64 -o /usr/bin/cosign && chmod +x /usr/bin/cosign - echo "OK" - - PIPELINES_NAMESPACE="openshift-pipelines" - - echo -n "* Waiting for pipelines operator deployment: " - until kubectl get namespace "$PIPELINES_NAMESPACE" >/dev/null 2>&1; do - echo -n "." - sleep 3 - done - until kubectl get route -n "$PIPELINES_NAMESPACE" pipelines-as-code-controller >/dev/null 2>&1; do - echo -n "." - sleep 3 - done - echo "OK" - - echo -n "* Configuring Chains secret: " - SECRET="signing-secrets" - if [ "$(kubectl get secret -n "$PIPELINES_NAMESPACE" "$SECRET" -o jsonpath='{.data}' --ignore-not-found --allow-missing-template-keys)" == "" ]; then - # Delete secret/signing-secrets if already exists since by default cosign creates immutable secrets - echo -n "." - kubectl delete secrets -n "$PIPELINES_NAMESPACE" "$SECRET" --ignore-not-found=true - - # To make this run conveniently without user input let's create a random password - echo -n "." - RANDOM_PASS=$( openssl rand -base64 30 ) - - # Generate the key pair secret directly in the cluster. - # The secret should be created as immutable. - echo -n "." - env COSIGN_PASSWORD=$RANDOM_PASS cosign generate-key-pair "k8s://$PIPELINES_NAMESPACE/$SECRET" >/dev/null - fi - # If the secret is not marked as immutable, make it so. - if [ "$(kubectl get secret -n "$PIPELINES_NAMESPACE" "$SECRET" -o jsonpath='{.immutable}')" != "true" ]; then - echo -n "." - kubectl patch secret -n "$PIPELINES_NAMESPACE" "$SECRET" --dry-run=client -o yaml \ - --patch='{"immutable": true}' \ - | kubectl apply -f - >/dev/null - fi - echo "OK" - - echo - echo "Configuration successful" - echo "Step 1: Completed" - - ## Configure Pipelines - echo "Step 2: Configure Pipelines" - - # Variables - PIPELINES_NAMESPACE=${PIPELINES_NAMESPACE:-"openshift-pipelines"} - PIPELINES_SECRET_NAME=${PIPELINES_SECRET_NAME:-'chatbot-pipelines-secret'} - - # Waiting for CRD - # Waits for TektonConfig CRD to become avaiable when performing deployment of the pipelines - # services. - echo -n "* Waiting for 'tektonconfigs' CRD: " - while [ $(kubectl api-resources | grep -c "^tektonconfigs ") = "0" ] ; do - echo -n "." - sleep 3 - done - if [ $? -ne 0 ]; then - echo "FAIL" - exit 1 - fi - echo "OK" - - # Waiting for pipelines operator deployment - # Waits for the deployment of the pipelines services to finish before proceeding. - echo -n "* Waiting for pipelines operator deployment: " - until kubectl get namespace "$PIPELINES_NAMESPACE" >/dev/null 2>&1; do - echo -n "." - sleep 3 - done - until kubectl get route -n "$PIPELINES_NAMESPACE" pipelines-as-code-controller >/dev/null 2>&1; do - echo -n "." - sleep 3 - done - if [ $? -ne 0 ]; then - echo "FAIL" - exit 1 - fi - echo "OK" - - # Update the TektonConfig resource - # Updates Tekton config CR to have setup with target namespace and - # compatiablty with RHDH instances - echo -n "* Update the TektonConfig resource: " - until kubectl get tektonconfig config >/dev/null 2>&1; do - echo -n "_" - sleep 3 - done - - echo -n "* Update the TektonConfig resource: " - until kubectl get tektonconfig config >/dev/null 2>&1; do - echo -n "_" - sleep 3 - done - kubectl patch tektonconfig config --type 'merge' --patch "$( cat </dev/null - else - WEBHOOK_SECRET="$(kubectl -n "$NAMESPACE" get secret "$PIPELINES_SECRET_NAME" ) -o jsonpath="{.data.webhook-github-secret}" | base64 -d" - fi - if [ $? -ne 0 ]; then - echo "FAIL" - exit 1 - fi - - if [ "$(kubectl get secret -n "$PIPELINES_NAMESPACE" "pipelines-as-code-secret" -o name --ignore-not-found | wc -l | tr -d '[:space:]')" = "0" ]; then - kubectl -n "$PIPELINES_NAMESPACE" create secret generic pipelines-as-code-secret \ - --from-literal github-application-id="$GITHUB_APP_APP_ID" \ - --from-literal github-private-key="$GITHUB_APP_PRIVATE_KEY" \ - --from-literal webhook.secret="$GITHUB_APP_WEBHOOK_SECRET" \ - --dry-run=client -o yaml | kubectl apply -f - >/dev/null - - if [ $? -ne 0 ]; then - echo "FAIL" - exit 1 - fi - fi - echo "OK" - - # Fetching cosign public key - # Fetches cosign public key needed for namespace setup - echo -n "* Fetching cosign public key: " - while ! kubectl get secrets -n $PIPELINES_NAMESPACE signing-secrets >/dev/null 2>&1; do - echo -n "_" - sleep 2 - done - echo -n "." - COSIGN_SIGNING_PUBLIC_KEY="" - while [ -z "${COSIGN_SIGNING_PUBLIC_KEY:-}" ]; do - echo -n "_" - sleep 2 - COSIGN_SIGNING_PUBLIC_KEY=$(kubectl get secrets -n $PIPELINES_NAMESPACE signing-secrets -o jsonpath='{.data.cosign\.pub}' 2>/dev/null) - if [ $? -ne 0 ]; then - echo -n "FAIL" - exit 1 - fi - done - echo "OK" - - # Configure Namespaces - # Configuring namespaces with needed resources - echo -n "* Configuring Namespaces: " - - SECRET_NAME="cosign-pub" - if [ -n "$COSIGN_SIGNING_PUBLIC_KEY" ]; then - cat </dev/null - apiVersion: v1 - data: - cosign.pub: $COSIGN_SIGNING_PUBLIC_KEY - kind: Secret - metadata: - labels: - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: tekton-chains - operator.tekton.dev/operand-name: tektoncd-chains - name: $SECRET_NAME - namespace: $NAMESPACE - type: Opaque - EOF - if [ $? -ne 0 ]; then - echo -n "FAIL" - exit 1 - fi - echo -n "." - fi - - SECRET_NAME="gitops-auth-secret" - if [ -n "$GITHUB_TOKEN" ]; then - kubectl -n $NAMESPACE create secret generic "$SECRET_NAME" \ - --from-literal=password=$GITHUB_TOKEN \ - --type=kubernetes.io/basic-auth \ - --dry-run=client -o yaml | kubectl -n $NAMESPACE apply --filename - --overwrite=true >/dev/null - if [ $? -ne 0 ]; then - echo -n "FAIL" - exit 1 - fi - echo -n "." - fi - - SECRET_NAME="pipelines-secret" - if [ -n "$GITHUB_APP_WEBHOOK_SECRET" ]; then - kubectl -n $NAMESPACE create secret generic "$SECRET_NAME" \ - --from-literal=webhook.secret=$GITHUB_APP_WEBHOOK_SECRET \ - --dry-run=client -o yaml | kubectl -n $NAMESPACE apply --filename - --overwrite=true >/dev/null - if [ $? -ne 0 ]; then - echo -n "FAIL" - exit 1 - fi - echo -n "." - fi - - SECRET_NAME="helm-chart-image-registry-token" - if [ -n "$QUAY_DOCKERCONFIGJSON" ]; then - DATA=$(mktemp) - echo -n "$QUAY_DOCKERCONFIGJSON" >"$DATA" - kubectl -n $NAMESPACE create secret docker-registry "$SECRET_NAME" \ - --from-file=.dockerconfigjson="$DATA" --dry-run=client -o yaml | \ - kubectl -n $NAMESPACE apply --filename - --overwrite=true >/dev/null - if [ $? -ne 0 ]; then - echo -n "FAIL" - exit 1 - fi - rm "$DATA" - echo -n "." - while ! kubectl -n $NAMESPACE get serviceaccount pipeline >/dev/null; do - sleep 2 - echo -n "_" - done - for SA in default pipeline; do - kubectl -n $NAMESPACE patch serviceaccounts "$SA" --patch " - secrets: - - name: $SECRET_NAME - imagePullSecrets: - - name: $SECRET_NAME - " >/dev/null - if [ $? -ne 0 ]; then - echo -n "FAIL" - exit 1 - fi - echo -n "." - done - echo -n "." - fi - echo "OK" - restartPolicy: "Never" - serviceAccountName: helm-manager diff --git a/charts/openshift-pipelines/templates/subscription.yaml b/charts/openshift-pipelines/templates/subscription.yaml deleted file mode 100644 index 786dd0e..0000000 --- a/charts/openshift-pipelines/templates/subscription.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: operators.coreos.com/v1alpha1 -kind: Subscription -metadata: - annotations: - helm.sh/resource-policy: keep - name: openshift-pipelines-operator - namespace: openshift-operators -spec: - channel: pipelines-1.14 - installPlanApproval: Automatic - name: openshift-pipelines-operator-rh - source: redhat-operators - sourceNamespace: openshift-marketplace diff --git a/charts/openshift-pipelines/values.yaml b/charts/openshift-pipelines/values.yaml deleted file mode 100644 index 58ed63b..0000000 --- a/charts/openshift-pipelines/values.yaml +++ /dev/null @@ -1,12 +0,0 @@ -application: - name: "chatbot-configuration" - namespace: "ai-software-templates-dev" - -gitops: - gitSecretName: "github-secrets" - gitSecretKeyToken: "GITHUB_TOKEN" - gitSecretKeyAppId: "GITHUB_APP_APP_ID" - gitSecretKeyWebhookURL: "GITHUB_APP_WEBHOOK_URL" - gitSecretKeyWebhookSecret: "GITHUB_APP_WEBHOOK_SECRET" - gitSecretKeyPrivateKey: "GITHUB_APP_PRIVATE_KEY" - gitSecretKeyQuayDockerConfigJSON: "QUAY_DOCKERCONFIGJSON" diff --git a/chatbot-ai-software-template-0.1.0.tgz b/chatbot-ai-software-template-0.1.0.tgz deleted file mode 100644 index 0d15a21..0000000 Binary files a/chatbot-ai-software-template-0.1.0.tgz and /dev/null differ diff --git a/docs/PIPELINES_CONFIGURATION.md b/docs/PIPELINES_CONFIGURATION.md new file mode 100644 index 0000000..bb3f753 --- /dev/null +++ b/docs/PIPELINES_CONFIGURATION.md @@ -0,0 +1,127 @@ +# Openshift Pipelines Configuration Instructions + +The OpenShift Pipelines configuration is a requirement in order to support CI/CD between your app's github repository and your application's deployment in OpenShift. To configure the pipelines you'll need to: + +1. Install the [Openshift Pipelines Operator](https://docs.redhat.com/en/documentation/openshift_container_platform/4.6/html/pipelines/installing-pipelines#installing-pipelines). + +2. Ensure that the `pipeline-as-code-controller` is up by getting its route: + +``` +kubectl get route -n openshift-pipelines pipelines-as-code-controller +``` + +3. Download `cosign`, which will be used to generate the updated `signing-secrets`. + +``` +curl -sL https://github.com/sigstore/cosign/releases/latest/download/cosign-linux-amd64 -o /usr/bin/cosign && chmod +x /usr/bin/cosign +``` + +4. In your Operator's Namespace, delete (if exists) the `signing-secrets` Secret. + +5. Generate the new `signing-secrets` inside the Operator's Namespace and patch the new secret as immutable: + +``` +export KUBERNETES_SERVICE_PORT= +export KUBERNETES_SERVICE_HOST=" +cosign generate-key-pair k8s://openshift-pipelines/signing-secrets +kubectl patch secret -n openshift-pipelines signing-secrets -o yaml --patch='{"immutable": true}' +``` + +6. Ensure that the `tektonconfigs` CRDs are available. You can verify that if the below command returns 1 as response: + +``` +kubectl api-resources | grep -c "^tektonconfigs " +``` + +7. Update the `TektonConfig`, by enabling the necessary resolvers and use a targeted namespace: + +``` +kubectl patch tektonconfig config --type 'merge' --patch "$( cat < +export PIPELINES_SECRET_NAME="ai-lab-pipelines-secret" +export GITHUB_APP_WEBHOOK_SECRET= +export GITHUB_APP_WEBHOOK_URL= +kubectl -n "$APP_NAMESPACE" create secret generic "$PIPELINES_SECRET_NAME" \ + --from-literal="webhook-github-secret=$GITHUB_APP_WEBHOOK_SECRET" \ + --from-literal="webhook-url=$GITHUB_APP_WEBHOOK_URL" +``` + +9. Create the `pipelines-as-code-secret`, containing your Github App's `App ID`, `Private Key`, `Webhook Secret`. Note, that your `Private Key` value needs to be passed as a multilined string and not flattened. + +``` +export GITHUB_APP_APP_ID= +export GITHUB_APP_PRIVATE_KEY=" + +" +kubectl -n "$PIPELINES_NAMESPACE" create secret generic pipelines-as-code-secret \ + --from-literal github-application-id="$GITHUB_APP_APP_ID" \ + --from-literal github-private-key="$GITHUB_APP_PRIVATE_KEY" \ + --from-literal webhook.secret="$GITHUB_APP_WEBHOOK_SECRET" +``` + +10. Fetch the codesign public key from the `signing-secrets` Secret inside the Operator's Namespace. + +``` +export COSIGN_SIGNING_PUBLIC_KEY=$(kubectl get secrets -n $PIPELINES_NAMESPACE signing-secrets -o jsonpath='{.data.cosign\.pub}') +cat </dev/null +apiVersion: v1 +data: + cosign.pub: $COSIGN_SIGNING_PUBLIC_KEY +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-chains + operator.tekton.dev/operand-name: tektoncd-chains + name: cosign-pub + namespace: $APP_NAMESPACE +type: Opaque +EOF +``` + +11. Create the `pipelines-secret` in your application's Namespace, containing your Github App's `Webhook Secret`: + +``` +kubectl -n $APP_NAMESPACE create secret generic pipelines-secret --from-literal=webhook.secret=$GITHUB_APP_WEBHOOK_SECRET +``` + +12. Similarly with the previous step, create the `image-registry-token` in your application's Namespace, containing the docker `config.json` file of your Quay.io account (see more info [here](https://docs.redhat.com/en/documentation/red_hat_quay/3.6/html-single/use_red_hat_quay/index#allow-robot-access-user-repo)): + +``` +export IMAGE_REGISTRY_TOKEN_SECRET="ai-lab-image-registry-token" +kubectl -n $APP_NAMESPACE create secret docker-registry "$IMAGE_REGISTRY_TOKEN_SECRET" --from-file=.dockerconfigjson= +``` + +13. Patch the `default` and `pipeline` ServiceAccounts by adding to them the image registry token secret created above: + +``` +for SA in default pipeline; do + kubectl -n $APP_NAMESPACE patch serviceaccounts "$SA" --patch " + secrets: + - name: $IMAGE_REGISTRY_TOKEN_SECRET + imagePullSecrets: + - name: $IMAGE_REGISTRY_TOKEN_SECRET + " +done +``` diff --git a/index.yaml b/index.yaml deleted file mode 100644 index 0cd62bc..0000000 --- a/index.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -entries: - chatbot-ai-software-template: - - apiVersion: v2 - created: "2024-11-05T12:22:00.310764272-05:00" - description: A helm chart for the AI Software Templates. For more information - please check https://github.com/redhat-ai-dev/ai-lab-helm-charts.git - digest: 73a5f247008e6b7f8b0da5c5e77d33e2a70c9c2d2a39dcd17b8600f760009d4a - name: chatbot-ai-software-template - tags: chatbot,llama.cpp,ai-lab-template - urls: - - chatbot-ai-software-template-0.1.0.tgz - version: 0.1.0 -generated: "2024-11-05T12:22:00.310394895-05:00" diff --git a/robots.txt b/robots.txt deleted file mode 100644 index 954f34b..0000000 --- a/robots.txt +++ /dev/null @@ -1 +0,0 @@ -“User-Agent: *nDisallow: /”