From e6067878dcdc601454a5bd75cb5c0cd52b8d0e02 Mon Sep 17 00:00:00 2001 From: Chris Butler Date: Wed, 3 Apr 2024 15:32:51 +1100 Subject: [PATCH] feat: Add minio support for custom creds (#25) * feat: Add minio support for custom creds Signed-off-by: Chris Butler * fix: Typos and yaml formatting Signed-off-by: Chris Butler * fix: Typos and yaml formatting Signed-off-by: Chris Butler * fix: Typos and yaml formatting Signed-off-by: Chris Butler * fix: Typos and yaml formatting Signed-off-by: Chris Butler * fix: Typos and yaml formatting Signed-off-by: Chris Butler * fix: Typos and yaml formatting Signed-off-by: Chris Butler * fix: Typos and yaml formatting Signed-off-by: Chris Butler --------- Signed-off-by: Chris Butler --- charts/all/minio/templates/aws-minio-dep.yaml | 139 ------------------ charts/all/minio/templates/secret-eso.yaml | 34 ++--- charts/all/minio/values.yaml | 24 +-- dev-scripts/README.md | 3 + dev-scripts/argo-env.sh | 5 + docs/deploying.md | 26 ++++ docs/dev-scripts.md | 15 ++ values-secret.yaml.template | 13 +- 8 files changed, 78 insertions(+), 181 deletions(-) delete mode 100644 charts/all/minio/templates/aws-minio-dep.yaml create mode 100644 dev-scripts/README.md create mode 100644 dev-scripts/argo-env.sh create mode 100644 docs/dev-scripts.md diff --git a/charts/all/minio/templates/aws-minio-dep.yaml b/charts/all/minio/templates/aws-minio-dep.yaml deleted file mode 100644 index 6ae2cf3..0000000 --- a/charts/all/minio/templates/aws-minio-dep.yaml +++ /dev/null @@ -1,139 +0,0 @@ -# --- -# kind: Deployment -# apiVersion: apps/v1 -# metadata: -# name: minio -# spec: -# replicas: 1 -# selector: -# matchLabels: -# app: minio -# template: -# metadata: -# creationTimestamp: null -# labels: -# app: minio -# spec: -# volumes: -# - name: data -# persistentVolumeClaim: -# claimName: tomc-minio-pvc -# containers: -# - resources: -# limits: -# cpu: 250m -# memory: 1Gi -# requests: -# cpu: 20m -# memory: 100Mi -# readinessProbe: -# tcpSocket: -# port: 9000 -# initialDelaySeconds: 5 -# timeoutSeconds: 1 -# periodSeconds: 5 -# successThreshold: 1 -# failureThreshold: 3 -# terminationMessagePath: /dev/termination-log -# name: minio -# livenessProbe: -# tcpSocket: -# port: 9000 -# initialDelaySeconds: 30 -# timeoutSeconds: 1 -# periodSeconds: 5 -# successThreshold: 1 -# failureThreshold: 3 -# env: -# - name: MINIO_ROOT_USER -# valueFrom: -# secretKeyRef: -# name: minio-secret -# key: minio_root_user -# - name: MINIO_ROOT_PASSWORD -# valueFrom: -# secretKeyRef: -# name: minio-secret -# key: minio_root_password -# ports: -# - containerPort: 9000 -# protocol: TCP -# - containerPort: 9090 -# protocol: TCP -# imagePullPolicy: IfNotPresent -# volumeMounts: -# - name: data -# mountPath: /data -# subPath: minio -# terminationMessagePolicy: File -# image: >- -# quay.io/minio/minio:RELEASE.2023-06-19T19-52-50Z -# args: -# - server -# - /data -# - --console-address -# - :9090 -# restartPolicy: Always -# terminationGracePeriodSeconds: 30 -# dnsPolicy: ClusterFirst -# securityContext: {} -# schedulerName: default-scheduler -# strategy: -# type: Recreate -# revisionHistoryLimit: 10 -# progressDeadlineSeconds: 600 -# --- -# kind: Service -# apiVersion: v1 -# metadata: -# name: minio-service -# spec: -# ipFamilies: -# - IPv4 -# ports: -# - name: api -# protocol: TCP -# port: 9000 -# targetPort: 9000 -# - name: ui -# protocol: TCP -# port: 9090 -# targetPort: 9090 -# internalTrafficPolicy: Cluster -# type: ClusterIP -# ipFamilyPolicy: SingleStack -# sessionAffinity: None -# selector: -# app: minio -# --- -# kind: Route -# apiVersion: route.openshift.io/v1 -# metadata: -# name: minio-api -# spec: -# to: -# kind: Service -# name: minio-service -# weight: 100 -# port: -# targetPort: api -# wildcardPolicy: None -# tls: -# termination: edge -# insecureEdgeTerminationPolicy: Redirect -# --- -# kind: Route -# apiVersion: route.openshift.io/v1 -# metadata: -# name: minio-ui -# spec: -# to: -# kind: Service -# name: minio-service -# weight: 100 -# port: -# targetPort: ui -# wildcardPolicy: None -# tls: -# termination: edge -# insecureEdgeTerminationPolicy: Redirect \ No newline at end of file diff --git a/charts/all/minio/templates/secret-eso.yaml b/charts/all/minio/templates/secret-eso.yaml index b645b14..f22aed5 100644 --- a/charts/all/minio/templates/secret-eso.yaml +++ b/charts/all/minio/templates/secret-eso.yaml @@ -1,17 +1,17 @@ -# --- -# apiVersion: "external-secrets.io/v1beta1" -# kind: ExternalSecret -# metadata: -# name: minio-secret-eso -# spec: -# refreshInterval: 15s -# secretStoreRef: -# name: {{ .Values.secretStore.name }} -# kind: {{ .Values.secretStore.kind }} -# target: -# name: minio-secret -# template: -# type: Opaque -# dataFrom: -# - extract: -# key: {{ .Values.minioRootCreds.key }} +--- +apiVersion: "external-secrets.io/v1beta1" +kind: ExternalSecret +metadata: + name: minio-secret-eso +spec: + refreshInterval: 15s + secretStoreRef: + name: {{ .Values.secretStore.name }} + kind: {{ .Values.secretStore.kind }} + target: + name: minio-tenant-secret + template: + type: Opaque + dataFrom: + - extract: + key: {{ .Values.minioRootCreds.key }} diff --git a/charts/all/minio/values.yaml b/charts/all/minio/values.yaml index e85ac91..4797044 100644 --- a/charts/all/minio/values.yaml +++ b/charts/all/minio/values.yaml @@ -12,31 +12,21 @@ minioRootCreds: # Begin global parameters - - - - operator: operator: env: - name: "MINIO_OPERATOR_RUNTIME" value: "OpenShift" - # securityContext: - # runAsUser: 1000770000 - # runAsGroup: 1000770000 - # fsGroup: 1000770000 - # containerSecurityContext: - # runAsUser: 1000770000 - # runAsGroup: 1000770000 - # console: - # securityContext: - # runAsUser: 1000770000 - # containerSecurityContext: - # runAsUser: 1000770000 - tenant: + secrets: + name: minio-tenant-secret + existingSecret: + name: enabled tenant: name: my-minio-tenant + configuration: + name: minio-tenant-secret + existingSecret: true pools: - servers: 1 name: mypool diff --git a/dev-scripts/README.md b/dev-scripts/README.md new file mode 100644 index 0000000..d0fc24b --- /dev/null +++ b/dev-scripts/README.md @@ -0,0 +1,3 @@ +# dev-scripts + +See detailed explaination on the [docs site](https://opendatahub-io-contrib.github.io/genai-llm-rag-pattern/dev-scripts) diff --git a/dev-scripts/argo-env.sh b/dev-scripts/argo-env.sh new file mode 100644 index 0000000..0d10459 --- /dev/null +++ b/dev-scripts/argo-env.sh @@ -0,0 +1,5 @@ +#!/bin/sh +ARGO_CMD=`oc get secrets -A -o jsonpath='{range .items[*]}{"oc get -n "}{.metadata.namespace}{" routes; oc -n "}{.metadata.namespace}{" extract secrets/"}{.metadata.name}{" --to=-\\n"}{end}' | grep gitops-cluster` +CMD=`echo $ARGO_CMD | sed 's|- oc|-;oc|g'` + +eval $CMD diff --git a/docs/deploying.md b/docs/deploying.md index e69de29..0a051dd 100644 --- a/docs/deploying.md +++ b/docs/deploying.md @@ -0,0 +1,26 @@ +--- +title: Deploying the RAG pattern. +--- + +## Assumptions + +### GPUs + +The current demonstration relies on [`flash-attention`](https://github.com/Dao-AILab/flash-attention) to decrease memory consumption for the LLM models. Today support to this limited to specific Nvidia GPUs which this system can work with. GPUs which are known to be good include: + +- Nvidia L40S +- Nvidia A100 +- Nvidia H100/H200 + +Note: The V100 GPUs are not supported. + +### GPU pool management (WIP) + +The pattern today allows GPU pools to be managed for scale-out computing via [MCAD](https://github.com/project-codeflare/multi-cluster-app-dispatcher/) and [Instascale](https://github.com/project-codeflare/instascale). It is important to note that this is designed primarily to manage scaling for batch workloads. + +This works where: + +1. The cluster auto-scaler is enabled (e.g. using the assisted installer into your own tenancy on AWS / GCP) +1. Clusters managed via OpenShift Cluster Manager (e.g. ROSA, ARO and OSD) + +### Manual setup steps on OSD. diff --git a/docs/dev-scripts.md b/docs/dev-scripts.md new file mode 100644 index 0000000..86d66f5 --- /dev/null +++ b/docs/dev-scripts.md @@ -0,0 +1,15 @@ +--- +title: Development scripts +--- + +# Development scripts + +These scripts are useful for development and automation where the gap has not been completely closed. + +## `argo-env.sh` + +Two argoCD deployments are created by the validated patterns operator. The depending on your identity and RBAC setup you may not get access with `cluster-admin` or similar. + +Running (pre-authenticated with `oc`) `sh argo-env.sh` will provide the default admin passwords for each argo instance. + +## diff --git a/values-secret.yaml.template b/values-secret.yaml.template index 8208799..07d3518 100644 --- a/values-secret.yaml.template +++ b/values-secret.yaml.template @@ -6,16 +6,13 @@ version: "2.0" # automatically generated inside the vault this should not really matter) secrets: - - name: minio_root + - name: minio_tenant_root vaultPrefixes: - global fields: - - name: minio_root_user - value: '' + - name: 'config.env' + value: |- + export MINIO_ROOT_USER=ROOTUSERNAME + export MINIO_ROOT_PASSWORD=ROOTUSERPASSWORD onMissingValue: prompt vaultPolicy: validatedPatternDefaultPolicy - - name: minio_root_password - value: '' - onMissingValue: prompt - vaultPolicy: validatedPatternDefaultPolicy -