diff --git a/9.0.x/pipeline-run.yaml b/9.0.x/pipeline-run.yaml index cd9937c..b7fbafa 100644 --- a/9.0.x/pipeline-run.yaml +++ b/9.0.x/pipeline-run.yaml @@ -17,10 +17,14 @@ spec: - name: use-letsencrypt-certs value: "true" #lets encrypt secret location and namespace + # - name: tlscert-secret + # value: "user-serving-cert-000" + # - name: tlscert-namespace + # value: "openshift-kube-apiserver" - name: tlscert-secret - value: "user-serving-cert-000" + value: "letsencrypt-certs" - name: tlscert-namespace - value: "openshift-kube-apiserver" + value: "openshift-ingress" - name: ibm-entitlement-key value: "false" #mas-license-secret @@ -35,10 +39,12 @@ spec: # install MAS Core. This task may be skipped once done successfully - name: mas-install-core value: "true" + - name: mas-instance-id + value: "inst1" # install MAS Manage, depending on MAS Core, optionally CP4D/DB2 - name: mas-install-manage - value: "false" + value: "true" - name: mas-install-demo-data value: "true" - name: mas-cp4d-install-cognos @@ -72,7 +78,7 @@ spec: - name: cpd-admin-password value: "xxx" - # install MAS AI Broker, depending on MAS Core, Manage, IoT and Monitor + # install MAS AI Broker, depending on MAS Core. Check/update sc in pvc.yml, ns in np.yml - name: mas-install-aibroker value: "false" - name: artifactory_username diff --git a/9.0.x/pipeline.yaml b/9.0.x/pipeline.yaml index c9bdf53..6e28a3c 100644 --- a/9.0.x/pipeline.yaml +++ b/9.0.x/pipeline.yaml @@ -192,7 +192,7 @@ spec: - name: ibm-entitlement-key steps: - name: copy-entitlement-key-to-ws - image: quay.io/openshift/origin-cli:4.10 + image: quay.io/openshift/origin-cli:4.15 script: | #!/usr/bin/env bash if [ $(params.ibm-entitlement-key) == "false" ]; then @@ -227,7 +227,7 @@ spec: - name: LICENSE_FILE_SECRET_NAME steps: - name: write-maximo-licensefile - image: quay.io/openshift/origin-cli:4.12 + image: quay.io/openshift/origin-cli:4.15 script: | #!/usr/bin/env bash @@ -355,7 +355,7 @@ spec: - name: mas-install-core steps: - name: run-mas-cli - image: quay.io/ibmmas/cli:latest + image: quay.io/ibmmas/cli:11.12.0 script: | #!/usr/bin/env bash # extract license id from license.dat @@ -387,7 +387,7 @@ spec: #check ai broker public cert #cat ansible-devops/roles/suite_certs/defaults/main.yml - wget -qO - "https://raw.githubusercontent.com/zxue/ansible-devops/master/ibm/mas_devops/roles/suite_certs/defaults/main.yml" > ansible-devops/roles/suite_certs/defaults/main.yml + #wget -qO - "https://raw.githubusercontent.com/zxue/ansible-devops/master/ibm/mas_devops/roles/suite_certs/defaults/main.yml" > ansible-devops/roles/suite_certs/defaults/main.yml #cat ansible-devops/roles/suite_certs/defaults/main.yml ansible-playbook ibm.mas_devops.oneclick_core @@ -401,6 +401,7 @@ spec: timeout: "12h" runAfter: - get-tls-certs + - install-mas-core workspaces: - name: ws params: @@ -434,7 +435,7 @@ spec: - name: rwo-storageclass steps: - name: run-mas-cli - image: quay.io/ibmmas/cli:latest + image: quay.io/ibmmas/cli:11.12.0 script: | #!/usr/bin/env bash export MAS_INSTANCE_ID=$(params.mas-instance-id) @@ -479,7 +480,8 @@ spec: mkdir -p $MAS_CONFIG_DIR # Cloud Pak for Data Platform (~1 1/2 hours) - ROLE_NAME=ibm_catalogs ansible-playbook ibm.mas_devops.run_role + #ROLE_NAME=ibm_catalogs ansible-playbook ibm.mas_devops.run_role + #ROLE_NAME=cert_manager ansible-playbook ibm.mas_devops.run_role ROLE_NAME=cp4d ansible-playbook ibm.mas_devops.run_role - name: install-cp4d-db2 when: @@ -523,7 +525,7 @@ spec: - name: rwo-storageclass steps: - name: run-mas-cli - image: quay.io/ibmmas/cli:latest + image: quay.io/ibmmas/cli:11.12.0 script: | #!/usr/bin/env bash export MAS_INSTANCE_ID=$(params.mas-instance-id) @@ -606,7 +608,7 @@ spec: - name: cpd-install-spss steps: - name: run-mas-cli - image: quay.io/ibmmas/cli:latest + image: quay.io/ibmmas/cli:11.12.0 script: | #!/usr/bin/env bash @@ -670,7 +672,7 @@ spec: - name: cpd-install-spss steps: - name: run-mas-cli - image: quay.io/ibmmas/cli:latest + image: quay.io/ibmmas/cli:11.12.0 script: | #!/usr/bin/env bash @@ -737,7 +739,7 @@ spec: - name: cpd-install-spss steps: - name: run-mas-cli - image: quay.io/ibmmas/cli:latest + image: quay.io/ibmmas/cli:11.12.0 script: | #!/usr/bin/env bash @@ -802,7 +804,7 @@ spec: - name: cpd-install-spss steps: - name: run-mas-cli - image: quay.io/ibmmas/cli:latest + image: quay.io/ibmmas/cli:11.12.0 script: | #!/usr/bin/env bash @@ -870,7 +872,7 @@ spec: - name: cpd-install-spss steps: - name: run-mas-cli - image: quay.io/ibmmas/cli:latest + image: quay.io/ibmmas/cli:11.12.0 script: | #!/usr/bin/env bash @@ -943,7 +945,7 @@ spec: - name: rwo-storageclass steps: - name: run-mas-cli - image: quay.io/ibmmas/cli:latest + image: quay.io/ibmmas/cli:11.12.0 script: | #!/usr/bin/env bash export MAS_INSTANCE_ID=$(params.mas-instance-id) @@ -1044,7 +1046,7 @@ spec: - name: uds-lastname steps: - name: run-mas-cli - image: quay.io/ibmmas/cli:latest + image: quay.io/ibmmas/cli:11.12.0 script: | #!/usr/bin/env bash export MAS_INSTANCE_ID=$(params.mas-instance-id) @@ -1100,7 +1102,7 @@ spec: - name: rwo-storageclass steps: - name: run-mas-cli - image: quay.io/ibmmas/cli:latest + image: quay.io/ibmmas/cli:11.12.0 script: | #!/usr/bin/env bash export MAS_INSTANCE_ID=$(params.mas-instance-id) @@ -1146,7 +1148,7 @@ spec: - name: mas-channel steps: - name: run-mas-cli - image: quay.io/ibmmas/cli:latest + image: quay.io/ibmmas/cli:11.12.0 script: | #!/usr/bin/env bash export MAS_INSTANCE_ID=$(params.mas-instance-id) @@ -1220,7 +1222,7 @@ spec: - name: cpd-admin-password steps: - name: run-mas-cli - image: quay.io/ibmmas/cli:latest + image: quay.io/ibmmas/cli:11.12.0 script: | #!/usr/bin/env bash @@ -1285,6 +1287,8 @@ spec: value: "$(params.artifactory_username)" - name: artifactory_token value: "$(params.artifactory_token)" + - name: rwo-storageclass + value: "$(params.rwo-storageclass)" - name: mas_airbroker_watsonxai_apikey value: "$(params.mas_airbroker_watsonxai_apikey)" - name: mas_airbroker_watsonxai_url @@ -1305,6 +1309,7 @@ spec: - name: uds-email - name: artifactory_username - name: artifactory_token + - name: rwo-storageclass - name: mas_airbroker_watsonxai_apikey - name: mas_airbroker_watsonxai_url - name: mas_airbroker_watsonxai_project_id @@ -1312,7 +1317,7 @@ spec: steps: - name: run-mas-cli - image: quay.io/ibmmas/cli:latest + image: quay.io/ibmmas/cli:11.12.0 script: | #!/usr/bin/env bash @@ -1323,8 +1328,10 @@ spec: # Update namespace "mas-inst1-aibroker" in maridb-np.yml # download files form github repo or other location - export MINIO_FOLDER="https://raw.githubusercontent.com/zxue/deploy-maximo-aibroker/main/minio/" - export MARIADB_FOLDER="https://raw.githubusercontent.com/zxue/deploy-maximo-aibroker/main/mariadb/" + #export MINIO_FOLDER="https://raw.githubusercontent.com/zxue/deploy-maximo-aibroker/main/minio/" + #export MARIADB_FOLDER="https://raw.githubusercontent.com/zxue/deploy-maximo-aibroker/main/mariadb/" + export MINIO_FOLDER="https://raw.githubusercontent.com/cloud-native-toolkit/deployer-mas-cli/main/minio/" + export MARIADB_FOLDER="https://raw.githubusercontent.com/cloud-native-toolkit/deployer-mas-cli/main/mariadb/" wget -qO - "$MINIO_FOLDER"kustomization.yaml > $(workspaces.ws.path)/masconfig/minio/kustomization.yaml wget -qO - "$MINIO_FOLDER"minio.yaml > $(workspaces.ws.path)/masconfig/minio/minio.yaml @@ -1339,6 +1346,10 @@ spec: wget -qO - "$MARIADB_FOLDER"mariadb-secret.yml > $(workspaces.ws.path)/masconfig/mariadb/mariadb-secret.yml wget -qO - "$MARIADB_FOLDER"mariadb-service.yml > $(workspaces.ws.path)/masconfig/mariadb/mariadb-service.yml + # config env variables to mariadb yml files + export MAS_INSTANCE_ID=$(params.mas-instance-id) + export MAS_AIBROKER_STORAGE_CLASS=$(params.rwo-storageclass) + # run oc command lines to create minio storage and mariadb cd $(workspaces.ws.path)/masconfig chmod 777 $(workspaces.ws.path)/masconfig/mariadb/mariadb-deploy.sh @@ -1352,7 +1363,7 @@ spec: export MAS_ICR_CPOPEN="docker-na-public.artifactory.swg-devops.com/wiotp-docker-local/cpopen" #MAS - export MAS_INSTANCE_ID=$(params.mas-instance-id) + #export MAS_INSTANCE_ID=$(params.mas-instance-id) export MAS_ENTITLEMENT_USERNAME=$(params.uds-email) export MAS_ENTITLEMENT_KEY=$(cat $(workspaces.ws.path)/ek.dat) @@ -1374,7 +1385,8 @@ spec: export MAS_AIBROKER_WATSONXAI_PROJECT_ID=$(params.mas_airbroker_watsonxai_project_id) export MAS_AIBROKER_CHANNEL=$(params.mas_aibroker_channel) - # database + # mariadb database + #export MAS_AIBROKER_STORAGE_CLASS=$(params.rwo-storageclass) export MAS_AIBROKER_DB_HOST="mariadb-instance.mariadb.svc.cluster.local" export MAS_AIBROKER_DB_PORT="3306" export MAS_AIBROKER_DB_USER="mariadb" diff --git a/mariadb/mariadb-deploy.sh b/mariadb/mariadb-deploy.sh new file mode 100755 index 0000000..4b4a607 --- /dev/null +++ b/mariadb/mariadb-deploy.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +oc apply -f mariadb/mariadb-ns.yml +oc process -f mariadb/mariadb-pvc.yml -p=MAS_AIBROKER_STORAGE_CLASS=$MAS_AIBROKER_STORAGE_CLASS | oc apply -f - +oc apply -f mariadb/mariadb-sa.yml +oc process -f mariadb/mariadb-np.yml -p=MAS_INSTANCE_ID=$MAS_INSTANCE_ID | oc apply -f - +oc apply -f mariadb/mariadb-secret.yml +oc apply -f mariadb/mariadb-deployment.yml +oc apply -f mariadb/mariadb-service.yml diff --git a/mariadb/mariadb-deployment.yml b/mariadb/mariadb-deployment.yml new file mode 100644 index 0000000..12de05c --- /dev/null +++ b/mariadb/mariadb-deployment.yml @@ -0,0 +1,80 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: mariadb-instance + namespace: mariadb + labels: + app: mariadb-instance + component: data-science-pipelines + dspa: instance +spec: + strategy: + type: Recreate + selector: + matchLabels: + app: mariadb-instance + component: data-science-pipelines + dspa: instance + template: + metadata: + labels: + app: mariadb-instance + component: data-science-pipelines + dspa: instance + spec: + serviceAccountName: ds-pipelines-mariadb-sa-instance + containers: + - name: mariadb + image: registry.redhat.io/rhel8/mariadb-103:1-188 + ports: + - containerPort: 3306 + readinessProbe: + exec: + command: + - /bin/sh + - "-i" + - "-c" + - >- + MYSQL_PWD=$MYSQL_PASSWORD mysql -h 127.0.0.1 -u $MYSQL_USER -D + $MYSQL_DATABASE -e 'SELECT 1' + failureThreshold: 3 + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + livenessProbe: + failureThreshold: 3 + initialDelaySeconds: 30 + periodSeconds: 10 + successThreshold: 1 + tcpSocket: + port: 3306 + timeoutSeconds: 1 + env: + - name: MYSQL_USER + value: "mariadb" + - name: MYSQL_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: "ds-pipeline-db-instance" + - name: MYSQL_DATABASE + value: "kmpipeline" + - name: MYSQL_ALLOW_EMPTY_PASSWORD + value: "true" + resources: + requests: + cpu: 300m + memory: 800Mi + limits: + cpu: "1" + memory: 1Gi + volumeMounts: + - name: mariadb-persistent-storage + mountPath: /var/lib/mysql + volumes: + - name: mariadb-persistent-storage + persistentVolumeClaim: + claimName: mariadb-pvc + # emptyDir: {} \ No newline at end of file diff --git a/mariadb/mariadb-np.yml b/mariadb/mariadb-np.yml new file mode 100644 index 0000000..a29680d --- /dev/null +++ b/mariadb/mariadb-np.yml @@ -0,0 +1,45 @@ +apiVersion: template.openshift.io/v1 +kind: Template +metadata: + name: np + namespace: mariadb +parameters: + - name: MAS_INSTANCE_ID +objects: +- apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + metadata: + name: mariadb-instance + namespace: mariadb + spec: + podSelector: + matchLabels: + app: mariadb-instance + component: data-science-pipelines + ingress: + - ports: + - protocol: TCP + port: 3306 + from: + - podSelector: + matchLabels: + app.kubernetes.io/name: data-science-pipelines-operator + namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: opendatahub + - podSelector: + matchLabels: + app: ds-pipeline-instance + component: data-science-pipelines + namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: "mas-${MAS_INSTANCE_ID}-aibroker" + - podSelector: + matchLabels: + app: ds-pipeline-metadata-grpc-instance + component: data-science-pipelines + namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: "mas-${MAS_INSTANCE_ID}-aibroker" + policyTypes: + - Ingress \ No newline at end of file diff --git a/mariadb/mariadb-ns.yml b/mariadb/mariadb-ns.yml new file mode 100644 index 0000000..471d1e3 --- /dev/null +++ b/mariadb/mariadb-ns.yml @@ -0,0 +1,5 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: mariadb \ No newline at end of file diff --git a/mariadb/mariadb-pvc.yml b/mariadb/mariadb-pvc.yml new file mode 100644 index 0000000..6e8bbc9 --- /dev/null +++ b/mariadb/mariadb-pvc.yml @@ -0,0 +1,24 @@ +kind: Template +apiVersion: template.openshift.io/v1 +metadata: + name: pvc-template + namespace: mariadb +parameters: + - name: MAS_AIBROKER_STORAGE_CLASS +objects: + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: mariadb-pvc + namespace: mariadb + labels: + app: mariadb-instance + component: data-science-pipelines + spec: + accessModes: + - ReadWriteOnce + storageClassName: "${MAS_AIBROKER_STORAGE_CLASS}" + resources: + requests: + storage: 20Gi + volumeMode: Filesystem \ No newline at end of file diff --git a/mariadb/mariadb-sa.yml b/mariadb/mariadb-sa.yml new file mode 100644 index 0000000..def6861 --- /dev/null +++ b/mariadb/mariadb-sa.yml @@ -0,0 +1,9 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ds-pipelines-mariadb-sa-instance + namespace: mariadb + labels: + app: mariadb-instance + component: data-science-pipelines \ No newline at end of file diff --git a/mariadb/mariadb-secret.yml b/mariadb/mariadb-secret.yml new file mode 100644 index 0000000..c8b2e79 --- /dev/null +++ b/mariadb/mariadb-secret.yml @@ -0,0 +1,9 @@ +--- +kind: Secret +apiVersion: v1 +metadata: + name: ds-pipeline-db-instance + namespace: mariadb +data: + password: bWFyaWFkYg== +type: Opaque diff --git a/mariadb/mariadb-service.yml b/mariadb/mariadb-service.yml new file mode 100644 index 0000000..846b30c --- /dev/null +++ b/mariadb/mariadb-service.yml @@ -0,0 +1,18 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: mariadb-instance + namespace: mariadb + labels: + app: mariadb-instance + component: data-science-pipelines +spec: + ports: + - name: http + port: 3306 + protocol: TCP + targetPort: 3306 + selector: + app: mariadb-instance + component: data-science-pipelines \ No newline at end of file diff --git a/minio/kustomization.yaml b/minio/kustomization.yaml new file mode 100644 index 0000000..94ca3a2 --- /dev/null +++ b/minio/kustomization.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +namespace: minio + +resources: + - pvc.yaml + - minio.yaml \ No newline at end of file diff --git a/minio/minio.yaml b/minio/minio.yaml new file mode 100644 index 0000000..8102086 --- /dev/null +++ b/minio/minio.yaml @@ -0,0 +1,107 @@ +# https://min.io/docs/minio/kubernetes/openshift/index.html +# https://github.com/kubernetes/examples/tree/master/staging/storage/minio +--- +# Deploys a new Namespace for the MinIO Pod +apiVersion: v1 +kind: Namespace +metadata: + name: minio +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: minio +spec: + selector: + matchLabels: + app: minio + template: + metadata: + labels: + # Label is used as selector in the service. + app: minio + spec: + volumes: + - name: storage + persistentVolumeClaim: + claimName: minio-pvc + containers: + - name: minio + image: quay.io/minio/minio:latest + command: + - /bin/bash + - -c + args: + - minio server /data --console-address :9090 + env: + - name: MINIO_ROOT_USER + value: minio123 + - name: MINIO_ROOT_PASSWORD + value: minio123 + volumeMounts: + - mountPath: /data + name: storage +--- +# apiVersion: v1 +# kind: Pod +# metadata: +# labels: +# app: minio +# name: minio +# namespace: minio +# spec: +# containers: +# - name: minio +# image: quay.io/minio/minio:latest +# command: +# - /bin/bash +# - -c +# args: +# - minio server /data --console-address :9090 +# volumeMounts: +# - mountPath: /data +# name: storage +# env: +# - name: MINIO_ROOT_USER +# value: minio123 +# - name: MINIO_ROOT_PASSWORD +# value: minio123 +# volumes: +# - name: storage +# persistentVolumeClaim: +# claimName: minio-pvc +--- +apiVersion: v1 +kind: Service +metadata: + name: minio-service + namespace: minio +spec: + type: ClusterIP + ports: + - name: api + port: 9000 + targetPort: 9000 + protocol: TCP + - name: console + port: 9090 + targetPort: 9090 + protocol: TCP + selector: + app: minio +--- +kind: Route +apiVersion: route.openshift.io/v1 +metadata: + name: minio-route + namespace: minio +spec: + to: + kind: Service + name: minio-service + weight: 100 + port: + targetPort: 9090 + tls: + termination: edge + insecureEdgeTerminationPolicy: None \ No newline at end of file diff --git a/minio/pvc.yaml b/minio/pvc.yaml new file mode 100644 index 0000000..6a11bf1 --- /dev/null +++ b/minio/pvc.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: minio-pvc + namespace: minio +spec: + accessModes: + - ReadWriteOnce + volumeMode: Filesystem + resources: + requests: + storage: 40Gi \ No newline at end of file