update: rhods demo

components/configs/kustomized/minio/data-connector-rb.yaml

@@ -0,0 +1,15 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-wave: "1"
+  name: data-connector-setup-edit
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: edit
+subjects:
+- kind: ServiceAccount
+  name: data-connector-setup
+  namespace: ds-group-project

components/configs/kustomized/minio/kustomization.yaml

@@ -11,10 +11,11 @@ commonLabels:
   # app.kubernetes.io/part-of: minio
 
 resources:
+- data-connector-rb.yaml
 - deployment.yaml
 - namespace.yaml
 - pvc.yaml
 - route.yaml
-- secret.yaml
+# - secret.yaml
 - service.yaml
-# - setup-job.yaml
+- setup-root-user-job.yaml

components/configs/kustomized/minio/setup-job.yaml → components/configs/kustomized/minio/setup-root-user-job.yaml

@@ -15,24 +15,33 @@ spec:
       - name: create-minio-root-user
         image: image-registry.openshift-image-registry.svc:5000/openshift/tools:latest
         imagePullPolicy: IfNotPresent
+        env:
+          - name: SECRET_NAME
+            value: minio-root-user
         command: ["/bin/bash"]
         args:
         - -ec
         - |-
+          # FORCE=true
+
           if [ -n "$(oc get secret minio-root-user -o name 2>/dev/null)" ]; then
-            echo "Secret already exists. Skipping." >&2
-            exit 0
+            echo "Secret already exists."
+            [ -z ${FORCE+x} ] && exit 0
+            echo "Forcing creation."
           fi
+
           genpass() {
               < /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c"${1:-32}"
           }
+
           id=$(genpass 16)
           secret=$(genpass)
+
           cat << EOF | oc apply -f-
           apiVersion: v1
           kind: Secret
           metadata:
-            name: minio-root-user
+            name: ${SECRET_NAME}
           type: Opqaue
           stringData:
             MINIO_ROOT_USER: ${id}

components/configs/kustomized/rhods-data-connector/create-data-connection-job.yaml

@@ -0,0 +1,88 @@
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-wave: "1"
+  name: create-data-connection
+spec:
+  backoffLimit: 4
+  template:
+    spec:
+      serviceAccount: data-connector-setup
+      serviceAccountName: data-connector-setup
+      containers:
+      - name: create-data-connection
+        image: image-registry.openshift-image-registry.svc:5000/openshift/tools:latest
+        imagePullPolicy: IfNotPresent
+        env:
+          - name: MINIO_SECRET_NAME
+            value: minio-root-user
+          - name: MINIO_NAMESPACE
+            value: minio
+          - name: DATA_CONNECTION_NAME
+            value: aws-connection-minio
+          - name: AWS_DEFAULT_REGION
+            value: us
+          - name: AWS_S3_ENDPOINT
+            value: http://minio.minio.svc:9000
+          - name: AWS_S3_BUCKET
+            value: serving-demo
+        command: ["/bin/bash"]
+        args:
+        - -ec
+        - |
+          echo "MINIO_NAMESPACE: ${MINIO_NAMESPACE}"
+          echo -n "Waiting for secret ${MINIO_SECRET_NAME}."
+
+          while [ -z "$(oc get secret -n minio ${MINIO_SECRET_NAME} -o name 2>/dev/null)" ]; do
+            echo -n '.'
+            sleep 1
+          done; echo
+
+          id=$(oc get secret -n minio ${MINIO_SECRET_NAME} -o go-template='{{.data.MINIO_ROOT_USER|base64decode}}')
+          secret=$(oc get secret -n minio ${MINIO_SECRET_NAME} -o go-template='{{.data.MINIO_ROOT_PASSWORD|base64decode}}')
+
+          echo "Creating secret ${DATA_CONNECTION_NAME}"
+          cat << EOF | oc apply -f-
+          apiVersion: v1
+          kind: Secret
+          metadata:
+            name: ${DATA_CONNECTION_NAME}
+            labels:
+              opendatahub.io/dashboard: "true"
+              opendatahub.io/managed: "true"
+            annotations:
+              opendatahub.io/connection-type: s3
+              openshift.io/display-name: Minio
+          type: Opaque
+          stringData:
+            AWS_ACCESS_KEY_ID: ${id}
+            AWS_SECRET_ACCESS_KEY: ${secret}
+            AWS_DEFAULT_REGION: ${AWS_DEFAULT_REGION}
+            AWS_S3_ENDPOINT: ${AWS_S3_ENDPOINT}
+            AWS_S3_BUCKET: ${AWS_S3_BUCKET}
+          EOF
+      restartPolicy: Never
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-wave: "1"
+  name: data-connector-setup
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-wave: "1"
+  name: data-connector-setup-edit
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: edit
+subjects:
+- kind: ServiceAccount
+  name: data-connector-setup
+  namespace: ds-group-project

components/configs/kustomized/rhods-data-connector/kustomization.yaml

@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: ds-group-project
+
+resources:
+  - create-data-connection-job.yaml

components/configs/kustomized/notebook/notebook.yaml → components/configs/kustomized/rhods-notebook/base/notebook.yaml

@@ -7,15 +7,14 @@ metadata:
     notebooks.opendatahub.io/last-image-selection: 'tensorflow:2023.1'
     notebooks.opendatahub.io/last-size-selection: Small
     notebooks.opendatahub.io/oauth-logout-url: https://rhods-dashboard-redhat-ods-applications.apps.cluster-xx7jv.xx7jv.sandbox1365.opentlc.com/projects/pipelines-tutorial?notebookLogout=science
-    opendatahub.io/username: opentlc-mgr
+    opendatahub.io/username: user
     openshift.io/description: ""
-    openshift.io/display-name: Notebook
+    openshift.io/display-name: Science Notebook
   labels:
     app: science
     opendatahub.io/dashboard: "true"
     opendatahub.io/odh-managed: "true"
   name: science
-  namespace: pipelines-tutorial
 spec:
   template:
     spec:
@@ -43,7 +42,7 @@ spec:
           value: image-registry.openshift-image-registry.svc:5000/redhat-ods-applications/tensorflow:2023.1
         envFrom:
         - secretRef:
-            name: minio-connection
+            name: aws-connection-minio
         image: image-registry.openshift-image-registry.svc:5000/redhat-ods-applications/tensorflow:2023.1
         imagePullPolicy: Always
         livenessProbe:

components/configs/kustomized/rhods-notebook/kustomization.yaml

@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+- overlays/default

components/configs/kustomized/rhods-notebook/overlays/default/kustomization.yaml

@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: ds-group-project
+
+resources:
+- ../../base

demos/rhods/kustomization.yaml

@@ -9,6 +9,8 @@ resources:
   - ../../components/configs/kustomized/rhods-projects
   - ../../components/configs/kustomized/rhods-model-runtimes
   # - ../../components/configs/kustomized/rhods-model-instances
+  - ../../components/configs/kustomized/rhods-notebook
+  - ../../components/configs/kustomized/rhods-data-connector
   - ../../components/configs/kustomized/custom-notebook-images/overlays/rhods
   - ../../components/configs/kustomized/minio