Red Hat SummitDieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.
Chapter 2. Setting up OpenShift AI Connector for Red Hat Developer Hub with Red Hat OpenShift AI
The installation of the OpenShift AI Connector for Red Hat Developer Hub requires manual updates to RHDH-related Kubernetes resources.
RHOAI Prerequisites
To import model cards from the model catalog into TechDocs, you must use RHOAI 2.25.
NoteIf you upgraded to RHOAI 2.25 from an earlier version, you must manually enable the model catalog dashboard and model registry before you can import model cards.
- If you used the model catalog in earlier versions of RHOAI, TechDocs propagation does not work for any models you registered into the model registry while at those earlier versions; only models registered into model registry from a RHOAI 2.25 model catalog have their model cards transferred to RHDH as TechDocs.
- For the rest of the features, version 2.20 or later suffices. Enabling model registry and its associated dashboard allows for a user experience that more directly allows for customizing AI Model metadata. For best overall experience, RHOAI 2.25 is recommended.
For more details, see Enabling the model registry component.
Procedure
Configure RHOAI-related RBAC and credentials. A Kubernetes
ServiceAccountand aservice-account-tokenSecret are required for the connector to retrieve data from RHOAI. The following resources must be created, replacing namespace names (ai-rhdhfor RHDH,rhoai-model-registriesfor RHOAI) as needed:ServiceAccount(rhdh-rhoai-connector). For example:apiVersion: v1 kind: ServiceAccount metadata: name: rhdh-rhoai-connector namespace: ai-rhdhClusterRoleandClusterRoleBinding(rhdh-rhoai-connector) to allow access to OCP resources likeroutes,services, andinferenceservices. For example:# Example for `ClusterRole` apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: rhdh-rhoai-connector annotations: argocd.argoproj.io/sync-wave: "0" rules: - apiGroups: - apiextensions.k8s.io resources: - customresourcedefinitions verbs: - get - apiGroups: - route.openshift.io resources: - routes verbs: - get - list - watch - apiGroups: [""] resources: - serviceaccounts - services verbs: - get - list - watch - apiGroups: ["serving.kserve.io"] resources: ["inferenceservices"] verbs: ["get", "list", "watch"]# Example for `ClusterRoleBinding` apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: rhdh-rhoai-connector roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: rhdh-rhoai-connector subjects: - kind: ServiceAccount name: rhdh-rhoai-connector namespace: ai-rhdhRoleandRoleBindingto allow ConfigMap updates within the RHDH namespace (ai-rhdh). For example:# Example for `Role` and `Rolebinding` in the {product-very-short} namespace (`ai-rhdh`) apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: rhdh-rhoai-connector namespace: ai-rhdh rules: - apiGroups: [""] resources: ["configmaps"] verbs: ["get", "list", "watch", "create", "update", "patch"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: rhdh-rhoai-connector namespace: ai-rhdh roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: rhdh-rhoai-connector subjects: - kind: ServiceAccount name: rhdh-rhoai-connector namespace: ai-rhdhRoleBindingin the RHOAI namespace (rhoai-model-registries) to grant the RHDHServiceAccountread permissions to the model registry data (binding toregistry-user-modelregistry-public).# Example for `RoleBinding` in the {rhoai-short} namespace (rhoai-model-registries) apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: # if using ODH then change rhoai to odh in the name and namespace here name: rhdh-rhoai-dashboard-permissions # namespace: odh-model-registries namespace: rhoai-model-registries roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: registry-user-modelregistry-public subjects: - apiGroup: rbac.authorization.k8s.io kind: Group name: system:serviceaccounts:ai-rhdhSecret (
rhdh-rhoai-connector-token) of typekubernetes.io/service-account-tokenthat goes along with therhdh-rhoai-connectorServiceAccount.apiVersion: v1 kind: Secret metadata: name: rhdh-rhoai-connector-token namespace: ai-rhdh annotations: kubernetes.io/service-account.name: rhdh-rhoai-connector type: kubernetes.io/service-account-token
Update your RHDH dynamic plugin configuration. The RHDH Pod requires two dynamic plugins.
In your RHDH dynamic plugins ConfigMap, add the following code:
plugins: - disabled: false package: oci://ghcr.io/redhat-developer/rhdh-plugin-export-overlays/red-hat-developer-hub-backstage-plugin-catalog-backend-module-model-catalog:bs_1.42.5__0.7.0!red-hat-developer-hub-backstage-plugin-catalog-backend-module-model-catalog - disabled: false package: oci://ghcr.io/redhat-developer/rhdh-plugin-export-overlays/red-hat-developer-hub-backstage-plugin-catalog-techdoc-url-reader-backend:bs_1.42.5__0.3.0!red-hat-developer-hub-backstage-plugin-catalog-techdoc-url-reader-backend
Add the
Connectorsidecar containers to the RHDH Pod.- If RHDH was installed using the Operator, modify your RHDH custom resource (CR) instance.
- If RHDH was installed using the Helm charts, modify the Deployment specification.
-
The system relies on three sidecar containers (OpenShift AI Connector for Red Hat Developer Hub) running alongside the
backstage-backendcontainer.
Add these sidecar containers to your configuration referencing the rhdh-rhoai-connector-token Secret: location: Provides the REST API for RHDH plugins to fetch model metadata. storage-rest: Maintains a cache of AI Model metadata in a ConfigMap called bac-import-model. ** rhoai-normalizer: Acts as a Kubernetes controller and RHOAI client, normalizing RHOAI metadata for the connector. The following code block is an example:
+
spec:
template:
spec:
containers:
- env:
- name: NORMALIZER_FORMAT
value: JsonArrayFormat
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
envFrom:
- secretRef:
name: rhdh-rhoai-connector-token
image: quay.io/redhat-ai-dev/model-catalog-location-service@sha256:c4471e07be6e0dbe821613053e6264a552cacda7f8604dbf306e6ac9e81e8ab9
imagePullPolicy: Always
name: location
ports:
- containerPort: 9090
name: location
protocol: TCP
volumeMounts:
- mountPath: /opt/app-root/src/dynamic-plugins-root
name: dynamic-plugins-root
workingDir: /opt/app-root/src
- env:
- name: NORMALIZER_FORMAT
value: JsonArrayFormat
- name: STORAGE_TYPE
value: ConfigMap
- name: BRIDGE_URL
value: http://localhost:9090
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
envFrom:
- secretRef:
name: rhdh-rhoai-connector-token
image: quay.io/redhat-ai-dev/model-catalog-storage-rest@sha256:398095e7469e86d84b1196371286363f4b7668aa3e26370b4d78cb8d4ace1dc9
imagePullPolicy: Always
name: storage-rest
volumeMounts:
- mountPath: /opt/app-root/src/dynamic-plugins-root
name: dynamic-plugins-root
workingDir: /opt/app-root/src
- env:
- name: NORMALIZER_FORMAT
value: JsonArrayFormat
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
envFrom:
- secretRef:
name: rhdh-rhoai-connector-token
image: quay.io/redhat-ai-dev/model-catalog-rhoai-normalizer@sha256:9f19742450a3a9c6d9c01d8341a20db7eb5a52a39348f488ae06b6aa49754a26
imagePullPolicy: Always
name: rhoai-normalizer
volumeMounts:
- mountPath: /opt/app-root/src/dynamic-plugins-root
name: dynamic-plugins-root
workingDir: /opt/app-root/src
args:
- '--metrics-address=:8081'Enable
Connectorin yourRHDHapp-config.yamlfile. In yourBackstage `app-config.extra.yamlfile, configureEntity Providerunder thecatalog.providerssection:providers: modelCatalog: development: baseUrl: http://localhost:9090where:
modelCatalog- Specifies the name of the provider.
development-
Defines future connector capability beyond a single
baseUrl. baseUrl- For Developer Preview, this value is the only one supported. Future releases might support external routes.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}