Red Hat SummitManaging model registries
Managing model registries in Red Hat OpenShift AI Self-Managed
Abstract
Preface
As an OpenShift AI administrator, you can create, delete, and manage permissions for model registries in OpenShift AI.
Chapter 1. Overview of model registries
Model registry is currently available in Red Hat OpenShift AI 2.19 as a Technology Preview feature. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.
For more information about the support scope of Red Hat Technology Preview features, see Technology Preview Features Support Scope.
A model registry is an important component in the lifecycle of an artificial intelligence/machine learning (AI/ML) model, and a vital part of any machine learning operations (MLOps) platform or ML workflow. A model registry acts as a central repository, holding metadata related to machine learning models from inception to deployment. This metadata ranges from high-level information like the deployment environment and project origins, to intricate details like training hyperparameters, performance metrics, and deployment events. A model registry acts as a bridge between model experimentation and serving, offering a secure, collaborative metadata store interface for stakeholders of the ML lifecycle.
Model registries provide a structured and organized way to store, share, version, deploy, and track models.
To use model registries in OpenShift AI, an OpenShift cluster administrator must configure the model registry component. For more information, see Configuring the model registry component.
After the model registry component is configured, an OpenShift AI administrator can create model registries in OpenShift AI and grant model registry access to the data scientists that will work with them. For more information, see Managing model registries.
Data scientists with access to a model registry can store, share, version, deploy, and track models using the model registry feature. For more information, see Working with model registries.
Chapter 2. Creating a model registry
You can create a model registry to store, share, version, deploy, and track your models.
Prerequisites
- You have logged in to OpenShift AI as a user with OpenShift AI administrator privileges.
- A cluster administrator has configured and enabled the model registry component in your OpenShift AI deployment. For more information, see Configuring the model registry component.
- The model registry component is enabled for your OpenShift AI deployment.
You have access to an external MySQL database which uses at least MySQL version 5.x. However, Red Hat recommends that you use MySQL version 8.x.
NoteThe
mysql_native_passwordauthentication plugin is required for the ML Metadata component to successfully connect to your database.mysql_native_passwordis disabled by default in MySQL 8.4 and later. If your database uses MySQL 8.4 or later, you must update your MySQL deployment to enable themysql_native_passwordplugin.For more information about enabling the
mysql_native_passwordplugin, see Native Pluggable Authentication in the MySQL documentation.By default, the OpenShift MySQL template uses the
caching_sha2_passwordauthentication plugin. If you used the OpenShift template for MySQL, you must manually update it to usemysql_native_passwordfor the model registry to connect to your database instance successfully. For more information, see the Model registry fails to connect to MySQL database due to an authentication plugin mismatch Knowledgebase solution.
Procedure
- From the OpenShift AI dashboard, click Settings → Model registry settings.
Click Create model registry.
The Create model registry dialog opens.
- In the Name field, enter a name for the model registry.
Optional: Click Edit resource name, and then enter a specific resource name for the model registry in the Resource name field. By default, the resource name will match the name of the model registry.
ImportantResource names are what your resources are labeled as in OpenShift. Your resource name cannot exceed 253 characters, must consist of lowercase alphanumeric characters or -, and must start and end with an alphanumeric character. Resource names are not editable after creation.
The resource name must not match the name of any other model registry resource in your OpenShift cluster.
- Optional: In the Description field, enter a description for the model registry.
In the Connect to external MySQL database section, enter the information for the external database where your model data is stored.
In the Host field, enter the database’s host name.
-
If the database is running in the
rhoai-model-registriesnamespace, enter only the hostname for the database. -
If the database is running in a different namespace from
rhoai-model-registries, enter the database hostname details in<host name>.<namespace>.svc.cluster.localformat.
-
If the database is running in the
- In the Port field, enter the port number for the database.
- In the Username field, enter the default user name that is connected to the database.
- In the Password field, enter the password for the default user account.
- In the Database field, enter the database name.
Optional: Select the Add CA certificate to secure database connection to use a certificate with your database connection.
-
Click Use cluster-wide CA bundle to use the
ca-bundle.crtbundle in theodh-trusted-ca-bundleConfigMap. -
Click Use Red Hat OpenShift AI CA bundle to use the
odh-ca-bundle.crtbundle in theodh-trusted-ca-bundleConfigMap. Click Choose from existing certificates to select an existing certificate. You can select the key of any ConfigMap or secret in the
rhoai-model-registriesnamespace.- From the Resource list, select a ConfigMap or secret.
- From the Key list, select a key.
Click Upload new certificate to upload a new certificate as a ConfigMap.
Drag and drop the PEM file for your certificate into the Certificate field, or click Upload to select a file from your local machine’s file system.
NoteUploading a certificate creates the
db-credentialConfigMap with theca.crtkey.To upload a certificate as a secret, you must create a secret in the OpenShift
rhoai-model-registriesnamespace, and then select it as an existing certificate when you create your model registry.For more information about creating secrets in OpenShift, see Providing sensitive data to pods by using secrets.
-
Click Use cluster-wide CA bundle to use the
- Click Create.
To find the resource name or type of a model registry, click the help icon
beside the registry name. Resource names and types are used to find your resources in OpenShift.
Verification
- The new model registry appears on the Model registry settings page.
- You can edit the model registry by clicking the action menu (⋮) beside it, and then clicking Edit model registry.
- You can register a model with the model registry from the Model registry tab. For more information about working with model registries, see Working with model registries.
Chapter 3. Editing a model registry
You can edit the details of existing model registries, such as the model registry name, description, and database connection details.
Prerequisites
- You have logged in to OpenShift AI as a user with OpenShift AI administrator privileges.
- A cluster administrator has configured and enabled the model registry component in your OpenShift AI deployment. For more information, see Configuring the model registry component.
- The model registry component is enabled for your OpenShift AI deployment, and contains at least 1 model registry.
Procedure
- From the OpenShift AI dashboard, click Settings → Model registry settings.
Click the action menu (⋮) beside the model registry that you want to edit, and then click Edit model registry.
The Edit model registry dialog opens.
- Optional: In the Name field, edit the name of the model registry.
- Optional: In the Description field, edit the description of the model registry.
Optional: In the Connect to external MySQL database section, edit the information for the external database where model data for the registry is stored.
In the Host field, enter the database’s host name.
-
If the database is running in the
rhoai-model-registriesnamespace, enter only the hostname for the database. -
If the database is running in a different namespace from
rhoai-model-registries, enter the database hostname details in<host name>.<namespace>.svc.cluster.localformat.
-
If the database is running in the
- In the Port field, enter the port number for the database.
- In the Username field, enter the default user name that is connected to the database.
- In the Password field, enter the password for the default user account.
- In the Database field, enter the database name.
Optional: Select the Add CA certificate to secure database connection to use a certificate with your database connection.
-
Click Use cluster-wide CA bundle to use the
ca-bundle.crtbundle in theodh-trusted-ca-bundleConfigMap. -
Click Use Red Hat OpenShift AI CA bundle to use the
odh-ca-bundle.crtbundle in theodh-trusted-ca-bundleConfigMap. Click Choose from existing certificates to select an existing certificate. You can select the key of any ConfigMap or secret in the
rhoai-model-registriesnamespace.- From the Resource list, select a ConfigMap or secret.
- From the Key list, select a key.
Click Upload new certificate to upload a new certificate as a ConfigMap.
Drag and drop the PEM file for your certificate into the Certificate field, or click Upload to select a file from your local machine’s file system.
NoteUploading a certificate creates the
db-credentialConfigMap with theca.crtkey.To upload a certificate as a secret, you must create a secret in the OpenShift
rhoai-model-registriesnamespace, and then select it as an existing certificate when you create your model registry.For more information about creating secrets in OpenShift, see Providing sensitive data to pods by using secrets.
-
Click Use cluster-wide CA bundle to use the
- Click Update.
Verification
- The model registry appears with updated details on the Model registry settings page.
Chapter 4. Managing model registry permissions
You can manage access to a model registry for individual users and user groups in your organization, and for service accounts in a project.
OpenShift AI creates the <model-registry-name>-users group automatically for use with model registries. You can add users to this group in OpenShift, or ask the cluster admin to do so.
Prerequisites
- You have logged in to OpenShift AI as a user with OpenShift AI administrator privileges.
- An available model registry exists in your deployment.
- The users and groups that you want to provide access to already exist in OpenShift. For more information, see Managing users and groups.
Procedure
- From the OpenShift AI dashboard, click Settings → Model registry settings.
Click Manage permissions beside the model registry that you want to manage access for.
The permissions page for the model registry opens.
Provide one or more OpenShift groups with access to the project.
- On the Users tab, in the Groups section, click Add group.
From the Select a group drop-down list, select a group.
NoteTo enable access for all cluster users, add
system:authenticatedto the group list.-
To confirm your entry, click Confirm (
).
- Optional: To add an additional group, click Add group and repeat the process.
Provide one or more users with access to the model registry.
- On the Users tab, in the Users section, click Add user.
- In the Type username field, enter the username of the user to whom you want to provide access.
-
To confirm your entry, click Confirm (
).
- Optional: To add an additional user, click Add user and repeat the process.
Provide all service accounts in a project with access to the model registry.
- On the Projects tab, in the Projects section, click Add project.
- In the Select or enter a project field, select or enter the name of the project to which you want to provide access.
-
To confirm your entry, click Confirm (
).
- Optional: To add an additional project, click Add project and repeat the process.
Verification
- Users, groups, and accounts that were granted access to a model registry can register, view, edit, version, deploy, delete, archive, and restore models in that registry.
- The Users and Groups sections on the Permissions tab show the respective users and groups that you granted access to the model registry.
- The Projects sections on the Projects tab show the projects that you granted access to the model registry.
After you provide access to a model registry, users with access can store, share, version, deploy, and track models using the model registry feature. For more information, see Working with model registries.
Chapter 5. Deleting a model registry
You can delete model registries that you no longer require.
When you delete a model registry, databases connected to the model registry will not be removed. To remove any remaining databases, contact your cluster administrator.
Prerequisites
- You have logged in to OpenShift AI as a user with OpenShift AI administrator privileges.
- An available model registry exists in your deployment.
Procedure
- From the OpenShift AI dashboard, click Settings → Model registry settings.
- Click the action menu (⋮) beside the model registry that you want to delete.
- Click Delete model registry.
- In the Delete model registry? dialog that appears, enter the name of the model registry in the text field to confirm that you intend to delete it.
- Click Delete model registry.
Verification
- The model registry no longer appears on the Model registry settings page.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}