红帽全球峰会第 2 章 使用 Red Hat OpenShift AI 为 Red Hat Developer Hub 设置 OpenShift AI 连接器
Red Hat Developer Hub 安装 OpenShift AI Connector 需要手动更新与 RHDH 相关的 Kubernetes 资源。
RHOAI 先决条件
要将模型目录中的模型卡导入到 TechDocs 中,您必须使用 RHOAI 2.25。
注意如果您从早期版本升级到 RHOAI 2.25,则必须在导入模型卡前手动启用模型目录仪表板和模型 registry。
- 如果您在早期版本的 RHOAI 中使用模型目录,则 TechDocs 传播功能不适用于在早期版本中注册的模型 registry;在早期版本中,只有 RHOAI 2.25 模型目录中的模型 registry 的模型卡会传送到 RHDH as TechDocs。
- 对于其余功能,版本 2.20 或更高版本。启用模型 registry 及其关联仪表板可让用户体验直接允许自定义 AI Model 元数据。为了获得最佳整体体验,建议使用 RHOAI 2.25。
如需了解更多详细信息 ,请参阅启用模型 registry 组件。
流程
配置 RHOAI 相关的 RBAC 和凭证。连接器需要 Kubernetes
ServiceAccount和service-account-tokenSecret 从 RHOAI 检索数据。必须创建以下资源,根据需要替换命名空间名称(ai-rhdhfor RHDH,rhoai-model-registriesfor RHOAI):ServiceAccount(rhdh-rhoai-connector)。例如:apiVersion: v1 kind: ServiceAccount metadata: name: rhdh-rhoai-connector namespace: ai-rhdhClusterRole和ClusterRoleBinding(rhdh-rhoai-connector)允许访问 OCP 资源,如路由、服务和inference。例如:services# Example for `ClusterRole` apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: rhdh-rhoai-connector annotations: argocd.argoproj.io/sync-wave: "0" rules: - apiGroups: - apiextensions.k8s.io resources: - customresourcedefinitions verbs: - get - apiGroups: - route.openshift.io resources: - routes verbs: - get - list - watch - apiGroups: [""] resources: - serviceaccounts - services verbs: - get - list - watch - apiGroups: ["serving.kserve.io"] resources: ["inferenceservices"] verbs: ["get", "list", "watch"]# Example for `ClusterRoleBinding` apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: rhdh-rhoai-connector roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: rhdh-rhoai-connector subjects: - kind: ServiceAccount name: rhdh-rhoai-connector namespace: ai-rhdhRole和RoleBinding以允许 RHDH 命名空间中的 ConfigMap 更新(ai-rhdh)。例如:# Example for `Role` and `Rolebinding` in the {product-very-short} namespace (`ai-rhdh`) apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: rhdh-rhoai-connector namespace: ai-rhdh rules: - apiGroups: [""] resources: ["configmaps"] verbs: ["get", "list", "watch", "create", "update", "patch"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: rhdh-rhoai-connector namespace: ai-rhdh roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: rhdh-rhoai-connector subjects: - kind: ServiceAccount name: rhdh-rhoai-connector namespace: ai-rhdhRHOAI 命名空间中的
RoleBinding(rhoai-model-registries),向模型 registry 数据(绑定到registry-user-modelregistry-public)授予 RHDHServiceAccount的读取权限。# Example for `RoleBinding` in the {rhoai-short} namespace (rhoai-model-registries) apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: # if using ODH then change rhoai to odh in the name and namespace here name: rhdh-rhoai-dashboard-permissions # namespace: odh-model-registries namespace: rhoai-model-registries roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: registry-user-modelregistry-public subjects: - apiGroup: rbac.authorization.k8s.io kind: Group name: system:serviceaccounts:ai-rhdhSecret (
rhdh-rhoai-connector-token)类型为kubernetes.io/service-account-token,它与rhdh-rhoai-connectorServiceAccount一起提供。apiVersion: v1 kind: Secret metadata: name: rhdh-rhoai-connector-token namespace: ai-rhdh annotations: kubernetes.io/service-account.name: rhdh-rhoai-connector type: kubernetes.io/service-account-token
更新 RHDH 动态插件配置。RHDH Pod 需要两个动态插件。
在 RHDH 动态插件 ConfigMap 中,添加以下代码:
plugins: - disabled: false package: oci://ghcr.io/redhat-developer/rhdh-plugin-export-overlays/red-hat-developer-hub-backstage-plugin-catalog-backend-module-model-catalog:bs_1.42.5__0.7.0!red-hat-developer-hub-backstage-plugin-catalog-backend-module-model-catalog - disabled: false package: oci://ghcr.io/redhat-developer/rhdh-plugin-export-overlays/red-hat-developer-hub-backstage-plugin-catalog-techdoc-url-reader-backend:bs_1.42.5__0.3.0!red-hat-developer-hub-backstage-plugin-catalog-techdoc-url-reader-backend
将
Connectorsidecar 容器添加到 RHDH Pod。- 如果使用 Operator 安装 RHDH,请修改 RHDH 自定义资源(CR)实例。
- 如果使用 Helm chart 安装 RHDH,请修改 Deployment 规格。
-
系统依赖于三个 sidecar 容器(OpenShift AI Connector for Red Hat Developer Hub)和
backstage-backend容器一起运行。
将这些 sidecar 容器添加到引用 rhdh-rhoai-connector-token Secret: 位置: 提供 RHDH 插件的 REST API 来获取模型元数据。 storage-rest: 在名为 bac-import-model 的 ConfigMap 中维护 AI Model 元数据缓存。| rhoai-normalizer: Acts 作为 Kubernetes 控制器和 RHOAI 客户端,规范化连接器的 RHOAI 元数据。以下代码块是一个示例:
+
spec:
template:
spec:
containers:
- env:
- name: NORMALIZER_FORMAT
value: JsonArrayFormat
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
envFrom:
- secretRef:
name: rhdh-rhoai-connector-token
image: quay.io/redhat-ai-dev/model-catalog-location-service@sha256:763311530fb842a1366447e661ca22563e6ef22505d993716aea350bbbfae9a0
imagePullPolicy: Always
name: location
ports:
- containerPort: 9090
name: location
protocol: TCP
volumeMounts:
- mountPath: /opt/app-root/src/dynamic-plugins-root
name: dynamic-plugins-root
workingDir: /opt/app-root/src
- env:
- name: NORMALIZER_FORMAT
value: JsonArrayFormat
- name: STORAGE_TYPE
value: ConfigMap
- name: BRIDGE_URL
value: http://localhost:9090
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
envFrom:
- secretRef:
name: rhdh-rhoai-connector-token
image: quay.io/redhat-ai-dev/model-catalog-storage-rest@sha256:398095e7469e86d84b1196371286363f4b7668aa3e26370b4d78cb8d4ace1dc9
imagePullPolicy: Always
name: storage-rest
volumeMounts:
- mountPath: /opt/app-root/src/dynamic-plugins-root
name: dynamic-plugins-root
workingDir: /opt/app-root/src
- env:
- name: NORMALIZER_FORMAT
value: JsonArrayFormat
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
envFrom:
- secretRef:
name: rhdh-rhoai-connector-token
image: quay.io/redhat-ai-dev/model-catalog-rhoai-normalizer@sha256:fe6c05d57495d6217c4d584940ec552c3727847ff60f39f5d04f94be024576d8
imagePullPolicy: Always
name: rhoai-normalizer
volumeMounts:
- mountPath: /opt/app-root/src/dynamic-plugins-root
name: dynamic-plugins-root
workingDir: /opt/app-root/src
args:
- '--metrics-address=:8081'在
RHDHapp-config.yaml文件中启用Connector。在Backstage 'app-config.extra.yaml文件中,在catalog.providers部分下配置Entity Provider:providers: modelCatalog: development: baseUrl: http://localhost:9090其中:
modelCatalog- 指定供应商的名称。
开发-
定义除一个
baseUrl外的未来连接器功能。 baseUrl- 对于开发者预览,这个值是唯一支持的值。将来的版本可能会支持外部路由。
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}