Merge pull request opendatahub-io#1506 from red-hat-data-services/RHOAIENG-32708

riprasad · web-flow · commit 3a59e5e37c16 · 2025-08-27T16:22:28.000+01:00
Add konflux Dockerfiles
diff --git a/jupyter/rocm/tensorflow/ubi9-python-3.12/Dockerfile.konflux.rocm b/jupyter/rocm/tensorflow/ubi9-python-3.12/Dockerfile.konflux.rocm
@@ -0,0 +1,193 @@
+######################################################
+# mongocli-builder (build stage only, not published) #
+######################################################
+FROM registry.access.redhat.com/ubi9/go-toolset:latest AS mongocli-builder
+
+ARG MONGOCLI_VERSION=2.0.4
+
+WORKDIR /tmp/
+RUN curl -Lo mongodb-cli-mongocli-v${MONGOCLI_VERSION}.zip https://github.com/mongodb/mongodb-cli/archive/refs/tags/mongocli/v${MONGOCLI_VERSION}.zip
+RUN unzip ./mongodb-cli-mongocli-v${MONGOCLI_VERSION}.zip
+RUN cd ./mongodb-cli-mongocli-v${MONGOCLI_VERSION}/ && \
+    CGO_ENABLED=1 GOOS=linux go build -a -tags strictfipsruntime -o /tmp/mongocli ./cmd/mongocli/
+
+####################
+# base             #
+####################
+FROM registry.access.redhat.com/ubi9/python-312:latest AS base
+
+WORKDIR /opt/app-root/bin
+
+# OS Packages needs to be installed as root
+USER 0
+
+# upgrade first to avoid fixable vulnerabilities begin
+RUN dnf -y upgrade --refresh --best --nodocs --noplugins --setopt=install_weak_deps=0 --setopt=keepcache=0 \
+    && dnf clean all -y
+# upgrade first to avoid fixable vulnerabilities end
+
+# Install useful OS packages
+RUN dnf install -y mesa-libGL skopeo && dnf clean all && rm -rf /var/cache/yum
+
+# Other apps and tools installed as default user
+USER 1001
+
+# Install micropipenv and uv to deploy packages from requirements.txt begin
+RUN pip install --no-cache-dir -U "micropipenv[toml]==1.9.0" "uv==0.8.12"
+# Install micropipenv and uv to deploy packages from requirements.txt end
+
+# Install the oc client begin
+RUN curl -L https://mirror.openshift.com/pub/openshift-v4/$(uname -m)/clients/ocp/stable/openshift-client-linux.tar.gz \
+        -o /tmp/openshift-client-linux.tar.gz && \
+    tar -xzvf /tmp/openshift-client-linux.tar.gz oc && \
+    rm -f /tmp/openshift-client-linux.tar.gz
+# Install the oc client end
+
+#############
+# rocm-base #
+#############
+FROM base AS rocm-base
+
+USER 0
+WORKDIR /opt/app-root/bin
+
+# Please keep in sync with ROCm/python3.12 dependent images
+ARG ROCM_VERSION=6.4.3
+ARG AMDGPU_VERSION=6.4.3
+
+# Install the ROCm rpms
+# ref: https://github.com/ROCm/ROCm-docker/blob/master/dev/Dockerfile-centos-7-complete
+# docs: https://rocm.docs.amd.com/projects/install-on-linux/en/latest/install/install-methods/package-manager/package-manager-rhel.html#registering-rocm-repositories
+# Note: Based on 6.4 above new package mivisionx is a pre-requistes, which bring in more dependent packages
+# so we are only installing meta packages of rocm
+# ref: https://rocm.docs.amd.com/projects/install-on-linux/en/develop/reference/package-manager-integration.html#packages-in-rocm-programming-models
+RUN echo "[ROCm]" > /etc/yum.repos.d/rocm.repo && \
+    echo "name=ROCm" >> /etc/yum.repos.d/rocm.repo && \
+    echo "baseurl=https://repo.radeon.com/rocm/el9/${ROCM_VERSION}/main" >> /etc/yum.repos.d/rocm.repo && \
+    echo "enabled=1" >> /etc/yum.repos.d/rocm.repo && \
+    echo "gpgcheck=0" >> /etc/yum.repos.d/rocm.repo && \
+    echo "[amdgpu]" > /etc/yum.repos.d/amdgpu.repo && \
+    echo "name=amdgpu" >> /etc/yum.repos.d/amdgpu.repo && \
+    echo "baseurl=https://repo.radeon.com/amdgpu/${AMDGPU_VERSION}/rhel/9.4/main/x86_64" >> /etc/yum.repos.d/amdgpu.repo && \
+    echo "enabled=1" >> /etc/yum.repos.d/amdgpu.repo && \
+    echo "gpgcheck=0" >> /etc/yum.repos.d/amdgpu.repo && \
+    dnf install -y 'https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm' && \
+    dnf clean all && dnf makecache && \
+    dnf install -y rocm-developer-tools rocm-ml-sdk rocm-openmp-sdk rocm-utils && \
+    dnf clean all && rm -rf /var/cache/dnf
+
+# https://rocm.docs.amd.com/projects/install-on-linux/en/latest/install/post-install.html#configure-rocm-shared-objects
+RUN tee --append /etc/ld.so.conf.d/rocm.conf <<EOF
+  /opt/rocm/lib
+  /opt/rocm/lib64
+EOF
+
+RUN ldconfig
+
+# Restore notebook user workspace
+USER 1001
+WORKDIR /opt/app-root/src
+
+########################
+# rocm-jupyter-minimal #
+########################
+FROM rocm-base AS rocm-jupyter-minimal
+
+ARG JUPYTER_REUSABLE_UTILS=jupyter/utils
+ARG MINIMAL_SOURCE_CODE=jupyter/minimal/ubi9-python-3.12
+
+WORKDIR /opt/app-root/bin
+
+COPY ${JUPYTER_REUSABLE_UTILS} utils/
+
+USER 0
+
+# Dependencies for PDF export begin
+RUN ./utils/install_pdf_deps.sh
+ENV PATH="/usr/local/texlive/bin/linux:/usr/local/pandoc/bin:$PATH"
+# Dependencies for PDF export end
+
+USER 1001
+
+COPY ${MINIMAL_SOURCE_CODE}/start-notebook.sh ./
+
+WORKDIR /opt/app-root/src
+
+ENTRYPOINT ["start-notebook.sh"]
+
+############################
+# rocm-jupyter-datascience #
+############################
+FROM rocm-jupyter-minimal AS rocm-jupyter-datascience
+
+ARG DATASCIENCE_SOURCE_CODE=jupyter/datascience/ubi9-python-3.12
+
+WORKDIR /opt/app-root/bin
+
+# OS Packages needs to be installed as root
+USER root
+
+# Install useful OS packages
+RUN dnf install -y jq unixODBC postgresql git-lfs libsndfile && dnf clean all && rm -rf /var/cache/yum
+
+# Copy dynamically-linked mongocli built in earlier build stage
+COPY --from=mongocli-builder /tmp/mongocli /opt/app-root/bin/
+
+# Install MSSQL Client, We need a special repo for MSSQL as they do their own distribution
+COPY ${DATASCIENCE_SOURCE_CODE}/mssql-2022.repo /etc/yum.repos.d/mssql-2022.repo
+
+RUN ACCEPT_EULA=Y dnf install -y mssql-tools18 unixODBC-devel && dnf clean all && rm -rf /var/cache/yum
+
+ENV PATH="$PATH:/opt/mssql-tools18/bin"
+
+# Other apps and tools installed as default user
+USER 1001
+
+# Copy Elyra setup to utils so that it's sourced at startup
+COPY ${DATASCIENCE_SOURCE_CODE}/setup-elyra.sh ${DATASCIENCE_SOURCE_CODE}/utils ./utils/
+
+WORKDIR /opt/app-root/src
+
+
+###########################
+# rocm-jupyter-tensorflow #
+###########################
+FROM rocm-jupyter-datascience AS rocm-jupyter-tensorflow
+
+ARG DATASCIENCE_SOURCE_CODE=jupyter/datascience/ubi9-python-3.12
+ARG TENSORFLOW_SOURCE_CODE=jupyter/rocm/tensorflow/ubi9-python-3.12
+
+WORKDIR /opt/app-root/bin
+
+COPY ${TENSORFLOW_SOURCE_CODE}/requirements.txt ./
+
+RUN echo "Installing softwares and packages" && \
+    # This may have to download and compile some dependencies, and as we don't lock requirements from `build-system.requires`,
+    #  we often don't know the correct hashes and `--require-hashes` would therefore fail on non amd64, where building is common.
+    # Not using --build-constraints=./requirements.txt because error: Unnamed requirements are not allowed as constraints (found: `https://repo.radeon.com/rocm/manylinux/rocm-rel-6.4/
+    uv pip install --strict --no-deps --no-cache --no-config --no-progress --verify-hashes --compile-bytecode --index-strategy=unsafe-best-match --requirements=./requirements.txt && \
+    # setup path for runtime configuration
+    mkdir /opt/app-root/runtimes && \
+    # Remove default Elyra runtime-images \
+    rm /opt/app-root/share/jupyter/metadata/runtime-images/*.json && \
+    # Replace Notebook's launcher, "(ipykernel)" with Python's version 3.x.y \
+    sed -i -e "s/Python.*/$(python --version | cut -d '.' -f-2)\",/" /opt/app-root/share/jupyter/kernels/python3/kernel.json && \
+    # copy jupyter configuration
+    cp /opt/app-root/bin/utils/jupyter_server_config.py /opt/app-root/etc/jupyter && \
+    # Disable announcement plugin of jupyterlab \
+    jupyter labextension disable "@jupyterlab/apputils-extension:announcements" && \
+    # Apply JupyterLab addons \
+    /opt/app-root/bin/utils/addons/apply.sh && \
+    # Fix permissions to support pip in Openshift environments \
+    chmod -R g+w /opt/app-root/lib/python3.12/site-packages && \
+    fix-permissions /opt/app-root -P
+
+WORKDIR /opt/app-root/src
+
+LABEL name="rhoai/odh-workbench-jupyter-tensorflow-rocm-py312-rhel9" \
+      com.redhat.component="odh-workbench-jupyter-tensorflow-rocm-py312-rhel9" \
+      io.k8s.display-name="odh-workbench-jupyter-tensorflow-rocm-py312-rhel9" \
+      summary="Jupyter AMD tensorflow notebook image for ODH notebooks" \
+      description="Jupyter AMD tensorflow notebook image with base Python 3.12 builder image based on UBI9 for ODH notebooks" \
+      io.k8s.description="Jupyter AMD tensorflow notebook image with base Python 3.12 builder image based on UBI9 for ODH notebooks" \
+      com.redhat.license_terms="https://www.redhat.com/licenses/Red_Hat_Standard_EULA_20191108.pdf"
diff --git a/runtimes/rocm-tensorflow/ubi9-python-3.12/Dockerfile.konflux.rocm b/runtimes/rocm-tensorflow/ubi9-python-3.12/Dockerfile.konflux.rocm
@@ -0,0 +1,98 @@
+####################
+# base             #
+####################
+FROM registry.access.redhat.com/ubi9/python-312:latest AS base
+
+WORKDIR /opt/app-root/bin
+
+# OS Packages needs to be installed as root
+USER 0
+
+# upgrade first to avoid fixable vulnerabilities begin
+RUN dnf -y upgrade --refresh --best --nodocs --noplugins --setopt=install_weak_deps=0 --setopt=keepcache=0 \
+    && dnf clean all -y
+# upgrade first to avoid fixable vulnerabilities end
+
+# Install useful OS packages
+RUN dnf install -y mesa-libGL skopeo && dnf clean all && rm -rf /var/cache/yum
+
+# Other apps and tools installed as default user
+USER 1001
+
+# Install micropipenv and uv to deploy packages from requirements.txt begin
+RUN pip install --no-cache-dir -U "micropipenv[toml]==1.9.0" "uv==0.8.12"
+# Install micropipenv and uv to deploy packages from requirements.txt end
+
+# Install the oc client begin
+RUN curl -L https://mirror.openshift.com/pub/openshift-v4/$(uname -m)/clients/ocp/stable/openshift-client-linux.tar.gz \
+        -o /tmp/openshift-client-linux.tar.gz && \
+    tar -xzvf /tmp/openshift-client-linux.tar.gz oc && \
+    rm -f /tmp/openshift-client-linux.tar.gz
+# Install the oc client end
+
+#############
+# rocm-base #
+#############
+FROM base AS rocm-base
+
+USER 0
+WORKDIR /opt/app-root/bin
+
+# Please keep in sync with ROCm/python3.12 dependent images
+ARG ROCM_VERSION=6.2.4
+ARG AMDGPU_VERSION=6.2.4
+
+# Install the ROCm rpms
+# ref: https://github.com/ROCm/ROCm-docker/blob/master/dev/Dockerfile-centos-7-complete
+# Note: Based on 6.2 above new package mivisionx is a pre-requistes, which bring in more dependent packages
+# Only the ROCm meta-packages are installed
+# ref: https://rocm.docs.amd.com/projects/install-on-linux/en/develop/reference/package-manager-integration.html#packages-in-rocm-programming-models
+RUN echo "[ROCm]" > /etc/yum.repos.d/rocm.repo && \
+    echo "name=ROCm" >> /etc/yum.repos.d/rocm.repo && \
+    echo "baseurl=https://repo.radeon.com/rocm/rhel9/$ROCM_VERSION/main" >> /etc/yum.repos.d/rocm.repo && \
+    echo "enabled=1" >> /etc/yum.repos.d/rocm.repo && \
+    echo "gpgcheck=0" >> /etc/yum.repos.d/rocm.repo && \
+    echo "[amdgpu]" > /etc/yum.repos.d/amdgpu.repo && \
+    echo "name=amdgpu" >> /etc/yum.repos.d/amdgpu.repo && \
+    echo "baseurl=https://repo.radeon.com/amdgpu/$AMDGPU_VERSION/rhel/9.4/main/x86_64" >> /etc/yum.repos.d/amdgpu.repo && \
+    echo "enabled=1" >> /etc/yum.repos.d/amdgpu.repo && \
+    echo "gpgcheck=0" >> /etc/yum.repos.d/amdgpu.repo && \
+    yum install -y rocm-developer-tools rocm-ml-sdk rocm-opencl-sdk rocm-openmp-sdk rocm-utils && \
+    yum clean all && rm -rf /var/cache/yum
+
+# Restore notebook user workspace
+USER 1001
+WORKDIR /opt/app-root/src
+
+###########################
+# rocm-runtime-tensorflow #
+###########################
+FROM rocm-base AS rocm-runtime-tensorflow
+
+ARG TENSORFLOW_SOURCE_CODE=runtimes/rocm-tensorflow/ubi9-python-3.12
+
+WORKDIR /opt/app-root/bin
+
+# Install Python packages from requirements.txt
+COPY ${TENSORFLOW_SOURCE_CODE}/requirements.txt ./
+# Copy Elyra dependencies for air-gapped enviroment
+COPY ${TENSORFLOW_SOURCE_CODE}/utils ./utils/
+
+RUN echo "Installing softwares and packages" && \
+    # This may have to download and compile some dependencies, and as we don't lock requirements from `build-system.requires`,
+    #  we often don't know the correct hashes and `--require-hashes` would therefore fail on non amd64, where building is common.
+    # Not using --build-constraints=./requirements.txt because error: Unnamed requirements are not allowed as constraints (found: `https://repo.radeon.com/rocm/manylinux/rocm-rel-6.4/
+    uv pip install --strict --no-deps --no-cache --no-config --no-progress --verify-hashes --compile-bytecode --index-strategy=unsafe-best-match --requirements=./requirements.txt && \
+    # Fix permissions to support pip in Openshift environments \
+    chmod -R g+w /opt/app-root/lib/python3.12/site-packages && \
+    fix-permissions /opt/app-root -P
+
+WORKDIR /opt/app-root/src
+
+LABEL name="rhoai/odh-pipeline-runtime-tensorflow-rocm-py312-rhel9" \
+      com.redhat.component="odh-pipeline-runtime-tensorflow-rocm-py312-rhel9" \
+      io.k8s.display-name="odh-pipeline-runtime-tensorflow-rocm-py312-rhel9" \
+      summary="Runtime ROCm tensorflow notebook image for ODH notebooks" \
+      description="Runtime ROCm tensorflow notebook image with base Python 3.12 builder image based on UBI9 for ODH notebooks" \
+      io.k8s.description="Runtime ROCm tensorflow notebook image with base Python 3.12 builder image based on UBI9 for ODH notebooks" \
+      com.redhat.license_terms="https://www.redhat.com/licenses/Red_Hat_Standard_EULA_20191108.pdf"
