Skip to content

Add reference to etcd and ose-cli rhel9 manifest list image #369

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
openshift-merge-bot merged 7 commits into from
Sep 2, 2025
Merged

Add reference to etcd and ose-cli rhel9 manifest list image #369

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
711d0fe
feat(RHOAIENG-32222): add reference to etcd rhel9 manifest list image
davidebianchi Aug 19, 2025
b084e39
feat(RHOAIENG-32222): add reference to ose-cli rhel9 manifest list image
davidebianchi Aug 19, 2025
eba5fff
feat(RHOAIENG-32222): rename etcd image
davidebianchi Aug 19, 2025
7b5a1db
fix(RHOAIENG-32222): substitute vars in initContainers
davidebianchi Aug 19, 2025
dcc4881
feat(RHOAIENG-32222): set specific image to etcd deployment in openda…
davidebianchi Aug 19, 2025
9be99ad
feat: rename etcd to ose-etcd
davidebianchi Aug 25, 2025
8f75a2d
feat: update static reference to oauth-proxy
davidebianchi Aug 27, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion config/dependencies/fvt.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ spec:
- /tmp/etcd.data
# image: quay.io/coreos/etcd:v3.5.4
# Tag -> registry.access.redhat.com/rhel7/etcd:3.2.32-34
image: registry.redhat.io/openshift4/ose-etcd@sha256:d3275cd886d13865937d225d8138db7f6b7bf59ac1a94d9fbe61e35286bee6ff
image: $(ose-etcd)
name: etcd
ports:
- containerPort: 2379
Expand Down
2 changes: 1 addition & 1 deletion config/internal/base/deployment.yaml.tmpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -136,7 +136,7 @@ spec:
- '--openshift-delegate-urls={"/": {"namespace": "{{.AuthNamespace}}", "resource": "services", "verb": "get"}}'
- '--openshift-sar={"namespace": "{{.AuthNamespace}}", "resource": "services", "verb": "get"}'
- --skip-auth-regex='(^/metrics|^/apis/v1beta1/healthz)'
image: registry.redhat.io/openshift4/ose-oauth-proxy@sha256:8507daed246d4d367704f7d7193233724acf1072572e1226ca063c066b858ecf
image: registry.redhat.io/openshift4/ose-oauth-proxy-rhel9@sha256:d3056b35d9a205b9f2c48d924f199c5ac23904eb18d526e4bff229e7c7181415
ports:
- containerPort: 8443
name: https
Expand Down
14 changes: 14 additions & 0 deletions config/overlays/odh/kustomization.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,20 @@ vars:
apiVersion: v1
kind: ConfigMap
name: mesh-parameters
- fieldref:
fieldPath: data.ose-etcd
name: ose-etcd
objref:
apiVersion: v1
kind: ConfigMap
name: mesh-parameters
- fieldref:
fieldPath: data.ose-cli
name: ose-cli
objref:
apiVersion: v1
kind: ConfigMap
name: mesh-parameters



Expand Down
2 changes: 2 additions & 0 deletions config/overlays/odh/params.env
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,3 +2,5 @@ odh-mm-rest-proxy=quay.io/opendatahub/rest-proxy:fast
odh-modelmesh-runtime-adapter=quay.io/opendatahub/modelmesh-runtime-adapter:fast
odh-modelmesh=quay.io/opendatahub/modelmesh:fast
odh-modelmesh-controller=quay.io/opendatahub/modelmesh-controller:fast
ose-etcd=registry.redhat.io/openshift4/ose-etcd-rhel9:v4.19
ose-cli=registry.redhat.io/openshift4/ose-cli-rhel9:v4.19
Copy link
Member

@spolti spolti Aug 26, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Any particular reason for adding it? (the cli one)

Copy link
Member Author

@davidebianchi davidebianchi Aug 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To follow the dependency management guidelines. It was in the same manifest, so I updated them together. Do you see any problems?

Copy link
Member

@grdryn grdryn Aug 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@spolti the idea here is that of RHOAIENG-25619, where the images can be kept consistent with the rest of RHOAI, rather than the old approach of every component specifying their own version of everything, and those all going stale and having 7 different versions of the same image across the different components.

Copy link
Member

@grdryn grdryn Aug 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually, there are oauth-proxy references in this repository also: https://github.com/search?q=repo%3Aopendatahub-io%2Fmodelmesh-serving+oauth-proxy&type=code

Should/could those also be updated here?

Copy link
Member

@spolti spolti Aug 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@grdryn I am confused now, will ose-cli replace ose ose-proxy? If not, why add ose-cli?

Copy link
Member

@grdryn grdryn Aug 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@spolti ose-cli is a different case than oauth-proxy. The idea is to keep all 3rd party images (or at least other images from RH registry) up-to-date, so ose-cli is being added because it's referenced in config/overlays/odh/quickstart.yaml on L52 (and you can see the reference is updated in this PR).

So maybe we should have a 3rd entry here for ose-oauth-proxy? Or I guess that would actually need to be passed to that deployment.yaml.tmpl from here 🤔 Maybe we should update the static reference once in this PR, and then consider parameterizing that and figuring out how to feed the image through in a potential follow-up change?

Copy link
Member

@spolti spolti Aug 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see, thanks.

Yes, this template is processed at runtime, we could add the image there and later patch it accordingly.

Copy link
Member

@spolti spolti Aug 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shall we already add the proxy as part of this PR?

Copy link
Member

@grdryn grdryn Aug 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm easy with it either being done in this PR or another one. Which would you prefer? Maybe we could get this one merged, then create a follow up one for that (or potentially 2 follow ups: one to just update the static image reference in place, then a second to have the image passed through, if that's even a reasonable thing to do)?

Copy link
Member Author

@davidebianchi davidebianchi Aug 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I updated the oauth-proxy static reference here. Passing the image through is something I'd do in a separate PR.

2 changes: 2 additions & 0 deletions config/overlays/odh/params.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,5 +7,7 @@ varReference:
kind: RoleBinding
- path: spec/template/spec/containers[]/image
kind: Deployment
- path: spec/template/spec/initContainers[]/image
kind: Deployment
- path: data
kind: ConfigMap
8 changes: 4 additions & 4 deletions config/overlays/odh/quickstart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ spec:
defaultMode: 0554
initContainers:
- name: etcd-secret-creator
image: registry.redhat.io/openshift4/ose-cli@sha256:4cfb4219f46c8cc25a5e567fd4cb8babe9a3778b0b86a1e354a3403994ef3677
image: $(ose-cli)
command: ["/bin/bash", "-c", "--"]
args:
- |
Expand All @@ -69,10 +69,10 @@ spec:
exit 0
elif [[ $etcdpasswordexists == "false" && $modelservingetcdexists != "false" ]]; then
echo "model-serving-etcd exists, creating etcdpasswords secret"
ETC_ROOT_PSW=$(oc get secrets/model-serving-etcd --template={{.data.etcd_connection}} | base64 -d | grep -o '"password": *"[^"]*"' | grep -o '"[^"]*"$' | grep -oP '"\K[^"\047]+(?=["\047])')
ETC_ROOT_PSW=$(oc get secrets/model-serving-etcd --template={{.data.etcd_connection}} | base64 -d | grep -o '"password": *"[^"]*"' | grep -o '"[^"]*"$' | grep -oP '"\K[^"\047]+(?=["\047])')
oc create secret generic etcd-passwords --type=string --from-literal=root=$ETC_ROOT_PSW
exit 0
else
else
echo "secrets etcdpasswords and model-serving-etcd exist, doing nothing"
exit 0
fi
Expand All @@ -92,7 +92,7 @@ spec:
- http://0.0.0.0:2379
- "--data-dir"
- /tmp/etcd.data
image: registry.redhat.io/openshift4/ose-etcd@sha256:d3275cd886d13865937d225d8138db7f6b7bf59ac1a94d9fbe61e35286bee6ff
image: $(ose-etcd)
name: etcd
env:
- name: ROOT_PASSWORD
Expand Down
16 changes: 8 additions & 8 deletions controllers/testdata/servingruntime_controller.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -104,7 +104,7 @@ spec:
- '--openshift-sar={"namespace": "default", "resource": "services", "verb":
"get"}'
- --skip-auth-regex='(^/metrics|^/apis/v1beta1/healthz)'
image: registry.redhat.io/openshift4/ose-oauth-proxy@sha256:8507daed246d4d367704f7d7193233724acf1072572e1226ca063c066b858ecf
image: registry.redhat.io/openshift4/ose-oauth-proxy-rhel9@sha256:d3056b35d9a205b9f2c48d924f199c5ac23904eb18d526e4bff229e7c7181415
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
Expand Down Expand Up @@ -417,7 +417,7 @@ spec:
- '--openshift-sar={"namespace": "default", "resource": "services", "verb":
"get"}'
- --skip-auth-regex='(^/metrics|^/apis/v1beta1/healthz)'
image: registry.redhat.io/openshift4/ose-oauth-proxy@sha256:8507daed246d4d367704f7d7193233724acf1072572e1226ca063c066b858ecf
image: registry.redhat.io/openshift4/ose-oauth-proxy-rhel9@sha256:d3056b35d9a205b9f2c48d924f199c5ac23904eb18d526e4bff229e7c7181415
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
Expand Down Expand Up @@ -702,7 +702,7 @@ spec:
- '--openshift-sar={"namespace": "default", "resource": "services", "verb":
"get"}'
- --skip-auth-regex='(^/metrics|^/apis/v1beta1/healthz)'
image: registry.redhat.io/openshift4/ose-oauth-proxy@sha256:8507daed246d4d367704f7d7193233724acf1072572e1226ca063c066b858ecf
image: registry.redhat.io/openshift4/ose-oauth-proxy-rhel9@sha256:d3056b35d9a205b9f2c48d924f199c5ac23904eb18d526e4bff229e7c7181415
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
Expand Down Expand Up @@ -1059,7 +1059,7 @@ spec:
- '--openshift-sar={"namespace": "default", "resource": "services", "verb":
"get"}'
- --skip-auth-regex='(^/metrics|^/apis/v1beta1/healthz)'
image: registry.redhat.io/openshift4/ose-oauth-proxy@sha256:8507daed246d4d367704f7d7193233724acf1072572e1226ca063c066b858ecf
image: registry.redhat.io/openshift4/ose-oauth-proxy-rhel9@sha256:d3056b35d9a205b9f2c48d924f199c5ac23904eb18d526e4bff229e7c7181415
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
Expand Down Expand Up @@ -1365,7 +1365,7 @@ spec:
- '--openshift-sar={"namespace": "default", "resource": "services", "verb":
"get"}'
- --skip-auth-regex='(^/metrics|^/apis/v1beta1/healthz)'
image: registry.redhat.io/openshift4/ose-oauth-proxy@sha256:8507daed246d4d367704f7d7193233724acf1072572e1226ca063c066b858ecf
image: registry.redhat.io/openshift4/ose-oauth-proxy-rhel9@sha256:d3056b35d9a205b9f2c48d924f199c5ac23904eb18d526e4bff229e7c7181415
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
Expand Down Expand Up @@ -1663,7 +1663,7 @@ spec:
- '--openshift-sar={"namespace": "default", "resource": "services", "verb":
"get"}'
- --skip-auth-regex='(^/metrics|^/apis/v1beta1/healthz)'
image: registry.redhat.io/openshift4/ose-oauth-proxy@sha256:8507daed246d4d367704f7d7193233724acf1072572e1226ca063c066b858ecf
image: registry.redhat.io/openshift4/ose-oauth-proxy-rhel9@sha256:d3056b35d9a205b9f2c48d924f199c5ac23904eb18d526e4bff229e7c7181415
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
Expand Down Expand Up @@ -1966,7 +1966,7 @@ spec:
- '--openshift-sar={"namespace": "default", "resource": "services", "verb":
"get"}'
- --skip-auth-regex='(^/metrics|^/apis/v1beta1/healthz)'
image: registry.redhat.io/openshift4/ose-oauth-proxy@sha256:8507daed246d4d367704f7d7193233724acf1072572e1226ca063c066b858ecf
image: registry.redhat.io/openshift4/ose-oauth-proxy-rhel9@sha256:d3056b35d9a205b9f2c48d924f199c5ac23904eb18d526e4bff229e7c7181415
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
Expand Down Expand Up @@ -2263,7 +2263,7 @@ spec:
- '--openshift-sar={"namespace": "default", "resource": "services", "verb":
"get"}'
- --skip-auth-regex='(^/metrics|^/apis/v1beta1/healthz)'
image: registry.redhat.io/openshift4/ose-oauth-proxy@sha256:8507daed246d4d367704f7d7193233724acf1072572e1226ca063c066b858ecf
image: registry.redhat.io/openshift4/ose-oauth-proxy-rhel9@sha256:d3056b35d9a205b9f2c48d924f199c5ac23904eb18d526e4bff229e7c7181415
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
Expand Down
2 changes: 1 addition & 1 deletion opendatahub/scripts/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ manifests are the part that deploys the components required for fvt (functional

## Scripts

The scripts in this folder help you run fvt tests or compare odh manifests. However, it is not recommended to use these scripts directly without familiarizing yourself with them. [This doc has make examples](../docs/makefile_-cheatsheet.md) of using these scripts in a makefile here.
The scripts in this folder help you run fvt tests or compare odh manifests. However, it is not recommended to use these scripts directly without familiarizing yourself with them. [This doc has make examples](../docs/makefile-cheatsheet.md) of using these scripts in a makefile here.

- [env.sh](./env.sh)

Expand Down
2 changes: 1 addition & 1 deletion opendatahub/scripts/manifests/fvt/fvt.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ spec:
- /tmp/etcd.data
# image: quay.io/coreos/etcd:v3.5.4
# Tag -> registry.access.redhat.com/rhel7/etcd:3.2.32-34
image: registry.redhat.io/openshift4/ose-etcd@sha256:d3275cd886d13865937d225d8138db7f6b7bf59ac1a94d9fbe61e35286bee6ff
image: registry.redhat.io/openshift4/ose-etcd-rhel9@sha256:ea7545b79599f3868d442fdffdfe9b12a02a4b56ac155f02c0fac4720d475796
Copy link
Member

@grdryn grdryn Aug 20, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm interested to know how this one is used, and why it can't be changed to $(etcd). I guess it's because it's not kustomized in the same way? I wonder if maybe it should be?

Copy link
Member Author

@davidebianchi davidebianchi Aug 20, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, it is not kustomized in the same way. I could have added into the kustomization file the same override, but I noticed that there is a patch to delete the etcd configurations.

modelmesh-serving/opendatahub/scripts/manifests/fvt/kustomization.yaml

Lines 5 to 6 in 7e8b60b

patchesStrategicMerge:
- remove_etcd_patch.yaml

So, I thought it's no longer useful. I’d like to understand whether it makes sense to handle this here as well, or if it’s not really needed.

Copy link
Member

@spolti spolti Aug 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is only for test purposes, fvp on ci.

Copy link
Member Author

@davidebianchi davidebianchi Aug 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, thank you. What do you think could be the best way to manage it? Use the params.env as in config overlays, or keep as is?

Copy link
Member

@grdryn grdryn Aug 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sounds like it should be fine to keep it as you have it here, if it's just for testing purposes.

Copy link
Member Author

@davidebianchi davidebianchi Aug 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I noticed that fvt github actions does not run, there is an error and are never triggered. Is it known? Was it intentional?

name: etcd
ports:
- containerPort: 2379
Expand Down