initial fix to enable studio in proxy network

Signed-off-by: wwanarif <[email protected]>

Author: wwanarif

setup-scripts/setup-genai-studio/manifests/studio-manifest-aws-ecr.yaml

@@ -256,6 +256,9 @@ rules:
 - apiGroups: [""] 
   resources: ["nodes"] 
   verbs: ["list", "get"]
+- apiGroups: [""]
+  resources: ["persistentvolumeclaims"]
+  verbs: ["get", "create", "list", "watch"]
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
@@ -290,6 +293,20 @@ spec:
       containers:
       - name: studio-backend
         image: ${REGISTRY}/studio-backend:${TAG}
+        imagePullPolicy: Always
+        env:
+        - name: APP_FRONTEND_IMAGE
+          value: ${REGISTRY}/app-frontend:${TAG}
+        - name: APP_BACKEND_IMAGE
+          value: ${REGISTRY}/app-backend:${TAG}
+        - name: REGISTRY
+          value: opea
+        - name: TAG
+          value: latest
+        - name: SBX_HTTP_PROXY
+          value: ${HTTP_PROXY}
+        - name: SBX_NO_PROXY
+          value: ${NO_PROXY}      
         ports:
         - containerPort: 5000
         resources:
@@ -347,12 +364,7 @@ spec:
       containers:
       - name: studio-frontend
         securityContext: {}
-        image: ${REGISTRY}/studio-backend:${TAG}
-        env:
-        - name: APP_FRONTEND_IMAGE
-          value: ${REGISTRY}/app-frontend:${TAG}
-        - name: APP_BACKEND_IMAGE
-          value: ${REGISTRY}/app-backend:${TAG}
+        image: ${REGISTRY}/studio-frontend:${TAG}
         ports:
         - name: studio-frontend
           containerPort: 8080

setup-scripts/setup-genai-studio/manifests/studio-manifest.yaml

@@ -246,6 +246,9 @@ rules:
 - apiGroups: [""] 
   resources: ["nodes"] 
   verbs: ["list", "get"]
+- apiGroups: [""]
+  resources: ["persistentvolumeclaims"]
+  verbs: ["get", "create", "list", "watch"]
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
@@ -280,6 +283,7 @@ spec:
       containers:
       - name: studio-backend
         image: ${REGISTRY}/studio-backend:${TAG}
+        imagePullPolicy: Always
         env:
         - name: APP_FRONTEND_IMAGE
           value: ${REGISTRY}/app-frontend:${TAG}
@@ -289,6 +293,10 @@ spec:
           value: opea
         - name: TAG
           value: latest
+        - name: SBX_HTTP_PROXY
+          value: ${HTTP_PROXY}
+        - name: SBX_NO_PROXY
+          value: ${NO_PROXY}      
         ports:
         - containerPort: 5000
         resources:

setup-scripts/setup-genai-studio/playbooks/deploy-studio.yml

@@ -3,13 +3,7 @@
   vars_files:
     - ../vars.yml
   tasks:
-    - name: Create directory for OPEA models
-      file:
-        path: /mnt/opea-models
-        state: directory
-        mode: '0777'
-      become: yes
-
+  
     - name: Create studio namespace
       command: kubectl create namespace studio
       ignore_errors: yes
@@ -25,7 +19,9 @@
       when: coredns_check.stdout != ''
 
     - name: Apply customized studio manifest
-      shell: "envsubst '${REGISTRY} ${TAG}' < ../manifests/studio-manifest.yaml | kubectl apply -f -"
+      shell: "envsubst '${REGISTRY} ${TAG} ${HTTP_PROXY} ${NO_PROXY}' < ../manifests/studio-manifest.yaml | kubectl apply -f -"
       environment:
         REGISTRY: "{{ container_registry }}"
-        TAG: "{{ container_tag }}"
+        TAG: "{{ container_tag }}"
+        HTTP_PROXY: "{{ http_proxy }}"
+        NO_PROXY: "{{ no_proxy }}"

setup-scripts/setup-genai-studio/vars.yml

@@ -1,2 +1,4 @@
 container_registry: 'opea'
-container_tag: 'latest'
+container_tag: 'latest'
+http_proxy: ''
+no_proxy: ''

setup-scripts/setup-onpremise-kubernetes/playbooks/install-requirements.yml

@@ -7,17 +7,6 @@
     - ../vars.yml
 
   tasks:
-
-  - name: Configure APT proxy settings
-    block:
-      - file:
-          path: /etc/apt/apt.conf.d/
-          state: directory
-      - copy:
-          dest: /etc/apt/apt.conf.d/proxy.conf
-          content: |
-            Acquire::http::Proxy "{{ http_proxy }}";
-            Acquire::https::Proxy "{{ http_proxy }}";
 
   - name: Download Docker's official GPG key
     get_url:
@@ -26,6 +15,7 @@
     environment:
       http_proxy: "{{ http_proxy }}"
       https_proxy: "{{ http_proxy }}"
+      no_proxy: "{{ no_proxy }}"
 
   - name: Add Docker's official GPG key
     command: gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg /tmp/docker.gpg
@@ -34,6 +24,7 @@
     environment:
       http_proxy: "{{ http_proxy }}"
       https_proxy: "{{ http_proxy }}"
+      no_proxy: "{{ no_proxy }}"
 
   - name: Set up the Docker stable repository
     lineinfile:
@@ -48,6 +39,7 @@
     environment:
       http_proxy: "{{ http_proxy }}"
       https_proxy: "{{ http_proxy }}"
+      no_proxy: "{{ no_proxy }}"
 
   - name: Add Kubernetes GPG apt Key
     shell: gpg --no-default-keyring --keyring gnupg-ring:/etc/apt/trusted.gpg.d/kubernetes.gpg --import /tmp/kubernetes.gpg
@@ -56,6 +48,7 @@
     environment:
       http_proxy: "{{ http_proxy }}"
       https_proxy: "{{ http_proxy }}"
+      no_proxy: "{{ no_proxy }}"
 
   - name: Set permissions for kubernetes.gpg
     ansible.builtin.file:
@@ -69,6 +62,7 @@
     environment:
       http_proxy: "{{ http_proxy }}"
       https_proxy: "{{ http_proxy }}"
+      no_proxy: "{{ no_proxy }}"
 
   - name: Update apt package list
     command: apt-get update
@@ -77,6 +71,7 @@
     environment:
       http_proxy: "{{ http_proxy }}"
       https_proxy: "{{ http_proxy }}"
+      no_proxy: "{{ no_proxy }}"
     register: apt_update
     failed_when: "'W:' in apt_update.stdout or 'W:' in apt_update.stderr"
 
@@ -92,6 +87,7 @@
     environment:
       http_proxy: "{{ http_proxy }}"
       https_proxy: "{{ http_proxy }}"
+      no_proxy: "{{ no_proxy }}"
 
   - name: Install Docker and related packages
     apt:
@@ -105,6 +101,7 @@
     environment:
       http_proxy: "{{ http_proxy }}"
       https_proxy: "{{ http_proxy }}"
+      no_proxy: "{{ no_proxy }}"
 
   - name: Restart Docker service
     systemd:
@@ -279,6 +276,4 @@
           path: /etc/default/kubelet
           line: 'KUBELET_EXTRA_ARGS="--cgroup-driver=cgroupfs"'
       - command: systemctl daemon-reload
-      - command: systemctl restart kubelet
-
-
+      - command: systemctl restart kubelet

setup-scripts/setup-onpremise-kubernetes/playbooks/setup-k8-cluster.yml

@@ -41,6 +41,7 @@
     environment:
       http_proxy: "{{ http_proxy }}"
       https_proxy: "{{ http_proxy }}"
+      no_proxy: "{{ no_proxy }}"
 
   - name: Extract CNI plugins
     unarchive:
@@ -149,6 +150,7 @@
     environment:
       http_proxy: "{{ http_proxy }}"
       https_proxy: "{{ http_proxy }}"
+      no_proxy: "{{ no_proxy }}"
 
   - name: Extract token and cert hash
     set_fact:
@@ -177,11 +179,13 @@
 
   - name: Get current kube-proxy config
     shell: kubectl get configmap kube-proxy -n kube-system -o yaml > kube-proxy-config.yaml
+    become_user: "{{ ansible_user }}"
     register: kube_proxy_config
     environment:
       KUBECONFIG: "/home/{{ ansible_user }}/.kube/config"
       http_proxy: "{{ http_proxy }}"
       https_proxy: "{{ http_proxy }}"
+      no_proxy: "{{ no_proxy }}"
 
   - name: Update strictARP field
     replace:
@@ -197,6 +201,7 @@
       KUBECONFIG: "/home/{{ ansible_user }}/.kube/config"
       http_proxy: "{{ http_proxy }}"
       https_proxy: "{{ http_proxy }}"
+      no_proxy: "{{ no_proxy }}"
 
   - name: Get cluster info
     become: yes
@@ -207,18 +212,20 @@
       KUBECONFIG: "/home/{{ ansible_user }}/.kube/config"
       http_proxy: "{{ http_proxy }}"
       https_proxy: "{{ http_proxy }}"
+      no_proxy: "{{ no_proxy }}"
 
   - name: Display the cluster-info
     debug:
       var: cluster_info.stdout_lines
 
-  - name: Use kubectl to install Flannel
+  - name: Download Flannel manifest
     get_url:
       url: https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
       dest: /tmp/kube-flannel.yml
     environment:
       http_proxy: "{{ http_proxy }}"
       https_proxy: "{{ http_proxy }}"
+      no_proxy: "{{ no_proxy }}"
 
   - name: Replace pod network cidr in Flannel manifest
     replace:
@@ -234,6 +241,7 @@
       KUBECONFIG: "/home/{{ ansible_user }}/.kube/config"
       http_proxy: "{{ http_proxy }}"
       https_proxy: "{{ http_proxy }}"
+      no_proxy: "{{ no_proxy }}"
 
   - name: Taint master node for scheduling apps
     become: yes
@@ -243,6 +251,7 @@
       KUBECONFIG: "/home/{{ ansible_user }}/.kube/config"
       http_proxy: "{{ http_proxy }}"
       https_proxy: "{{ http_proxy }}"
+      no_proxy: "{{ no_proxy }}"
 
 - hosts: k8_worker
   gather_facts: yes
@@ -316,6 +325,7 @@
     environment:
       http_proxy: "{{ http_proxy }}"
       https_proxy: "{{ http_proxy }}"
+      no_proxy: "{{ no_proxy }}"
 
 
 - hosts: k8_master
@@ -332,6 +342,7 @@
       KUBECONFIG: "/home/{{ ansible_user }}/.kube/config"
       http_proxy: "{{ http_proxy }}"
       https_proxy: "{{ http_proxy }}"
+      no_proxy: "{{ no_proxy }}"
 
   - name: Display the cluster-info
     debug:

setup-scripts/setup-onpremise-kubernetes/vars.yml

@@ -1,6 +1,6 @@
 # ## cluster configuration
-# ## if proxy not needed, replace parameter values to empty strings
-ansible_user: 'some_user'
-ansible_become_password: 'some_password'
-http_proxy: ''
-no_proxy: ''
+# ## if proxy needed, ensure no_proxy contains {{ groups['k8_master'][0] }}
+ansible_user: "some_user"
+ansible_become_password: "some_password"
+http_proxy: ""
+no_proxy: "localhost,127.0.0.1,{{ groups['k8_master'][0] }}"

studio-backend/app/services/namespace_service.py

@@ -56,6 +56,8 @@ def deploy_manifest_in_namespace(core_v1_api, apps_v1_api, proj_info):
                 apps_v1_api.create_namespaced_deployment(namespace=namespace_name, body=manifest)
             elif kind == "Secret":
                 core_v1_api.create_namespaced_secret(namespace=namespace_name, body=manifest)
+            elif kind == "PersistentVolumeClaim":
+                core_v1_api.create_namespaced_persistent_volume_claim(namespace=namespace_name, body=manifest)
             else:
                 deployment_status.append({
                     "kind": kind,

studio-backend/app/templates/app/app.manifest.yaml

@@ -214,4 +214,16 @@ spec:
       - configMap:
           defaultMode: 420
           name: app-nginx-config
-        name: nginx-config-volume
+        name: nginx-config-volume
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: model-pvc
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 50Gi
+  storageClassName: local-path

studio-backend/app/templates/microsvc-manifests/llm-uservice.yaml

@@ -11,9 +11,9 @@ data:
   TGI_LLM_ENDPOINT: "http://{tgi_endpoint}"
   HUGGINGFACEHUB_API_TOKEN: "{tgi_huggingFaceToken}"
   HF_HOME: "/tmp/.cache/huggingface"
-  http_proxy: ""
-  https_proxy: ""
-  no_proxy: ""
+  http_proxy: "${HTTP_PROXY}"
+  https_proxy: "${HTTP_PROXY}"
+  no_proxy: "${NO_PROXY}"
   LOGFLAG: ""
 ---
 # Source: llm-uservice/templates/service.yaml