-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathray-image-builder-pusher.yaml
217 lines (217 loc) · 7.88 KB
/
ray-image-builder-pusher.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
# SUMMARY:
#
# Build and push a Ray iamge using Docker Buildkit.
# Builds for multiple Python versions: 3.9 3.10 3.11
# And also for CPU and GPU
#
# DESCRIPTION:
#
# This does not need privileged access, unlike Docker in Docker (DIND).
#
# Designed to work specifically with https://github.com/frenoid/rayimages-dbs/tree/master
# The Docker file assumes the conventions laid out in https://github.com/ray-project/ray/tree/master/docker/ray
# This pipeline only builds amd64 images (not ARM64 images)
#
# USAGE:
#
# Publishing images requires an access token. For hub.docker.com you can create one at https://hub.docker.com/settings/security
# This needs to be mounted as `$DOCKER_CONFIG/config.json`. To do this, you'll need to create a secret as follows:
#
# export DOCKER_USERNAME=******
# export DOCKER_TOKEN=******
# kubectl create secret generic docker-config --from-literal="config.json={\"auths\": {\"https://index.docker.io/v1/\": {\"auth\": \"$(echo -n $DOCKER_USERNAME:$DOCKER_TOKEN|base64)\"}}`}}}"
#
# REFERENCES:
#
# * https://github.com/moby/buildkit#expose-buildkit-as-a-tcp-service
# * https://blog.alexellis.io/building-containers-without-docker/
# * https://hub.docker.com/r/moby/buildkit
#
apiVersion: argoproj.io/v1alpha1
kind: WorkflowTemplate
metadata:
name: ray-image-builder-pusher
namespace: {{ .Release.Namespace }}
spec:
serviceAccountName: {{ .Values.serviceAccount.name }}
arguments:
parameters:
- name: repo
value: https://github.com/frenoid/rayimages-dbs.git
description: Git repo where Dockerfile is found
- name: branch
value: master
description: Choose branch of Git repo to use
- name: rayVersion
value: "2.23.0"
description: "Version of the rayVersion to build. Follows semantic versioning X.Y.Z"
- name: dbsTagVersion
value: v3
description: "DBS image tag. Example of final image coordinates if image tag is v2: frenoid/ray:2.23.0-py39-cpu-dbs-v2"
- name: push
value: false
enum:
- true
- false
entrypoint: main
# We use a volume claim template so that we can have a shared workspace.
volumeClaimTemplates:
- metadata:
name: work
spec:
accessModes: [ "ReadWriteOnce" ]
resources:
requests:
storage: 10Gi
templates:
- name: main
dag:
tasks:
- name: clone-repo
template: clone-repo
arguments:
parameters:
- name: repo
value: "{{`{{workflow.parameters.repo}}`}}"
- name: branch
value: "{{`{{workflow.parameters.branch}}`}}"
- name: build-push-ray-image-py39-cpu
template: build-push-ray-image
arguments:
parameters:
- name: dockerfilePath
value: "./{{`{{workflow.parameters.rayVersion}}`}}" # Repo is arranged such that Dockerfile for 2.23.0 is located at "/2.23.0/Dockerfile"
- name: dockerfileName
value: "Dockerfile"
- name: imageName
value: "docker.io/frenoid/ray:{{`{{workflow.parameters.rayVersion}}`}}-py39-cpu-{{`{{workflow.parameters.dbsTagVersion}}`}}" # e.g. docker.io/frenoid/ray:2.23.0-py39-cpu-dbs-v1
- name: pythonVersion
value: "39"
- name: computeType
value: "cpu"
- name: push
value: "{{`{{workflow.parameters.push}}`}}"
depends: "clone-repo"
- name: build-push-ray-image-py310-cpu
template: build-push-ray-image
arguments:
parameters:
- name: dockerfilePath
value: "./{{`{{workflow.parameters.rayVersion}}`}}" # Repo is arranged such that Dockerfile for 2.23.0 is located at "/2.23.0/Dockerfile"
- name: dockerfileName
value: "Dockerfile"
- name: imageName
value: "docker.io/frenoid/ray:{{`{{workflow.parameters.rayVersion}}`}}-py310-cpu-{{`{{workflow.parameters.dbsTagVersion}}`}}" # e.g. docker.io/frenoid/ray:2.23.0-py39-cpu-dbs-v1
- name: pythonVersion
value: "310"
- name: computeType
value: "cpu"
- name: push
value: "{{`{{workflow.parameters.push}}`}}"
depends: "clone-repo"
- name: build-push-ray-image-py311-cpu
template: build-push-ray-image
arguments:
parameters:
- name: dockerfilePath
value: "./{{`{{workflow.parameters.rayVersion}}`}}" # Repo is arranged such that Dockerfile for 2.23.0 is located at "/2.23.0/Dockerfile"
- name: dockerfileName
value: "Dockerfile"
- name: imageName
value: "docker.io/frenoid/ray:{{`{{workflow.parameters.rayVersion}}`}}-py310-cpu-{{`{{workflow.parameters.dbsTagVersion}}`}}" # e.g. docker.io/frenoid/ray:2.23.0-py39-cpu-dbs-v1
- name: pythonVersion
value: "311"
- name: computeType
value: "cpu"
- name: push
value: "{{`{{workflow.parameters.push}}`}}"
depends: "clone-repo"
- name: clone-repo
inputs:
parameters:
- name: repo
- name: branch
# Mount ssh keys secrets as volume
volumes:
- name: ssh-keys
secret:
secretName: github-ssh
container:
volumeMounts:
- mountPath: /work
name: work
- mountPath: /root/.ssh
name: ssh-keys
env:
- name: "GITHUB_PAT"
valueFrom:
secretKeyRef:
name: github-pat
key: token
image: alpine/git:v2.26.2
workingDir: /work
# Do a shallow clone, which is the fastest way to clone, by using the
# --depth, --branch, and --single-branch options
command:
- /bin/sh
- -c
args:
- |
set -e
set -x
export REPO_WITH_PAT=$(echo "{{`{{inputs.parameters.repo}}`}}" | sed "s|https://|https://$GITHUB_PAT@|") \
&& git clone \
--depth "1" \
--branch "{{`{{inputs.parameters.branch}}`}}" \
--single-branch \
$REPO_WITH_PAT \
.
- name: build-push-ray-image
inputs:
parameters:
- name: imageName
- name: dockerfilePath
- name: dockerfileName
- name: pythonVersion
- name: computeType
- name: push
# Mount the configuration so we can push the image.
# This should create the /.docker/config.json file.
volumes:
- name: docker-config
secret:
secretName: docker-config
container:
readinessProbe:
exec:
command: [ sh, -c, "buildctl debug workers" ]
image: moby/buildkit:v0.9.3-rootless
volumeMounts:
- name: work
mountPath: /work
- name: docker-config
mountPath: /.docker
workingDir: /work/{{`{{inputs.parameters.dockerfilePath}}`}}
env:
- name: BUILDKITD_FLAGS
value: --oci-worker-no-process-sandbox
- name: DOCKER_CONFIG
value: /.docker
command:
- buildctl-daemonless.sh
args:
- build
- --frontend
- dockerfile.v0
- --local
- context=.
- --local
- dockerfile=. # Directory set by workingDir
- --output
- type=image,name=docker.io/{{`{{inputs.parameters.imageName}}`}},push={{`{{inputs.parameters.push}}`}}
- --opt
- filename=./{{`{{inputs.parameters.dockerfileName}}`}} # Typically "Dockerfile"
- --opt
- build-arg:PYTHON_VERSION={{`{{inputs.parameters.pythonVersion}}`}} # Dockerfile ARG PYTHON_VERSION
- --opt
- build-arg:COMPUTE={{`{{inputs.parameters.computeType}}`}} # Dockerfile ARG COMPUTE