nicolas
/
bootc-edge-ai
mirror of https://github.com/nmasse-itix/bootc-edge-ai.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
16 Commits
1 Branch
0 Tags
79 KiB
 
 
Tree: e38433b39e
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'e38433b39e'
${ noResults }
bootc-edge-ai/tekton
Nicolas Massé e38433b39e
wip 		4 months ago
..
common wip 4 months ago
README.md wip 4 months ago
pipeline.yaml wip 4 months ago
pipelinerun.yaml wip 5 months ago

README.md

Multi-architecture Tekton Pipeline

Tekton configuration

oc patch configmap/feature-flags -n openshift-pipelines --type=merge -p '{"data":{"disable-affinity-assistant":"true"}}'

Pipeline manifests

oc apply -k common/
oc apply -f pipeline.yaml

Authentication to Pypi

oc create secret generic pypi-mirror '--from-literal=PYPI_MIRROR_URL=https://login:password@artifactory-host/artifactory/api/pypi/pypi-virtual/simple'

Authentication to the registries

export REGISTRY_AUTH_FILE="$PWD/auth.json"
podman login quay.io
podman login registry.redhat.io
oc apply -f - <<EOF
apiVersion: v1
kind: Secret
metadata:
  annotations:
    tekton.dev/docker-0: https://quay.io
  name: registry-authentication
type: kubernetes.io/dockerconfigjson
data:
  .dockerconfigjson: $(base64 -w0 "$PWD/auth.json")
EOF

oc create configmap registries-conf --from-file=/etc/containers/registries.conf

Authentication to GitHub

cat > gitconfig <<EOF
[credential]
  helper=store
EOF
oc create secret generic github-authentication --from-literal=.git-credentials=https://user:password@github.com --from-file=.gitconfig=gitconfig

Authentication to MQTT

Set the tekton password in the mosquitto passwd file (common/mosquitto.conf) and then:

oc create secret generic mqtt-config --from-literal=OTA_MQTT_URL=mqtts://tekton:secret@mosquitto-build-multiarch.apps.nmasse-q2-2025.sandbox1038.opentlc.com:443/bootc/updates

Rclone config for AWS S3

rclone.conf:

[aws]
type = s3
provider = AWS
access_key_id = REDACTED
secret_access_key = REDACTED
region = eu-west-3

Note: in rclone.conf, set endpoint to the hostname of your S3 gateway when on-premise.

Create the secret:

oc create secret generic rclone-config --from-file=rclone.conf

Initialize data inside the PVC

Create a Pod that uses the two previously created PVC :

apiVersion: v1
kind: Pod
metadata:
  name: rsync
  labels:
    app: rsync
spec:
  containers:
  - name: rsync
    image: registry.redhat.io/ubi9/ubi:9.6
    command: ["/bin/sleep"]
    args: ["INF"]
    volumeMounts:
    - name: bootc-caches
      mountPath: /caches
    - name: bootc-entitlements
      mountPath: /entitlements
    - name: bootc-rpms
      mountPath: /rpms
  volumes:
  - name: bootc-caches
    persistentVolumeClaim:
      claimName: bootc-caches
  - name: bootc-entitlements
    persistentVolumeClaim:
      claimName: bootc-entitlements
  - name: bootc-rpms
    persistentVolumeClaim:
      claimName: bootc-rpms

Then copy all the data to /caches, /rpms and /entitlements.

mkdir -p entitlements
cp etc-x86_64.tar entitlements/x86_64.tar
cp etc-aarch64.tar entitlements/aarch64.tar
oc rsync entitlements rsync:/
oc rsh rsync mkdir -p /caches/{x86_64,aarch64}/{rpm-ostree,dnf}
tar -c -C /path/to/rpms | oc rsh rsync tar -x -C /rpms

You can leave the Pod running or delete it with :

oc delete pod rsync

Run it!

oc create -f pipelinerun.yaml