[feature] Add support for model artifacts in the "modelcar" format #11584
Comments
|
/assign @mprahl |
|
I think this is a great proposal @mprahl, thank you. There are various benefits to this approach beyond pull secrets. The linked Kserve page outlines some of these, but I'll paste them here for clarity: As kserve is an addon component to KF, aligning here just makes sense as well. cc @franciscojavierarceo fyi |
|
Nice, this is great @mprahl ! |
mprahl
added a commit
to mprahl/pipelines
that referenced
this issue
Feb 5, 2025
This allows dsl.import to leverage Modelcar container images in an OCI repository. This works by having any component container have an init container with the image set to the Modelcar container image and the /models directory contents copied to an empty dir volume that is accessible in the component container. This approach has the benefit of leveraging image pull secrets configured on the Kubernetes cluster rather than require separate credentials for importing the artifact. Note that once Kubernetes supports OCI images as volume mounts for several releases, consider replacing the init container with that approach. Resolves: kubeflow#11584 Signed-off-by: mprahl <[email protected]>
2 tasks
mprahl
added a commit
to mprahl/pipelines
that referenced
this issue
Feb 5, 2025
This allows dsl.import to leverage Modelcar container images in an OCI repository. This works by having any component container have an init container with the image set to the Modelcar container image and the /models directory contents copied to an empty dir volume that is accessible in the component container. This approach has the benefit of leveraging image pull secrets configured on the Kubernetes cluster rather than require separate credentials for importing the artifact. Note that once Kubernetes supports OCI images as volume mounts for several releases, consider replacing the init container with that approach. Resolves: kubeflow#11584 Signed-off-by: mprahl <[email protected]>
mprahl
added a commit
to mprahl/pipelines
that referenced
this issue
Feb 5, 2025
This allows dsl.import to leverage Modelcar container images in an OCI repository. This works by having any component container have an init container with the image set to the Modelcar container image and the /models directory contents copied to an empty dir volume that is accessible in the component container. This approach has the benefit of leveraging image pull secrets configured on the Kubernetes cluster rather than require separate credentials for importing the artifact. Note that once Kubernetes supports OCI images as volume mounts for several releases, consider replacing the init container with that approach. Resolves: kubeflow#11584 Signed-off-by: mprahl <[email protected]>
mprahl
added a commit
to mprahl/pipelines
that referenced
this issue
Feb 5, 2025
This allows dsl.import to leverage Modelcar container images in an OCI repository. This works by having any component container have an init container with the image set to the Modelcar container image and the /models directory contents copied to an empty dir volume that is accessible in the component container. This approach has the benefit of leveraging image pull secrets configured on the Kubernetes cluster rather than require separate credentials for importing the artifact. Note that once Kubernetes supports OCI images as volume mounts for several releases, consider replacing the init container with that approach. Resolves: kubeflow#11584 Signed-off-by: mprahl <[email protected]>
mprahl
added a commit
to mprahl/pipelines
that referenced
this issue
Feb 5, 2025
This allows dsl.import to leverage Modelcar container images in an OCI repository. This works by having any component container have an init container with the image set to the Modelcar container image and the /models directory contents copied to an empty dir volume that is accessible in the component container. This approach has the benefit of leveraging image pull secrets configured on the Kubernetes cluster rather than require separate credentials for importing the artifact. Note that once Kubernetes supports OCI images as volume mounts for several releases, consider replacing the init container with that approach. Resolves: kubeflow#11584 Signed-off-by: mprahl <[email protected]>
mprahl
added a commit
to mprahl/pipelines
that referenced
this issue
Feb 5, 2025
This allows dsl.import to leverage Modelcar container images in an OCI repository. This works by having any component container have an init container with the image set to the Modelcar container image and the /models directory contents copied to an empty dir volume that is accessible in the component container. This approach has the benefit of leveraging image pull secrets configured on the Kubernetes cluster rather than require separate credentials for importing the artifact. Note that once Kubernetes supports OCI images as volume mounts for several releases, consider replacing the init container with that approach. Resolves: kubeflow#11584 Signed-off-by: mprahl <[email protected]>
mprahl
added a commit
to mprahl/pipelines
that referenced
this issue
Feb 5, 2025
This allows dsl.import to leverage Modelcar container images in an OCI repository. This works by having any component container have an init container with the image set to the Modelcar container image and the /models directory contents copied to an empty dir volume that is accessible in the component container. This approach has the benefit of leveraging image pull secrets configured on the Kubernetes cluster rather than require separate credentials for importing the artifact. Note that once Kubernetes supports OCI images as volume mounts for several releases, consider replacing the init container with that approach. Resolves: kubeflow#11584 Signed-off-by: mprahl <[email protected]>
mprahl
added a commit
to mprahl/pipelines
that referenced
this issue
Feb 6, 2025
This allows dsl.import to leverage Modelcar container images in an OCI repository. This works by having any component container have an init container with the image set to the Modelcar container image and the /models directory contents copied to an empty dir volume that is accessible in the component container. This approach has the benefit of leveraging image pull secrets configured on the Kubernetes cluster rather than require separate credentials for importing the artifact. Note that once Kubernetes supports OCI images as volume mounts for several releases, consider replacing the init container with that approach. Resolves: kubeflow#11584 Signed-off-by: mprahl <[email protected]>
mprahl
added a commit
to mprahl/pipelines
that referenced
this issue
Feb 6, 2025
This allows dsl.import to leverage Modelcar container images in an OCI repository. This works by having any component container have an init container with the image set to the Modelcar container image and the /models directory contents copied to an emptyDir volume that is accessible in the component container. This approach has the benefit of leveraging image pull secrets configured on the Kubernetes cluster rather than require separate credentials for importing the artifact. Note that once Kubernetes supports OCI images as volume mounts for several releases, consider replacing the init container with that approach. Resolves: kubeflow#11584 Signed-off-by: mprahl <[email protected]>
mprahl
added a commit
to mprahl/pipelines
that referenced
this issue
Feb 6, 2025
This allows dsl.import to leverage Modelcar container images in an OCI repository. This works by having any component container have an init container with the image set to the Modelcar container image and the /models directory contents copied to an emptyDir volume that is accessible in the component container. This approach has the benefit of leveraging image pull secrets configured on the Kubernetes cluster rather than require separate credentials for importing the artifact. Note that once Kubernetes supports OCI images as volume mounts for several releases, consider replacing the init container with that approach. Resolves: kubeflow#11584 Signed-off-by: mprahl <[email protected]>
mprahl
added a commit
to mprahl/pipelines
that referenced
this issue
Feb 6, 2025
This allows dsl.import to leverage Modelcar container images in an OCI repository. This works by having any component container have an init container with the image set to the Modelcar container image and the /models directory contents copied to an emptyDir volume that is accessible in the component container. This approach has the benefit of leveraging image pull secrets configured on the Kubernetes cluster rather than require separate credentials for importing the artifact. Note that once Kubernetes supports OCI images as volume mounts for several releases, consider replacing the init container with that approach. Resolves: kubeflow#11584 Signed-off-by: mprahl <[email protected]>
mprahl
added a commit
to mprahl/pipelines
that referenced
this issue
Feb 6, 2025
This allows dsl.import to leverage Modelcar container images in an OCI repository. This works by having any component container have an init container with the image set to the Modelcar container image and the /models directory contents copied to an emptyDir volume that is accessible in the component container. This approach has the benefit of leveraging image pull secrets configured on the Kubernetes cluster rather than require separate credentials for importing the artifact. Note that once Kubernetes supports OCI images as volume mounts for several releases, consider replacing the init container with that approach. Resolves: kubeflow#11584 Signed-off-by: mprahl <[email protected]>
mprahl
added a commit
to mprahl/pipelines
that referenced
this issue
Feb 6, 2025
This allows dsl.import to leverage Modelcar container images in an OCI repository. This works by having any component container have an init container with the image set to the Modelcar container image and the /models directory contents copied to an emptyDir volume that is accessible in the component container. This approach has the benefit of leveraging image pull secrets configured on the Kubernetes cluster rather than require separate credentials for importing the artifact. Note that once Kubernetes supports OCI images as volume mounts for several releases, consider replacing the init container with that approach. Resolves: kubeflow#11584 Signed-off-by: mprahl <[email protected]>
mprahl
added a commit
to mprahl/pipelines
that referenced
this issue
Feb 6, 2025
This allows dsl.import to leverage Modelcar container images in an OCI repository. This works by having any component container have an init container with the image set to the Modelcar container image and the /models directory contents copied to an emptyDir volume that is accessible in the component container. This approach has the benefit of leveraging image pull secrets configured on the Kubernetes cluster rather than require separate credentials for importing the artifact. Note that once Kubernetes supports OCI images as volume mounts for several releases, consider replacing the init container with that approach. Resolves: kubeflow#11584 Signed-off-by: mprahl <[email protected]>
mprahl
added a commit
to mprahl/pipelines
that referenced
this issue
Feb 6, 2025
This allows dsl.import to leverage Modelcar container images in an OCI repository. This works by having any component container have an init container with the image set to the Modelcar container image and the /models directory contents copied to an emptyDir volume that is accessible in the component container. This approach has the benefit of leveraging image pull secrets configured on the Kubernetes cluster rather than require separate credentials for importing the artifact. Note that once Kubernetes supports OCI images as volume mounts for several releases, consider replacing the init container with that approach. Resolves: kubeflow#11584 Signed-off-by: mprahl <[email protected]>
mprahl
added a commit
to mprahl/pipelines
that referenced
this issue
Feb 8, 2025
This allows dsl.import to leverage Modelcar container images in an OCI repository. This works by having an init container prepull the image and then adding a sidecar container when the launcher container is running. The Modelcar container adds a symlink to its /models directory in an emptyDir volume that is accessible by the launcher container. Once the launcher is done running the user code, it stops the Modelcar container images. This approach has the benefit of leveraging image pull secrets configured on the Kubernetes cluster rather than require separate credentials for importing the artifact. Additionally, no data is copied to the emptyDir volume, so the storage cost is just pulling the Modelcar container image on the Kubernetes worker node. Note that once Kubernetes supports OCI images as volume mounts for several releases, consider replacing the init container with that approach. Resolves: kubeflow#11584 Signed-off-by: mprahl <[email protected]>
Merged
2 tasks
mprahl
added a commit
to mprahl/pipelines
that referenced
this issue
Feb 8, 2025
This allows dsl.import to leverage Modelcar container images in an OCI repository. This works by having an init container prepull the image and then adding a sidecar container when the launcher container is running. The Modelcar container adds a symlink to its /models directory in an emptyDir volume that is accessible by the launcher container. Once the launcher is done running the user code, it stops the Modelcar container images. This approach has the benefit of leveraging image pull secrets configured on the Kubernetes cluster rather than require separate credentials for importing the artifact. Additionally, no data is copied to the emptyDir volume, so the storage cost is just pulling the Modelcar container image on the Kubernetes worker node. Note that once Kubernetes supports OCI images as volume mounts for several releases, consider replacing the init container with that approach. Resolves: kubeflow#11584 Signed-off-by: mprahl <[email protected]>
mprahl
added a commit
to mprahl/pipelines
that referenced
this issue
Feb 8, 2025
This allows dsl.import to leverage Modelcar container images in an OCI repository. This works by having an init container prepull the image and then adding a sidecar container when the launcher container is running. The Modelcar container adds a symlink to its /models directory in an emptyDir volume that is accessible by the launcher container. Once the launcher is done running the user code, it stops the Modelcar container images. This approach has the benefit of leveraging image pull secrets configured on the Kubernetes cluster rather than require separate credentials for importing the artifact. Additionally, no data is copied to the emptyDir volume, so the storage cost is just pulling the Modelcar container image on the Kubernetes worker node. Note that once Kubernetes supports OCI images as volume mounts for several releases, consider replacing the init container with that approach. Resolves: kubeflow#11584 Signed-off-by: mprahl <[email protected]>
mprahl
added a commit
to mprahl/pipelines
that referenced
this issue
Feb 8, 2025
This allows dsl.import to leverage Modelcar container images in an OCI repository. This works by having an init container prepull the image and then adding a sidecar container when the launcher container is running. The Modelcar container adds a symlink to its /models directory in an emptyDir volume that is accessible by the launcher container. Once the launcher is done running the user code, it stops the Modelcar container images. This approach has the benefit of leveraging image pull secrets configured on the Kubernetes cluster rather than require separate credentials for importing the artifact. Additionally, no data is copied to the emptyDir volume, so the storage cost is just pulling the Modelcar container image on the Kubernetes worker node. Note that once Kubernetes supports OCI images as volume mounts for several releases, consider replacing the init container with that approach. Resolves: kubeflow#11584 Signed-off-by: mprahl <[email protected]>
mprahl
added a commit
to mprahl/pipelines
that referenced
this issue
Feb 8, 2025
This allows dsl.import to leverage Modelcar container images in an OCI repository. This works by having an init container prepull the image and then adding a sidecar container when the launcher container is running. The Modelcar container adds a symlink to its /models directory in an emptyDir volume that is accessible by the launcher container. Once the launcher is done running the user code, it stops the Modelcar container images. This approach has the benefit of leveraging image pull secrets configured on the Kubernetes cluster rather than require separate credentials for importing the artifact. Additionally, no data is copied to the emptyDir volume, so the storage cost is just pulling the Modelcar container image on the Kubernetes worker node. Note that once Kubernetes supports OCI images as volume mounts for several releases, consider replacing the init container with that approach. Resolves: kubeflow#11584 Signed-off-by: mprahl <[email protected]>
mprahl
added a commit
to mprahl/pipelines
that referenced
this issue
Feb 8, 2025
This allows dsl.import to leverage Modelcar container images in an OCI repository. This works by having an init container prepull the image and then adding a sidecar container when the launcher container is running. The Modelcar container adds a symlink to its /models directory in an emptyDir volume that is accessible by the launcher container. Once the launcher is done running the user code, it stops the Modelcar container images. This approach has the benefit of leveraging image pull secrets configured on the Kubernetes cluster rather than require separate credentials for importing the artifact. Additionally, no data is copied to the emptyDir volume, so the storage cost is just pulling the Modelcar container image on the Kubernetes worker node. Note that once Kubernetes supports OCI images as volume mounts for several releases, consider replacing the init container with that approach. Resolves: kubeflow#11584 Signed-off-by: mprahl <[email protected]>
mprahl
added a commit
to mprahl/pipelines
that referenced
this issue
Feb 8, 2025
This allows dsl.import to leverage Modelcar container images in an OCI repository. This works by having an init container prepull the image and then adding a sidecar container when the launcher container is running. The Modelcar container adds a symlink to its /models directory in an emptyDir volume that is accessible by the launcher container. Once the launcher is done running the user code, it stops the Modelcar container images. This approach has the benefit of leveraging image pull secrets configured on the Kubernetes cluster rather than require separate credentials for importing the artifact. Additionally, no data is copied to the emptyDir volume, so the storage cost is just pulling the Modelcar container image on the Kubernetes worker node. Note that once Kubernetes supports OCI images as volume mounts for several releases, consider replacing the init container with that approach. Resolves: kubeflow#11584 Signed-off-by: mprahl <[email protected]>
mprahl
added a commit
to mprahl/pipelines
that referenced
this issue
Feb 10, 2025
This allows dsl.import to leverage Modelcar container images in an OCI repository. This works by having an init container prepull the image and then adding a sidecar container when the launcher container is running. The Modelcar container adds a symlink to its /models directory in an emptyDir volume that is accessible by the launcher container. Once the launcher is done running the user code, it stops the Modelcar containers. This approach has the benefit of leveraging image pull secrets configured on the Kubernetes cluster rather than require separate credentials for importing the artifact. Additionally, no data is copied to the emptyDir volume, so the storage cost is just pulling the Modelcar container image on the Kubernetes worker node. Note that once Kubernetes supports OCI images as volume mounts for several releases, consider replacing the init container with that approach. Resolves: kubeflow#11584 Signed-off-by: mprahl <[email protected]>
mprahl
added a commit
to mprahl/pipelines
that referenced
this issue
Feb 10, 2025
This allows dsl.import to leverage Modelcar container images in an OCI repository. This works by having an init container prepull the image and then adding a sidecar container when the launcher container is running. The Modelcar container adds a symlink to its /models directory in an emptyDir volume that is accessible by the launcher container. Once the launcher is done running the user code, it stops the Modelcar containers. This approach has the benefit of leveraging image pull secrets configured on the Kubernetes cluster rather than require separate credentials for importing the artifact. Additionally, no data is copied to the emptyDir volume, so the storage cost is just pulling the Modelcar container image on the Kubernetes worker node. Note that once Kubernetes supports OCI images as volume mounts for several releases, consider replacing the init container with that approach. Resolves: kubeflow#11584 Signed-off-by: mprahl <[email protected]>
mprahl
added a commit
to mprahl/pipelines
that referenced
this issue
Feb 11, 2025
This allows dsl.import to leverage Modelcar container images in an OCI repository. This works by having an init container prepull the image and then adding a sidecar container when the launcher container is running. The Modelcar container adds a symlink to its /models directory in an emptyDir volume that is accessible by the launcher container. Once the launcher is done running the user code, it stops the Modelcar containers. This approach has the benefit of leveraging image pull secrets configured on the Kubernetes cluster rather than require separate credentials for importing the artifact. Additionally, no data is copied to the emptyDir volume, so the storage cost is just pulling the Modelcar container image on the Kubernetes worker node. Note that once Kubernetes supports OCI images as volume mounts for several releases, consider replacing the init container with that approach. Resolves: kubeflow#11584 Signed-off-by: mprahl <[email protected]>
mprahl
added a commit
to mprahl/pipelines
that referenced
this issue
Feb 11, 2025
This allows dsl.import to leverage Modelcar container images in an OCI repository. This works by having an init container prepull the image and then adding a sidecar container when the launcher container is running. The Modelcar container adds a symlink to its /models directory in an emptyDir volume that is accessible by the launcher container. Once the launcher is done running the user code, it stops the Modelcar containers. This approach has the benefit of leveraging image pull secrets configured on the Kubernetes cluster rather than require separate credentials for importing the artifact. Additionally, no data is copied to the emptyDir volume, so the storage cost is just pulling the Modelcar container image on the Kubernetes worker node. Note that once Kubernetes supports OCI images as volume mounts for several releases, consider replacing the init container with that approach. Resolves: kubeflow#11584 Signed-off-by: mprahl <[email protected]>
mprahl
added a commit
to mprahl/pipelines
that referenced
this issue
Feb 12, 2025
This allows dsl.import to leverage Modelcar container images in an OCI repository. This works by having an init container prepull the image and then adding a sidecar container when the launcher container is running. The Modelcar container adds a symlink to its /models directory in an emptyDir volume that is accessible by the launcher container. Once the launcher is done running the user code, it stops the Modelcar containers. This approach has the benefit of leveraging image pull secrets configured on the Kubernetes cluster rather than require separate credentials for importing the artifact. Additionally, no data is copied to the emptyDir volume, so the storage cost is just pulling the Modelcar container image on the Kubernetes worker node. Note that once Kubernetes supports OCI images as volume mounts for several releases, consider replacing the init container with that approach. Resolves: kubeflow#11584 Signed-off-by: mprahl <[email protected]>
mprahl
added a commit
to mprahl/pipelines
that referenced
this issue
Feb 12, 2025
This allows dsl.import to leverage Modelcar container images in an OCI repository. This works by having an init container prepull the image and then adding a sidecar container when the launcher container is running. The Modelcar container adds a symlink to its /models directory in an emptyDir volume that is accessible by the launcher container. Once the launcher is done running the user code, it stops the Modelcar containers. This approach has the benefit of leveraging image pull secrets configured on the Kubernetes cluster rather than require separate credentials for importing the artifact. Additionally, no data is copied to the emptyDir volume, so the storage cost is just pulling the Modelcar container image on the Kubernetes worker node. Note that once Kubernetes supports OCI images as volume mounts for several releases, consider replacing the init container with that approach. Resolves: kubeflow#11584 Signed-off-by: mprahl <[email protected]>
mprahl
added a commit
to mprahl/pipelines
that referenced
this issue
Feb 12, 2025
This allows dsl.import to leverage Modelcar container images in an OCI repository. This works by having an init container prepull the image and then adding a sidecar container when the launcher container is running. The Modelcar container adds a symlink to its /models directory in an emptyDir volume that is accessible by the launcher container. Once the launcher is done running the user code, it stops the Modelcar containers. This approach has the benefit of leveraging image pull secrets configured on the Kubernetes cluster rather than require separate credentials for importing the artifact. Additionally, no data is copied to the emptyDir volume, so the storage cost is just pulling the Modelcar container image on the Kubernetes worker node. Note that once Kubernetes supports OCI images as volume mounts for several releases, consider replacing the init container with that approach. This also adds a new environment variable of PIPELINE_RUN_AS_USER to set the runAsUser on all pods created by Argo Workflows. Resolves: kubeflow#11584 Signed-off-by: mprahl <[email protected]>
mprahl
added a commit
to mprahl/pipelines
that referenced
this issue
Feb 12, 2025
This allows dsl.import to leverage Modelcar container images in an OCI repository. This works by having an init container prepull the image and then adding a sidecar container when the launcher container is running. The Modelcar container adds a symlink to its /models directory in an emptyDir volume that is accessible by the launcher container. Once the launcher is done running the user code, it stops the Modelcar containers. This approach has the benefit of leveraging image pull secrets configured on the Kubernetes cluster rather than require separate credentials for importing the artifact. Additionally, no data is copied to the emptyDir volume, so the storage cost is just pulling the Modelcar container image on the Kubernetes worker node. Note that once Kubernetes supports OCI images as volume mounts for several releases, consider replacing the init container with that approach. This also adds a new environment variable of PIPELINE_RUN_AS_USER to set the runAsUser on all pods created by Argo Workflows. Resolves: kubeflow#11584 Signed-off-by: mprahl <[email protected]>
mprahl
added a commit
to mprahl/pipelines
that referenced
this issue
Feb 12, 2025
This allows dsl.import to leverage Modelcar container images in an OCI repository. This works by having an init container prepull the image and then adding a sidecar container when the launcher container is running. The Modelcar container adds a symlink to its /models directory in an emptyDir volume that is accessible by the launcher container. Once the launcher is done running the user code, it stops the Modelcar containers. This approach has the benefit of leveraging image pull secrets configured on the Kubernetes cluster rather than require separate credentials for importing the artifact. Additionally, no data is copied to the emptyDir volume, so the storage cost is just pulling the Modelcar container image on the Kubernetes worker node. Note that once Kubernetes supports OCI images as volume mounts for several releases, consider replacing the init container with that approach. This also adds a new environment variable of PIPELINE_RUN_AS_USER to set the runAsUser on all pods created by Argo Workflows. Resolves: kubeflow#11584 Signed-off-by: mprahl <[email protected]>
mprahl
added a commit
to mprahl/pipelines
that referenced
this issue
Feb 12, 2025
This allows dsl.import to leverage Modelcar container images in an OCI repository. This works by having an init container prepull the image and then adding a sidecar container when the launcher container is running. The Modelcar container adds a symlink to its /models directory in an emptyDir volume that is accessible by the launcher container. Once the launcher is done running the user code, it stops the Modelcar containers. This approach has the benefit of leveraging image pull secrets configured on the Kubernetes cluster rather than require separate credentials for importing the artifact. Additionally, no data is copied to the emptyDir volume, so the storage cost is just pulling the Modelcar container image on the Kubernetes worker node. Note that once Kubernetes supports OCI images as volume mounts for several releases, consider replacing the init container with that approach. This also adds a new environment variable of PIPELINE_RUN_AS_USER to set the runAsUser on all pods created by Argo Workflows. Resolves: kubeflow#11584 Signed-off-by: mprahl <[email protected]>
mprahl
added a commit
to mprahl/pipelines
that referenced
this issue
Feb 12, 2025
This allows dsl.import to leverage Modelcar container images in an OCI repository. This works by having an init container prepull the image and then adding a sidecar container when the launcher container is running. The Modelcar container adds a symlink to its /models directory in an emptyDir volume that is accessible by the launcher container. Once the launcher is done running the user code, it stops the Modelcar containers. This approach has the benefit of leveraging image pull secrets configured on the Kubernetes cluster rather than require separate credentials for importing the artifact. Additionally, no data is copied to the emptyDir volume, so the storage cost is just pulling the Modelcar container image on the Kubernetes worker node. Note that once Kubernetes supports OCI images as volume mounts for several releases, consider replacing the init container with that approach. This also adds a new environment variable of PIPELINE_RUN_AS_USER to set the runAsUser on all pods created by Argo Workflows. Resolves: kubeflow#11584 Signed-off-by: mprahl <[email protected]>
mprahl
added a commit
to mprahl/pipelines
that referenced
this issue
Feb 19, 2025
This allows dsl.import to leverage Modelcar container images in an OCI repository. This works by having an init container prepull the image and then adding a sidecar container when the launcher container is running. The Modelcar container adds a symlink to its /models directory in an emptyDir volume that is accessible by the launcher container. Once the launcher is done running the user code, it stops the Modelcar containers. This approach has the benefit of leveraging image pull secrets configured on the Kubernetes cluster rather than require separate credentials for importing the artifact. Additionally, no data is copied to the emptyDir volume, so the storage cost is just pulling the Modelcar container image on the Kubernetes worker node. Note that once Kubernetes supports OCI images as volume mounts for several releases, consider replacing the init container with that approach. This also adds a new environment variable of PIPELINE_RUN_AS_USER to set the runAsUser on all pods created by Argo Workflows. Resolves: kubeflow#11584 Signed-off-by: mprahl <[email protected]>
mprahl
added a commit
to mprahl/pipelines
that referenced
this issue
Feb 19, 2025
This allows dsl.import to leverage Modelcar container images in an OCI repository. This works by having an init container prepull the image and then adding a sidecar container when the launcher container is running. The Modelcar container adds a symlink to its /models directory in an emptyDir volume that is accessible by the launcher container. Once the launcher is done running the user code, it stops the Modelcar containers. This approach has the benefit of leveraging image pull secrets configured on the Kubernetes cluster rather than require separate credentials for importing the artifact. Additionally, no data is copied to the emptyDir volume, so the storage cost is just pulling the Modelcar container image on the Kubernetes worker node. Note that once Kubernetes supports OCI images as volume mounts for several releases, consider replacing the init container with that approach. This also adds a new environment variable of PIPELINE_RUN_AS_USER to set the runAsUser on all pods created by Argo Workflows. Resolves: kubeflow#11584 Signed-off-by: mprahl <[email protected]>
mprahl
added a commit
to mprahl/pipelines
that referenced
this issue
Feb 19, 2025
This allows dsl.import to leverage Modelcar container images in an OCI repository. This works by having an init container prepull the image and then adding a sidecar container when the launcher container is running. The Modelcar container adds a symlink to its /models directory in an emptyDir volume that is accessible by the launcher container. Once the launcher is done running the user code, it stops the Modelcar containers. This approach has the benefit of leveraging image pull secrets configured on the Kubernetes cluster rather than require separate credentials for importing the artifact. Additionally, no data is copied to the emptyDir volume, so the storage cost is just pulling the Modelcar container image on the Kubernetes worker node. Note that once Kubernetes supports OCI images as volume mounts for several releases, consider replacing the init container with that approach. This also adds a new environment variable of PIPELINE_RUN_AS_USER to set the runAsUser on all pods created by Argo Workflows. Resolves: kubeflow#11584 Signed-off-by: mprahl <[email protected]>
mprahl
added a commit
to mprahl/pipelines
that referenced
this issue
Feb 19, 2025
This allows dsl.import to leverage Modelcar container images in an OCI repository. This works by having an init container prepull the image and then adding a sidecar container when the launcher container is running. The Modelcar container adds a symlink to its /models directory in an emptyDir volume that is accessible by the launcher container. Once the launcher is done running the user code, it stops the Modelcar containers. This approach has the benefit of leveraging image pull secrets configured on the Kubernetes cluster rather than require separate credentials for importing the artifact. Additionally, no data is copied to the emptyDir volume, so the storage cost is just pulling the Modelcar container image on the Kubernetes worker node. Note that once Kubernetes supports OCI images as volume mounts for several releases, consider replacing the init container with that approach. This also adds a new environment variable of PIPELINE_RUN_AS_USER to set the runAsUser on all pods created by Argo Workflows. Resolves: kubeflow#11584 Signed-off-by: mprahl <[email protected]>
mprahl
added a commit
to mprahl/pipelines
that referenced
this issue
Feb 19, 2025
This allows dsl.import to leverage Modelcar container images in an OCI repository. This works by having an init container prepull the image and then adding a sidecar container when the launcher container is running. The Modelcar container adds a symlink to its /models directory in an emptyDir volume that is accessible by the launcher container. Once the launcher is done running the user code, it stops the Modelcar containers. This approach has the benefit of leveraging image pull secrets configured on the Kubernetes cluster rather than require separate credentials for importing the artifact. Additionally, no data is copied to the emptyDir volume, so the storage cost is just pulling the Modelcar container image on the Kubernetes worker node. Note that once Kubernetes supports OCI images as volume mounts for several releases, consider replacing the init container with that approach. This also adds a new environment variable of PIPELINE_RUN_AS_USER to set the runAsUser on all Pods created by Argo Workflows. Resolves: kubeflow#11584 Signed-off-by: mprahl <[email protected]>
mprahl
added a commit
to mprahl/pipelines
that referenced
this issue
Feb 19, 2025
This allows dsl.import to leverage Modelcar container images in an OCI repository. This works by having an init container prepull the image and then adding a sidecar container when the launcher container is running. The Modelcar container adds a symlink to its /models directory in an emptyDir volume that is accessible by the launcher container. Once the launcher is done running the user code, it stops the Modelcar containers. This approach has the benefit of leveraging image pull secrets configured on the Kubernetes cluster rather than require separate credentials for importing the artifact. Additionally, no data is copied to the emptyDir volume, so the storage cost is just pulling the Modelcar container image on the Kubernetes worker node. Note that once Kubernetes supports OCI images as volume mounts for several releases, consider replacing the init container with that approach. This also adds a new environment variable of PIPELINE_RUN_AS_USER to set the runAsUser on all Pods created by Argo Workflows. Resolves: kubeflow#11584 Signed-off-by: mprahl <[email protected]>
mprahl
added a commit
to mprahl/pipelines
that referenced
this issue
Feb 19, 2025
This allows dsl.import to leverage Modelcar container images in an OCI repository. This works by having an init container prepull the image and then adding a sidecar container when the launcher container is running. The Modelcar container adds a symlink to its /models directory in an emptyDir volume that is accessible by the launcher container. Once the launcher is done running the user code, it stops the Modelcar containers. This approach has the benefit of leveraging image pull secrets configured on the Kubernetes cluster rather than require separate credentials for importing the artifact. Additionally, no data is copied to the emptyDir volume, so the storage cost is just pulling the Modelcar container image on the Kubernetes worker node. Note that once Kubernetes supports OCI images as volume mounts for several releases, consider replacing the init container with that approach. This also adds a new environment variable of PIPELINE_RUN_AS_USER to set the runAsUser on all Pods created by Argo Workflows. Resolves: kubeflow#11584 Signed-off-by: mprahl <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Feature Area
/area backend
What feature would you like to see?
Currently, a user may import a model as an artifact with the KFP SDK like the following example, but it's limited to S3.
It'd be nice to add support for the modelcar format that is supported in KServe.
The suggestion is for the artifact URI passed to
dsl.importerto have a prefix ofoci://. No changes to the SDK should be needed for this.The KFP driver would see this and add an init container to the launcher pod which launches the modelcar container image and copies the model to an
emptyDirvolume. The artifact output would be the local path to thisemptyDirvolume in the launcher container. The benefit of doing it this way allows for the global image pull secret or image pull secrets assigned to the KFP pipeline runner service account to pull it without specifying additional credentials.Once OCI Volume Source has been GA for several Kubernetes releases, we may consider leverage that instead of the init container.
What is the use case or pain point?
In order to support fine tuning a model stored in an OCI registry in the modelcar format without first copying to S3, it'd be nice to have native support for a model artifact stored in OCI.
Is there a workaround currently?
The user must copy it to S3 outside of the pipeline or manually pull down the image.
Love this idea? Give it a 👍.
The text was updated successfully, but these errors were encountered: