OCI registry and example of usage (#493)

* change: remove istio annotations

* change: use zot image

Author: fege

tests/conftest.py

@@ -19,6 +19,7 @@
 from ocp_resources.mariadb_operator import MariadbOperator
 from ocp_resources.node import Node
 from ocp_resources.pod import Pod
+from ocp_resources.route import Route
 from ocp_resources.secret import Secret
 from ocp_resources.service import Service
 from ocp_resources.subscription import Subscription
@@ -49,6 +50,7 @@
     DscComponents,
     Labels,
     MinIo,
+    OCIRegistry,
     Protocols,
     Timeout,
     OPENSHIFT_OPERATORS,
@@ -565,6 +567,123 @@ def minio_data_connection(
         yield secret
 
 
+# OCI Registry
+@pytest.fixture(scope="class")
+def oci_namespace(admin_client: DynamicClient) -> Generator[Namespace, Any, Any]:
+    with create_ns(
+        name=f"{OCIRegistry.Metadata.NAME}-{shortuuid.uuid().lower()}",
+        admin_client=admin_client,
+    ) as ns:
+        yield ns
+
+
+@pytest.fixture(scope="class")
+def oci_registry_pod_with_minio(
+    request: FixtureRequest,
+    admin_client: DynamicClient,
+    oci_namespace: Namespace,
+    minio_service: Service,
+) -> Generator[Pod, Any, Any]:
+    pod_labels = {Labels.Openshift.APP: OCIRegistry.Metadata.NAME}
+
+    if labels := request.param.get("labels"):
+        pod_labels.update(labels)
+
+    minio_fqdn = f"{minio_service.name}.{minio_service.namespace}.svc.cluster.local"
+    minio_endpoint = f"{minio_fqdn}:{MinIo.Metadata.DEFAULT_PORT}"
+
+    with Pod(
+        client=admin_client,
+        name=OCIRegistry.Metadata.NAME,
+        namespace=oci_namespace.name,
+        containers=[
+            {
+                "args": request.param.get("args"),
+                "env": [
+                    {"name": "ZOT_STORAGE_STORAGEDRIVER_NAME", "value": OCIRegistry.Storage.STORAGE_DRIVER},
+                    {
+                        "name": "ZOT_STORAGE_STORAGEDRIVER_ROOTDIRECTORY",
+                        "value": OCIRegistry.Storage.STORAGE_DRIVER_ROOT_DIRECTORY,
+                    },
+                    {"name": "ZOT_STORAGE_STORAGEDRIVER_BUCKET", "value": MinIo.Buckets.MODELMESH_EXAMPLE_MODELS},
+                    {"name": "ZOT_STORAGE_STORAGEDRIVER_REGION", "value": OCIRegistry.Storage.STORAGE_DRIVER_REGION},
+                    {"name": "ZOT_STORAGE_STORAGEDRIVER_REGIONENDPOINT", "value": f"http://{minio_endpoint}"},
+                    {"name": "ZOT_STORAGE_STORAGEDRIVER_ACCESSKEY", "value": MinIo.Credentials.ACCESS_KEY_VALUE},
+                    {"name": "ZOT_STORAGE_STORAGEDRIVER_SECRETKEY", "value": MinIo.Credentials.SECRET_KEY_VALUE},
+                    {
+                        "name": "ZOT_STORAGE_STORAGEDRIVER_SECURE",
+                        "value": OCIRegistry.Storage.STORAGE_STORAGEDRIVER_SECURE,
+                    },
+                    {
+                        "name": "ZOT_STORAGE_STORAGEDRIVER_FORCEPATHSTYLE",
+                        "value": OCIRegistry.Storage.STORAGE_STORAGEDRIVER_FORCEPATHSTYLE,
+                    },
+                    {"name": "ZOT_HTTP_ADDRESS", "value": OCIRegistry.Metadata.DEFAULT_HTTP_ADDRESS},
+                    {"name": "ZOT_HTTP_PORT", "value": str(OCIRegistry.Metadata.DEFAULT_PORT)},
+                    {"name": "ZOT_LOG_LEVEL", "value": "info"},
+                ],
+                "image": request.param.get("image", OCIRegistry.PodConfig.REGISTRY_IMAGE),
+                "name": OCIRegistry.Metadata.NAME,
+                "securityContext": {
+                    "allowPrivilegeEscalation": False,
+                    "capabilities": {"drop": ["ALL"]},
+                    "runAsNonRoot": True,
+                    "seccompProfile": {"type": "RuntimeDefault"},
+                },
+                "volumeMounts": [
+                    {
+                        "name": "zot-data",
+                        "mountPath": "/var/lib/registry",
+                    }
+                ],
+            }
+        ],
+        volumes=[
+            {
+                "name": "zot-data",
+                "emptyDir": {},
+            }
+        ],
+        label=pod_labels,
+        annotations=request.param.get("annotations"),
+    ) as oci_pod:
+        oci_pod.wait_for_condition(condition="Ready", status="True")
+        yield oci_pod
+
+
+@pytest.fixture(scope="class")
+def oci_registry_service(admin_client: DynamicClient, oci_namespace: Namespace) -> Generator[Service, Any, Any]:
+    with Service(
+        client=admin_client,
+        name=OCIRegistry.Metadata.NAME,
+        namespace=oci_namespace.name,
+        ports=[
+            {
+                "name": f"{OCIRegistry.Metadata.NAME}-port",
+                "port": OCIRegistry.Metadata.DEFAULT_PORT,
+                "protocol": Protocols.TCP,
+                "targetPort": OCIRegistry.Metadata.DEFAULT_PORT,
+            }
+        ],
+        selector={
+            Labels.Openshift.APP: OCIRegistry.Metadata.NAME,
+        },
+        session_affinity="ClientIP",
+    ) as oci_service:
+        yield oci_service
+
+
+@pytest.fixture(scope="class")
+def oci_registry_route(admin_client: DynamicClient, oci_registry_service: Service) -> Generator[Route, Any, Any]:
+    with Route(
+        client=admin_client,
+        name=OCIRegistry.Metadata.NAME,
+        namespace=oci_registry_service.namespace,
+        service=oci_registry_service.name,
+    ) as oci_route:
+        yield oci_route
+
+
 @pytest.fixture(scope="session")
 def nodes(admin_client: DynamicClient) -> Generator[list[Node], Any, Any]:
     yield list(Node.get(dyn_client=admin_client))

tests/model_registry/async_job/__init__.py

@@ -0,0 +1,66 @@
+import pytest
+import json
+
+from ocp_resources.route import Route
+
+from utilities.constants import OCIRegistry, MinIo
+from simple_logger.logger import get_logger
+from tests.model_registry.async_job.utils import (
+    push_blob_to_oci_registry,
+    create_manifest,
+    push_manifest_to_oci_registry,
+    pull_manifest_from_oci_registry,
+)
+
+LOGGER = get_logger(name=__name__)
+
+
+@pytest.mark.parametrize(
+    "minio_pod, oci_registry_pod_with_minio",
+    [
+        pytest.param(
+            MinIo.PodConfig.MODEL_MESH_MINIO_CONFIG,
+            OCIRegistry.PodConfig.REGISTRY_BASE_CONFIG,
+        )
+    ],
+    indirect=True,
+)
+@pytest.mark.usefixtures("minio_pod", "oci_registry_pod_with_minio", "oci_registry_route")
+class TestOciRegistry:
+    """
+    Temporary test for OCI registry deployment functionality using MinIO backend
+    It will be replaced with a more comprehensive e2e test as part of https://issues.redhat.com/browse/RHOAISTRAT-456
+    """
+
+    def test_oci_registry_push_and_pull_operations(
+        self,
+        oci_registry_route: Route,
+    ) -> None:
+        """Test pushing and pulling content to/from the OCI registry with MinIO backend."""
+
+        registry_host = oci_registry_route.instance.spec.host
+        registry_url = f"http://{registry_host}"
+
+        LOGGER.info(f"Testing OCI registry at: {registry_url}")
+        test_repo = "test/simple-artifact"
+        test_tag = "v1.0"
+        test_data = b"Hello from OCI registry test! This could be model data stored in MinIO."
+
+        blob_digest = push_blob_to_oci_registry(registry_url=registry_url, data=test_data, repo=test_repo)
+
+        config_data = {"architecture": "amd64", "os": "linux"}
+        config_json = json.dumps(config_data, separators=(",", ":")).encode("utf-8")
+        config_digest = push_blob_to_oci_registry(registry_url=registry_url, data=config_json, repo=test_repo)
+
+        manifest = create_manifest(
+            blob_digest=blob_digest, config_json=config_json, config_digest=config_digest, data=test_data
+        )
+
+        push_manifest_to_oci_registry(registry_url=registry_url, manifest=manifest, repo=test_repo, tag=test_tag)
+
+        manifest_get = pull_manifest_from_oci_registry(registry_url=registry_url, repo=test_repo, tag=test_tag)
+
+        assert manifest_get["schemaVersion"] == 2
+        assert manifest_get["config"]["digest"] == config_digest
+        assert len(manifest_get["layers"]) == 1
+        assert manifest_get["layers"][0]["digest"] == blob_digest

tests/model_registry/async_job/test_basic_oci_registry.py

@@ -0,0 +1,73 @@
+import hashlib
+import requests
+import json
+
+from simple_logger.logger import get_logger
+
+LOGGER = get_logger(name=__name__)
+
+
+def push_blob_to_oci_registry(registry_url: str, data: bytes, repo: str = "test/simple-artifact") -> str:
+    """
+    Push a blob to an OCI registry.
+    https://specs.opencontainers.org/distribution-spec/?v=v1.0.0#pushing-blobs
+    POST to /v2/<repo>/blobs/uploads/ in order to initiate the upload
+    The response will contain a Location header that contains the upload URL
+    PUT to the Location URL with the data to be uploaded
+    """
+
+    blob_digest = f"sha256:{hashlib.sha256(data).hexdigest()}"
+
+    LOGGER.info(f"Pushing blob with digest: {blob_digest}")
+
+    upload_response = requests.post(f"{registry_url}/v2/{repo}/blobs/uploads/", timeout=10)
+    LOGGER.info(f"Blob upload initiation: {upload_response.status_code}")
+    assert upload_response.status_code == 202, f"Failed to initiate blob upload: {upload_response.status_code}"
+
+    upload_location = upload_response.headers.get("Location")
+    LOGGER.info(f"Upload location: {upload_location}")
+    base_url = f"{registry_url}{upload_location}"
+    upload_url = f"{base_url}?digest={blob_digest}"
+    response = requests.put(url=upload_url, data=data, headers={"Content-Type": "application/octet-stream"}, timeout=10)
+    assert response.status_code == 201, f"Failed to upload blob: {response.status_code}"
+    return blob_digest
+
+
+def create_manifest(blob_digest: str, config_json: str, config_digest: str, data: bytes) -> bytes:
+    """Create a manifest for an OCI registry."""
+
+    manifest = {
+        "schemaVersion": 2,
+        "mediaType": "application/vnd.oci.image.manifest.v1+json",
+        "config": {
+            "mediaType": "application/vnd.oci.image.config.v1+json",
+            "size": len(config_json),
+            "digest": config_digest,
+        },
+        "layers": [{"mediaType": "application/vnd.oci.image.layer.v1.tar", "size": len(data), "digest": blob_digest}],
+    }
+
+    return json.dumps(manifest, separators=(",", ":")).encode("utf-8")
+
+
+def push_manifest_to_oci_registry(registry_url: str, manifest: bytes, repo: str, tag: str) -> None:
+    """Push a manifest to an OCI registry."""
+    response = requests.put(
+        f"{registry_url}/v2/{repo}/manifests/{tag}",
+        data=manifest,
+        headers={"Content-Type": "application/vnd.oci.image.manifest.v1+json"},
+        timeout=10,
+    )
+    assert response.status_code == 201, f"Failed to push manifest: {response.status_code}"
+
+
+def pull_manifest_from_oci_registry(registry_url: str, repo: str, tag: str) -> dict:
+    """Pull a manifest from an OCI registry."""
+    response = requests.get(
+        f"{registry_url}/v2/{repo}/manifests/{tag}",
+        headers={"Accept": "application/vnd.oci.image.manifest.v1+json"},
+        timeout=10,
+    )
+    LOGGER.info(f"Manifest pull: {response.status_code}")
+    assert response.status_code == 200, f"Failed to pull manifest: {response.status_code}"
+    return response.json()

tests/model_registry/async_job/utils.py

@@ -246,6 +246,29 @@ class ModelCarImage:
     GRANITE_8B_CODE_INSTRUCT: str = "oci://registry.redhat.io/rhelai1/modelcar-granite-8b-code-instruct:1.4"
 
 
+class OCIRegistry:
+    class Metadata:
+        NAME: str = "oci-registry"
+        DEFAULT_PORT: int = 5000
+        DEFAULT_HTTP_ADDRESS: str = "0.0.0.0"
+
+    class PodConfig:
+        REGISTRY_IMAGE: str = "ghcr.io/project-zot/zot-linux-amd64:v2.1.7"
+        REGISTRY_BASE_CONFIG: dict[str, Any] = {
+            "args": None,
+            "labels": {
+                "maistra.io/expose-route": "true",
+            },
+        }
+
+    class Storage:
+        STORAGE_DRIVER: str = "s3"
+        STORAGE_DRIVER_ROOT_DIRECTORY: str = "/registry"
+        STORAGE_DRIVER_REGION: str = "us-east-1"
+        STORAGE_STORAGEDRIVER_SECURE: str = "false"
+        STORAGE_STORAGEDRIVER_FORCEPATHSTYLE: str = "true"
+
+
 class MinIo:
     class Metadata:
         NAME: str = "minio"