diff --git a/codeserver/ubi9-python-3.12/Dockerfile.konflux.cpu b/codeserver/ubi9-python-3.12/Dockerfile.konflux.cpu index 989651d242..5b3c815347 100644 --- a/codeserver/ubi9-python-3.12/Dockerfile.konflux.cpu +++ b/codeserver/ubi9-python-3.12/Dockerfile.konflux.cpu @@ -70,6 +70,8 @@ RUN touch /tmp/control # cpu-base # #################### FROM ${BASE_IMAGE} AS cpu-base +USER 0 +RUN subscription-manager refresh WORKDIR /opt/app-root/bin diff --git a/jupyter/datascience/ubi9-python-3.12/Dockerfile.konflux.cpu b/jupyter/datascience/ubi9-python-3.12/Dockerfile.konflux.cpu index 5ac02beacb..6279bdd573 100644 --- a/jupyter/datascience/ubi9-python-3.12/Dockerfile.konflux.cpu +++ b/jupyter/datascience/ubi9-python-3.12/Dockerfile.konflux.cpu @@ -37,6 +37,8 @@ RUN arch="${TARGETARCH:-$(uname -m)}" && \ # cpu-base # #################### FROM ${BASE_IMAGE} AS cpu-base +USER 0 +RUN subscription-manager refresh WORKDIR /opt/app-root/bin diff --git a/jupyter/minimal/ubi9-python-3.12/Dockerfile.konflux.cpu b/jupyter/minimal/ubi9-python-3.12/Dockerfile.konflux.cpu index 1e22471476..bd67f530af 100644 --- a/jupyter/minimal/ubi9-python-3.12/Dockerfile.konflux.cpu +++ b/jupyter/minimal/ubi9-python-3.12/Dockerfile.konflux.cpu @@ -1,12 +1,40 @@ +######################### +# configuration args # +######################### +ARG BASE_IMAGE + # External image alias for UBI repository configuration FROM registry.access.redhat.com/ubi9/ubi AS ubi-repos -FROM quay.io/aipcc/base-images/cpu:3.0-1761652019 AS cpu-base +############################ +# Stage 1: PDF Tool Build # +############################ +FROM registry.access.redhat.com/ubi9/python-312:latest AS pdf-builder + +WORKDIR /opt/app-root/bin # OS Packages needs to be installed as root USER 0 -RUN subscription-manager register --org "$(cat /activation-key/org)" --activationkey "$(cat /activation-key/activationkey)" +# Copy scripts +COPY jupyter/utils/install_texlive.sh ./install_texlive.sh +COPY jupyter/utils/install_pandoc.sh ./install_pandoc.sh +RUN chmod +x install_texlive.sh install_pandoc.sh + +RUN ./install_texlive.sh +RUN ./install_pandoc.sh + +#################### +# cpu-base # +#################### +FROM ${BASE_IMAGE} AS cpu-base +USER 0 +RUN subscription-manager refresh + +WORKDIR /opt/app-root/bin + +# OS Packages needs to be installed as root +USER 0 # Inject the official UBI 9 repository configuration into the AIPCC base image. # The Quay-based AIPCC image is "repo-less" by default (https://gitlab.com/redhat/rhel-ai/core/base-images/app#repositories), so dnf cannot upgrade or install packages. @@ -24,4 +52,73 @@ RUN dnf -y upgrade --refresh --nobest --skip-broken --nodocs --noplugins --setop # Install useful OS packages RUN dnf install -y perl mesa-libGL skopeo && dnf clean all && rm -rf /var/cache/yum +# Other apps and tools installed as default user USER 1001 + +# Install micropipenv and uv to deploy packages from requirements.txt begin +RUN pip install --no-cache-dir -U "micropipenv[toml]==1.9.0" "uv==0.8.12" +# Install micropipenv and uv to deploy packages from requirements.txt end + +# Install the oc client begin +RUN curl -L https://mirror.openshift.com/pub/openshift-v4/$(uname -m)/clients/ocp/stable/openshift-client-linux.tar.gz \ + -o /tmp/openshift-client-linux.tar.gz && \ + tar -xzvf /tmp/openshift-client-linux.tar.gz oc && \ + rm -f /tmp/openshift-client-linux.tar.gz +# Install the oc client end + +#################### +# jupyter-minimal # +#################### +FROM cpu-base AS jupyter-minimal + +ARG JUPYTER_REUSABLE_UTILS=jupyter/utils +ARG MINIMAL_SOURCE_CODE=jupyter/minimal/ubi9-python-3.12 + +WORKDIR /opt/app-root/bin + +COPY ${JUPYTER_REUSABLE_UTILS} utils/ + +USER 0 + +# Dependencies for PDF export begin +RUN --mount=type=cache,from=pdf-builder,source=/usr/local/,target=/pdf_builder/,rw \ + bash -c ' \ + if [[ "$(uname -m)" == "ppc64le" ]]; then \ + cp -r /pdf_builder/texlive /usr/local/; \ + cp -r /pdf_builder/pandoc /usr/local/; \ + else \ + ./utils/install_pdf_deps.sh; \ + fi' + +USER 1001 + +COPY ${MINIMAL_SOURCE_CODE}/pylock.toml ${MINIMAL_SOURCE_CODE}/start-notebook.sh ./ + +# Install Python dependencies from requirements.txt file +RUN echo "Installing softwares and packages" && \ + # This may have to download and compile some dependencies, and as we don't lock requirements from `build-system.requires`, + # we often don't know the correct hashes and `--require-hashes` would therefore fail on non amd64, where building is common. + uv pip install --strict --no-deps --no-cache --no-config --no-progress --verify-hashes --compile-bytecode --index-strategy=unsafe-best-match --requirements=./pylock.toml && \ + # Disable announcement plugin of jupyterlab \ + jupyter labextension disable "@jupyterlab/apputils-extension:announcements" && \ + # Replace Notebook's launcher, "(ipykernel)" with Python's version 3.x.y \ + sed -i -e "s/Python.*/$(python --version | cut -d '.' -f-2)\",/" /opt/app-root/share/jupyter/kernels/python3/kernel.json && \ + # copy jupyter configuration + cp /opt/app-root/bin/utils/jupyter_server_config.py /opt/app-root/etc/jupyter && \ + # Fix permissions to support pip in Openshift environments \ + chmod -R g+w /opt/app-root/lib/python3.12/site-packages && \ + fix-permissions /opt/app-root -P && \ + # Apply JupyterLab addons \ + /opt/app-root/bin/utils/addons/apply.sh + +WORKDIR /opt/app-root/src + +ENTRYPOINT ["start-notebook.sh"] + +LABEL name="rhoai/odh-workbench-jupyter-minimal-cpu-py312-rhel9" \ + com.redhat.component="odh-workbench-jupyter-minimal-cpu-py312-rhel9" \ + io.k8s.display-name="odh-workbench-jupyter-minimal-cpu-py312-rhel9" \ + summary="Minimal Jupyter CPU notebook image for ODH notebooks" \ + description="Minimal Jupyter CPU notebook image with base Python 3.12 builder image based on UBI9 for ODH notebooks" \ + io.k8s.description="Minimal Jupyter CPU notebook image with base Python 3.12 builder image based on UBI9 for ODH notebooks" \ + com.redhat.license_terms="https://www.redhat.com/licenses/Red_Hat_Standard_EULA_20191108.pdf" diff --git a/jupyter/minimal/ubi9-python-3.12/Dockerfile.konflux.cuda b/jupyter/minimal/ubi9-python-3.12/Dockerfile.konflux.cuda index 3c741d9715..b725fbc391 100644 --- a/jupyter/minimal/ubi9-python-3.12/Dockerfile.konflux.cuda +++ b/jupyter/minimal/ubi9-python-3.12/Dockerfile.konflux.cuda @@ -12,6 +12,8 @@ FROM registry.access.redhat.com/ubi9/ubi AS ubi-repos # cuda-base # #################### FROM ${BASE_IMAGE} AS cuda-base +USER 0 +RUN subscription-manager refresh WORKDIR /opt/app-root/bin diff --git a/jupyter/minimal/ubi9-python-3.12/Dockerfile.konflux.rocm b/jupyter/minimal/ubi9-python-3.12/Dockerfile.konflux.rocm index 4ae07f9283..a677080a2e 100644 --- a/jupyter/minimal/ubi9-python-3.12/Dockerfile.konflux.rocm +++ b/jupyter/minimal/ubi9-python-3.12/Dockerfile.konflux.rocm @@ -10,6 +10,8 @@ FROM registry.access.redhat.com/ubi9/ubi AS ubi-repos # rocm-base # #################### FROM ${BASE_IMAGE} AS rocm-base +USER 0 +RUN subscription-manager refresh WORKDIR /opt/app-root/bin diff --git a/jupyter/trustyai/ubi9-python-3.12/Dockerfile.konflux.cpu b/jupyter/trustyai/ubi9-python-3.12/Dockerfile.konflux.cpu index 985431abd9..c1fa8ab8fc 100644 --- a/jupyter/trustyai/ubi9-python-3.12/Dockerfile.konflux.cpu +++ b/jupyter/trustyai/ubi9-python-3.12/Dockerfile.konflux.cpu @@ -23,6 +23,8 @@ RUN cd ./mongodb-cli-mongocli-v${MONGOCLI_VERSION}/ && \ # wheel-cache-base # #################### FROM ${BASE_IMAGE} AS whl-cache +USER 0 +RUN subscription-manager refresh # hadolint ignore=DL3002 USER root diff --git a/runtimes/datascience/ubi9-python-3.12/Dockerfile.konflux.cpu b/runtimes/datascience/ubi9-python-3.12/Dockerfile.konflux.cpu index ca0ceb13b6..c188930875 100644 --- a/runtimes/datascience/ubi9-python-3.12/Dockerfile.konflux.cpu +++ b/runtimes/datascience/ubi9-python-3.12/Dockerfile.konflux.cpu @@ -10,6 +10,8 @@ FROM registry.access.redhat.com/ubi9/ubi AS ubi-repos # cpu-base # #################### FROM ${BASE_IMAGE} AS cpu-base +USER 0 +RUN subscription-manager refresh ARG TARGETARCH diff --git a/runtimes/minimal/ubi9-python-3.12/Dockerfile.konflux.cpu b/runtimes/minimal/ubi9-python-3.12/Dockerfile.konflux.cpu index 3913bec0c2..0000a7c2de 100644 --- a/runtimes/minimal/ubi9-python-3.12/Dockerfile.konflux.cpu +++ b/runtimes/minimal/ubi9-python-3.12/Dockerfile.konflux.cpu @@ -10,6 +10,8 @@ FROM registry.access.redhat.com/ubi9/ubi AS ubi-repos # cpu-base # #################### FROM ${BASE_IMAGE} AS cpu-base +USER 0 +RUN subscription-manager refresh WORKDIR /opt/app-root/bin