Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[GCP] Update artifact registry/db code #685

Open
wants to merge 15 commits into
base: main
Choose a base branch
from
Open

[GCP] Update artifact registry/db code #685

wants to merge 15 commits into from

Conversation

AaDalal
Copy link

@AaDalal AaDalal commented Feb 13, 2025
edited
Loading

Pull Request Summary

This PR

  • Adds GCP artifact registry support
  • Updates the application code to support fetching database secrets from the GCP secrets manager
  • Updates message brokers to use redis on GCP

Note on upgrading protobuf

There's a dependency resolution issue raised because we installed google api sdks in this PR.

  1. google-api-core[grpc] requires grpcio-status>=1.49.1
  2. grpcio-status>=1.49.1 requires protobuf >= 4.21
  3. we specify that protobuf~=3.20

Soln: upgrade protobuf. Why is is it safe to do this? Look at this pipdeptree output (things that depend on protobuf)

protobuf==3.20.3
├── ddsketch==2.0.4 [requires: protobuf>=3.0.0]
│   └── ddtrace==1.8.3 [requires: ddsketch>=2.0.1]
├── ddtrace==1.8.3 [requires: protobuf>=3]
├── google-api-core==2.24.1 [requires: protobuf>=3.19.5,<6.0.0.dev0,!=4.21.5,!=4.21.4,!=4.21.3,!=4.21.2,!=4.21.1,!=4.21.0,!=3.20.1,!=3.20.0]
│   ├── google-cloud-artifact-registry==1.14.0 [requires: google-api-core>=1.34.1,<3.0.0dev,!=2.9.*,!=2.8.*,!=2.7.*,!=2.6.*,!=2.5.*,!=2.4.*,!=2.3.*,!=2.2.*,!=2.10.*,!=2.1.*,!=2.0.*]
│   └── google-cloud-secret-manager==2.22.1 [requires: google-api-core>=1.34.1,<3.0.0dev,!=2.9.*,!=2.8.*,!=2.7.*,!=2.6.*,!=2.5.*,!=2.4.*,!=2.3.*,!=2.2.*,!=2.10.*,!=2.1.*,!=2.0.*]
├── google-cloud-artifact-registry==1.14.0 [requires: protobuf>=3.20.2,<6.0.0dev,!=4.21.5,!=4.21.4,!=4.21.3,!=4.21.2,!=4.21.1,!=4.21.0]
├── google-cloud-secret-manager==2.22.1 [requires: protobuf>=3.20.2,<6.0.0dev,!=4.21.5,!=4.21.4,!=4.21.3,!=4.21.2,!=4.21.1,!=4.21.0]
├── googleapis-common-protos==1.66.0 [requires: protobuf>=3.20.2,<6.0.0.dev0,!=4.21.5,!=4.21.4,!=4.21.3,!=4.21.2,!=4.21.1,!=3.20.1,!=3.20.0]
│   ├── google-api-core==2.24.1 [requires: googleapis-common-protos>=1.56.2,<2.0.dev0]
│   ├── grpc-google-iam-v1==0.14.0 [requires: googleapis-common-protos>=1.56.0,<2.0.0dev]
│   └── grpcio-status==1.48.2 [requires: googleapis-common-protos>=1.5.5]
├── grpc-google-iam-v1==0.14.0 [requires: protobuf>=3.20.2,<6.0.0dev,!=4.21.5,!=4.21.4,!=4.21.3,!=4.21.2,!=4.21.1]
│   ├── google-cloud-artifact-registry==1.14.0 [requires: grpc-google-iam-v1>=0.12.4,<1.0.0dev]
│   └── google-cloud-secret-manager==2.22.1 [requires: grpc-google-iam-v1>=0.12.4,<1.0.0dev]
├── grpcio-status==1.48.2 [requires: protobuf>=3.12.0]
└── proto-plus==1.26.0 [requires: protobuf>=3.19.0,<6.0.0dev]
    ├── google-api-core==2.24.1 [requires: proto-plus>=1.22.3,<2.0.0dev]
    ├── google-cloud-artifact-registry==1.14.0 [requires: proto-plus>=1.22.3,<2.0.0dev]
    └── google-cloud-secret-manager==2.22.1 [requires: proto-plus>=1.22.3,<2.0.0dev]

Test Plan and Usage Guide

How did you validate that your PR works correctly? How do you run or demo the code? Provide enough detail so a reviewer can reasonably reproduce the testing procedure. Paste example command line invocations if applicable.

@AaDalal
Add google-cloud-artifact-registry dep
8db5a37
@AaDalal
Add gcp_artifact_registry_docker_repository
8d8d8fa
@AaDalal
[untested] completed gcp_artifact_registry_docker_repository
7894737
@AaDalal
Add TODO comments in places I don't understand
f19da2b
@AaDalal
[deps] Bump protobuf and add google-secret-manager
0655ccd 
Why upgrade protobuf? Dependency issue

1. `google-api-core[grpc]` requires `grpcio-status>=1.49.1`
2. `grpcio-status>=1.49.1` requires `protobuf >= 4.21`
3. we specify that `protobuf~=3.20`

Soln: upgrade protobuf. Why is is it safe to do this? Look at this
dependency graph from pipdeptree
```
protobuf==3.20.3
├── ddsketch==2.0.4 [requires: protobuf>=3.0.0]
│   └── ddtrace==1.8.3 [requires: ddsketch>=2.0.1]
├── ddtrace==1.8.3 [requires: protobuf>=3]
├── google-api-core==2.24.1 [requires: protobuf>=3.19.5,<6.0.0.dev0,!=4.21.5,!=4.21.4,!=4.21.3,!=4.21.2,!=4.21.1,!=4.21.0,!=3.20.1,!=3.20.0]
│   ├── google-cloud-artifact-registry==1.14.0 [requires: google-api-core>=1.34.1,<3.0.0dev,!=2.9.*,!=2.8.*,!=2.7.*,!=2.6.*,!=2.5.*,!=2.4.*,!=2.3.*,!=2.2.*,!=2.10.*,!=2.1.*,!=2.0.*]
│   └── google-cloud-secret-manager==2.22.1 [requires: google-api-core>=1.34.1,<3.0.0dev,!=2.9.*,!=2.8.*,!=2.7.*,!=2.6.*,!=2.5.*,!=2.4.*,!=2.3.*,!=2.2.*,!=2.10.*,!=2.1.*,!=2.0.*]
├── google-cloud-artifact-registry==1.14.0 [requires: protobuf>=3.20.2,<6.0.0dev,!=4.21.5,!=4.21.4,!=4.21.3,!=4.21.2,!=4.21.1,!=4.21.0]
├── google-cloud-secret-manager==2.22.1 [requires: protobuf>=3.20.2,<6.0.0dev,!=4.21.5,!=4.21.4,!=4.21.3,!=4.21.2,!=4.21.1,!=4.21.0]
├── googleapis-common-protos==1.66.0 [requires: protobuf>=3.20.2,<6.0.0.dev0,!=4.21.5,!=4.21.4,!=4.21.3,!=4.21.2,!=4.21.1,!=3.20.1,!=3.20.0]
│   ├── google-api-core==2.24.1 [requires: googleapis-common-protos>=1.56.2,<2.0.dev0]
│   ├── grpc-google-iam-v1==0.14.0 [requires: googleapis-common-protos>=1.56.0,<2.0.0dev]
│   └── grpcio-status==1.48.2 [requires: googleapis-common-protos>=1.5.5]
├── grpc-google-iam-v1==0.14.0 [requires: protobuf>=3.20.2,<6.0.0dev,!=4.21.5,!=4.21.4,!=4.21.3,!=4.21.2,!=4.21.1]
│   ├── google-cloud-artifact-registry==1.14.0 [requires: grpc-google-iam-v1>=0.12.4,<1.0.0dev]
│   └── google-cloud-secret-manager==2.22.1 [requires: grpc-google-iam-v1>=0.12.4,<1.0.0dev]
├── grpcio-status==1.48.2 [requires: protobuf>=3.12.0]
└── proto-plus==1.26.0 [requires: protobuf>=3.19.0,<6.0.0dev]
    ├── google-api-core==2.24.1 [requires: proto-plus>=1.22.3,<2.0.0dev]
    ├── google-cloud-artifact-registry==1.14.0 [requires: proto-plus>=1.22.3,<2.0.0dev]
    └── google-cloud-secret-manager==2.22.1 [requires: proto-plus>=1.22.3,<2.0.0dev]
```
- ddtrace 1.8.3 has support for protobuf 4.21 ((pr)[DataDog/dd-trace-py#3791] that added it was in 2022, ddtrace 1.8.3 is from 2023)
- ddsketch has support ((release notes)[https://github.com/DataDog/sketches-py/blob/0d16e695d1f991276863b8ffaaf6c8e9bd9ad9de/releasenotes/notes/proto4-e8646610178bef59.yaml#L3] indicate support was added in May 2022, we use 2.0.4 from July 2022). This is also a transitive dep of dd-trace
- the rest are google deps I added for GCP support. Assume google works with these (they made protobuf!)
@AaDalal
Creating a model bundle hits artifact registry!
c2993f8 
The model bundle is not written to the DB yet, but that's next!
@socket-security Socket Security
Copy link

socket-security bot commented Feb 13, 2025
edited
Loading

New, updated, and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
pypi/[email protected] environment, filesystem, network, unsafe 0 4.51 MB gcloudpypi, google_opensource
pypi/[email protected] None 0 3.12 MB gcloudpypi, google_opensource
pypi/[email protected] 🔁 pypi/[email protected] environment, shell 0 546 kB gcloudpypi, google_opensource
pypi/[email protected] environment, shell 0 79.3 kB gcloudpypi, google_opensource
pypi/[email protected] 🔁 pypi/[email protected] filesystem 0 45.4 kB google_opensource, grpc-packages
pypi/[email protected] 🔁 pypi/[email protected] None 0 2.4 MB protobuf-packages
pypi/[email protected] 🔁 pypi/[email protected] Transitive: environment, eval, filesystem, network, shell, unsafe +829 1.25 GB abravalheri, dstufft, jaraco

🚮 Removed packages: pypi/[email protected], pypi/[email protected], pypi/[email protected]

View full report↗︎

@AaDalal AaDalal changed the title [GCP] Update artifact registry code [GCP] Update artifact registry/db code Feb 19, 2025
AaDalal
AaDalal commented Feb 19, 2025
View reviewed changes
model-engine/model_engine_server/api/dependencies.py
@@ -226,6 +227,10 @@ def _get_external_interfaces(
elif infra_config().cloud_provider == "azure":
inference_task_queue_gateway = servicebus_task_queue_gateway
infra_task_queue_gateway = servicebus_task_queue_gateway
elif infra_config().cloud_provider == "gcp":
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@kovben95scale had a good question about this -- is there a reason we don't use redis on azure etc? I think we're just using this as a celery task queue here, which seems like it would fit with redis.

AaDalal
AaDalal commented Feb 19, 2025
View reviewed changes
model-engine/model_engine_server/db/base.py Outdated
@@ -55,16 +61,17 @@ def get_engine_url(
key_file = os.environ.get("DB_SECRET_NAME")
if env is None:
env = infra_config().env
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What are the values of env / where is it used?

@AaDalal
Cleanup more todos
d2019e5
@AaDalal
Return image tag instead of image name in
a7074ca 
GCPArtifactRegistryDockerRepository.get_latest_image_tag
AaDalal
AaDalal commented Feb 19, 2025
View reviewed changes
model-engine/model_engine_server/core/celery/celery_autoscaler.py
@@ -598,10 +600,18 @@ async def main():
)

if broker_type == "redis":
# TODO gcp: change this to use cloud storage
Copy link
Author

@AaDalal AaDalal Feb 19, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should be covered in the cloud storage PR @anishxyz was working on. I think we can merge this first, then merge that.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@AaDalal