Continuous Deployment of AI Applications on OKE

Question

Pulumi · Accepted Answer

Continuous Deployment (CD) of AI applications on Oracle Kubernetes Engine (OKE) is a process that enables automated updates to your AI application in response to changes in the source code or configuration. This workflow commonly consists of building your AI application into a container image, pushing the image to a registry, and then updating a Kubernetes deployment on OKE with the new image.

Here's a Pulumi program in Python that demonstrates continuous deployment of an AI application onto OKE. This example assumes you have already set up your OKE cluster and have the necessary credentials/configurations in place to interact with it using Pulumi's OCI package.

The high-level steps in the program are:
1. Define a Docker image for the AI application.
2. Build and push the image to the OCI Registry.
3. Update your Kubernetes deployment to use the new image.

Before running this program, you should have the following prerequisites in place:
- An Oracle Cloud Infrastructure (OCI) account.
- A configured OCI CLI with the necessary credentials.
- Pulumi CLI installed and set up to manage resources in OCI.
- Docker installed and running on your machine if you're building the image locally.
- An existing Kubernetes cluster on OKE with Kubernetes config file to access it.

We will utilize the `pulumi_oci` package to manage resources in Oracle Cloud Infrastructure (OCI), Docker for building and pushing container images, and the Kubernetes package to update a deployment on OKE.

```python
import pulumi
import pulumi_oci as oci
import pulumi_docker as docker
import pulumi_kubernetes as k8s

# Configuration: Set the Docker image name, registry, and the OKE cluster configuration.
app_name = "ai-application"
image_name = "ai-application-img"
docker_registry_server = "phx.ocir.io"
oci_compartment_id = "oci-compartment-id"
k8s_config = "path-to-kubeconfig"

# OCI Credentials for Docker Registry Authentication.
oci_user_ocid = "oci-user-ocid"
oci_auth_token = "oci-auth-token"
oci_tenancy_ocid = "oci-tenancy-ocid"

# Create a Docker image and publish it to the OCI Registry.
image = docker.Image(app_name,
    image_name=docker_registry_server + "/" + oci_tenancy_ocid + "/" + app_name + ":" + image_name,
    build=docker.DockerBuild(context="path-to-docker-context"),
    registry=docker.ImageRegistry(
        server=docker_registry_server,
        username=oci_user_ocid,
        password=oci_auth_token
    )
)

# Set up the Kubernetes provider to deploy to the OKE cluster.
k8s_provider = k8s.Provider("oke-k8s",
    kubeconfig=pulumi.FileAsset(k8s_config)
)

# Update the Kubernetes deployment with the new Image.
app_labels = {"app": app_name}
deployment = k8s.apps.v1.Deployment(app_name,
    spec=k8s.apps.v1.DeploymentSpecArgs(
        replicas=3,
        selector=k8s.meta.v1.LabelSelectorArgs(match_labels=app_labels),
        template=k8s.core.v1.PodTemplateSpecArgs(
            metadata=k8s.meta.v1.ObjectMetaArgs(labels=app_labels),
            spec=k8s.core.v1.PodSpecArgs(
                containers=[
                    k8s.core.v1.ContainerArgs(
                        name=app_name,
                        image=image.base_image_name,
                    ),
                ],
            ),
        ),
    ), opts=pulumi.ResourceOptions(provider=k8s_provider)
)

# Export the deployment name and the running application URL.
pulumi.export("deployment_name", deployment.metadata.name)

# Note: Add any other outputs you might want to export, like service URLs or ingress IPs.
```

This program does the following:
- Builds a Docker image for your AI application from a specified Docker context directory.
- Pushes the built image to your specified OCIR (Oracle Cloud Infrastructure Registry).
- Defines a new Kubernetes Deployment using the built image and applies it to your OKE cluster.

You may need to adjust the Docker context directory, Dockerfile location, OCI Registry details, and the OKE Kubernetes config file to match your environment.

After deploying with Pulumi, any changes in your AI application's source code would trigger a new Docker image build and push, followed by an update to the Kubernetes deployment, effectively resulting in continuous deployment. To complete the CI/CD pipeline, you can integrate this Pulumi program with CI/CD tools like Jenkins, GitLab CI, or GitHub Actions that would execute Pulumi up on detected changes to your repository.