model-registry/jobs/async-upload/samples/sample_job_s3_to_oci.yaml

---
apiVersion: v1
kind: Secret
metadata:
  name: my-s3-credentials
  namespace: default
stringData:
  AWS_ACCESS_KEY_ID: minioadmin
  AWS_SECRET_ACCESS_KEY: minioadmin
  AWS_DEFAULT_REGION: us-east-1
  AWS_S3_ENDPOINT: http://minio.minio.svc.cluster.local:9000
  AWS_S3_BUCKET: default
---
apiVersion: v1
kind: Secret
metadata:
  name: my-oci-credentials
  namespace: default
type: kubernetes.io/dockerconfigjson
stringData:
  .dockerconfigjson: '{"auths": {"distribution-registry-test-service.default.svc.cluster.local:5001": {"auth": "","email": "user@example.com"}}}'
  ACCESS_TYPE: '["Push,Pull"]'
  OCI_HOST: distribution-registry-test-service.default.svc.cluster.local:5001
---
apiVersion: batch/v1
kind: Job
metadata:
  name: my-async-upload-job
  namespace: default
  labels:
    app.kubernetes.io/name: model-registry-async-job
    app.kubernetes.io/component: async-job
    app.kubernetes.io/part-of: model-registry
    app.kubernetes.io/managed-by: kubectl
    component: model-registry-job
    modelregistry.kubeflow.org/job-type: async-upload
    modelregistry.kubeflow.org/model-sync-model-id: "1"
    modelregistry.kubeflow.org/model-sync-model-version-id: "3"
    modelregistry.kubeflow.org/model-sync-model-artifact-id: "6"
  annotations:
    modelregistry.kubeflow.org/description: "Asynchronous job for uploading models to Model Registry"
spec:
  template:
    metadata:
      labels:
        app.kubernetes.io/name: model-registry-async-job
        app.kubernetes.io/component: async-job
        component: model-registry-job
        modelregistry.kubeflow.org/job-type: async-upload
        modelregistry.kubeflow.org/model-sync-model-id: "1"
        modelregistry.kubeflow.org/model-sync-model-version-id: "3"
        modelregistry.kubeflow.org/model-sync-model-artifact-id: "6"
    spec:
      securityContext:
        runAsNonRoot: true
      volumes:
        - name: source-credentials
          secret:
            secretName: my-s3-credentials
        - name: destination-credentials
          secret:
            secretName: my-oci-credentials
            items:
              - key: .dockerconfigjson
                path: .dockerconfigjson
      restartPolicy: Never
      containers:
        - name: async-upload
          image: ghcr.io/kubeflow/model-registry/job/async-upload:latest
          securityContext:
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: false
            capabilities:
              drop: ["ALL"]
            seccompProfile:
              type: RuntimeDefault
          resources:
            requests:
              cpu: "100m"
              memory: "128Mi"
            limits:
              memory: "512Mi"
          volumeMounts:
            - name: source-credentials
              readOnly: true
              mountPath: "/opt/creds/source"
            - name: destination-credentials
              readOnly: true
              mountPath: "/opt/creds/destination"
          env:
            - name: HTTP_PROXY
              value: ""
            - name: HTTPS_PROXY
              value: ""
            - name: NO_PROXY
              value: "minio.minio.svc.cluster.local,*.svc.cluster.local"
            # ---- Source ----------
            - name: MODEL_SYNC_SOURCE_TYPE
              value: "s3"
            - name: MODEL_SYNC_SOURCE_AWS_KEY
              value: "my-model"
            - name: MODEL_SYNC_SOURCE_S3_CREDENTIALS_PATH
              value: "/opt/creds/source"

            # ---- Destination -----
            - name: MODEL_SYNC_DESTINATION_TYPE
              value: "oci"
            - name: MODEL_SYNC_DESTINATION_OCI_URI
              value: "distribution-registry-test-service.default.svc.cluster.local:5001/my-model:latest"
            - name: MODEL_SYNC_DESTINATION_OCI_REGISTRY
              value: "distribution-registry-test-service.default.svc.cluster.local:5001"
            - name: MODEL_SYNC_DESTINATION_OCI_CREDENTIALS_PATH
              value: "/opt/creds/destination/.dockerconfigjson"
            - name: MODEL_SYNC_DESTINATION_OCI_BASE_IMAGE
              value: "busybox:latest"
            - name: MODEL_SYNC_DESTINATION_OCI_ENABLE_TLS_VERIFY
              value: "false"

            # ---- Model Params ----
            - name: MODEL_SYNC_MODEL_UPLOAD_INTENT
              value: "update_artifact"
            - name: MODEL_SYNC_MODEL_ARTIFACT_ID
              value: "6"

            # ---- Model Registry Client Params ----
            - name: MODEL_SYNC_REGISTRY_SERVER_ADDRESS
              value: "http://model-registry-service.kubeflow.svc.cluster.local"
            - name: MODEL_SYNC_REGISTRY_PORT
              value: "8080"
            - name: MODEL_SYNC_REGISTRY_AUTHOR
              value: "Alice Bob"
            - name: MODEL_SYNC_REGISTRY_USER_TOKEN
              value: "super-secret"

            # ...