To run the full stack. These steps will be updated as development progresses on the stack and underlaying DAs.
Click the "Add to project" button, and select create in new project.
- Create an API key in the target account. Keep note of it. Give it admin privilege for now. Exact permissions will be narrowed down in future version.
- Clone this repository locally - and checkout the dev branch.
- Create a file with name ".def.json" with the following content.
- The signing key is the base64 key obtained from the
gpg --export-secret-key <Email Address> | base64command. See https://cloud.ibm.com/docs/devsecops?topic=devsecops-devsecops-image-signing#cd-devsecops-gpg-export for details.
Important:
- Ensure region is either us-south or eu-de as watsonx can only be deployed in those 2 locations for now.
- Ensure that the prefix is globally unique. It is used for the container registry namespace (which needs to be globally unique) in this alpha version.
{
"inputs": {
"prefix": "<prefix for resources name - ensure unique>",
"ibmcloud_api_key": "<API Key of the target account with sufficient permissions>",
"resource_group_name": "<target resource group - name of a new resource group that the stack will creates>",
"region": "<region where resources are deployed>",
"sample_app_git_url": "https://github.com/IBM/gen-ai-rag-watsonx-sample-application",
"watsonx_admin_api_key": "<optional - admin key to use for watson if different from ibmcloud_api_key>",
"signing_key": "signing key used to sign build artifacts"
}
}Example:
{
"inputs": {
"prefix": "0418",
"ibmcloud_api_key": "<your api key>",
"resource_group_name": "stack-service-rg",
"region": "eu-de",
"sample_app_git_url": "https://github.com/IBM/gen-ai-rag-watsonx-sample-application",
"watsonx_admin_api_key": "<optional - admin key to use for watson if different from ibmcloud_api_key>",
"signing_key": "signing key used to sign build artifacts"
}
}- Ensure you are login into the account containing the Cloud project with the stack using ibmcloud login --sso
- Execute ./deploy-many.sh with project name, stack name and optional configuration name pattern. The selected non-stack configruations will be processed by their name in alphabetical order. Using configuration name pattern (regex can be used - make sure to enclose it in quotes) you can chose which configurations are deployed
Example 1 - update stack inputs for stack configuration RAG and process all non-stack configurations in the project:
./deploy-many.sh my-test-project RAGExample 2 - update stack inputs and process some configurations in the project:
./deploy-many.sh my-test-project RAG 'RAG-1|RAG-4|RAG-5'Example 2 - simulate updating stack inputs and validating some configurations in the project in dry-run mode (no changes or actual validation or deployments is done):
DRY_RUN=true ./deploy-many.sh my-test-project RAG 'RAG-1|RAG-4|RAG-5'Tips: If deployment fail in one of the DA, you may need to remove the configuration name of the deployment that already passes from the pattern before re-running the script.
Tips: to accelerate iteration you may deploy only a subset of the configurations: the bare minimum are key management, security manager, watson saas, alm and rag configuration da. Base account, observability and SCC are not on the critical path to get the app running.
A few manual steps are required in the alpha version to trigger the deployment of the app:
- In the secret manager instance, in the default group, create an arbitrary secret named "ibmcloud-api-key". Put the used api key as secret.
- Follow the steps at https://cloud.ibm.com/docs/devsecops?topic=devsecops-devsecops-image-signing to generate a gpg key
- In the secret manager instance, in the default group, create an arbitrary secret named "signing_key". Put the signing key. See https://cloud.ibm.com/docs/devsecops?topic=devsecops-devsecops-image-signing#cd-devsecops-gpg-store-secretsmgr
- Navigate to the "Generative AI Sample App-CI-Toolchain" CD instance, click "ci-pipeline" and execute the "Manual Trigger".