Using Managed Images for Testing

Managed images are not currently supported in a Cloud deployment. Please reach out to Robust Intelligence for support if this functionality is required for your deployment.

The Managed Image Registry enables containerization of the dependencies for a given model. Docker images that contain the dependencies for models can be swapped to match the requirements of the model being used. Once you’ve created a Managed Image, you can use it in model testing as shown in Running Tests on Managed Docker Images

Notes on using Managed Images:

  • Managed Images created in a workspace are not bound to that workspace and are available to all other workspaces on the same Robust Intelligence instance.

  • Managed Images can be created by any user account. Managed Images can only be deleted by user accounts with the Organization Administrator role.

  • Robust Intelligence provides a set of base images that are built to address a given set of use cases. Users can build a managed image from a base image.

  • The Managed Image Registry operates on AWS ECR.

  • The Managed Images feature is enabled by default in our Terraform module.

Enabling the Managed Images feature

Configuration for this feature uses the image_registry_config of the rime Terraform module:

module "rime" {
  ...
  image_registry_config = {
    enable                       = true
    allow_external_custom_images = true
    repository_prefix            = ""
  }
  ...
}

The value of the repository_prefix variable specifies a string that identifies repositories that are managed by the Managed Image Registry. Repositories without the string specified by repository_prefix are not acted upon by the Managed Image Registry.

ECR permissions for the Managed Image Registry

Permissions for Managed Images can be applied automatically by a user with the Organziation administrator role when applying the Robust Intelligence Terraform module.

ecr:CreateRepository
ecr:DeleteRepository
ecr:DescribeImages
ecr:PutLifecyclePolicy
ecr:ListImages

These permissions enable the registry server to create and modify repositories with names containing the string specified in repository_prefix. Additionally, the registry server requires ecr:GetAuthorizationToken for all resources in order to authorize itself.

Jobs executed by the registry server use the following permissions to build new images:

ecr:BatchGetImage
ecr:BatchCheckLayerAvailability
ecr:CompleteLayerUpload
ecr:GetDownloadUrlForLayer
ecr:InitiateLayerUpload
ecr:PutImage
ecr:UploadLayerPart

These permissions enable these jobs to pull and push new images to the repositories created with prefix repository_prefix. These jobs also require the ecr:GetAuthorizationToken permission for all resources in order to authorize themeselves.

Managed Image management

The Robust Intelligence SDK provides calls for creating, altering, and deleting Managed Images.

Creating a Managed Image

  1. Create a new Managed Image with the Client.create_managed_image() call in the RIME SDK. To use a base image, specify values for the image_type and python_version parameters.

  2. Use the image in your testing as shown in Running Tests on Managed Docker Images.

Deleting a Managed Image

  1. Sign in to a user account that has administrative privileges for an RI Platform instance.

    The Workspaces page appears.

  2. Select a workspace.

    The Workspace summary page appears.

  3. Click the Settings icon in the lower left corner.

    The Workspace page appears.

  4. Click Managed Images.

    The Managed Images pane appears.

  5. From the three-dot menu at the right of a Managed Image, click Remove.

    A confirmation dialog box appears.

  6. Click Remove image.

The Managed Image is removed from the Robust Intelligence instance.