2025-02-27 12:59:21 +00:00
---
title: Kubernetes Deployment
---
:::important Enterprise Feature
2025-03-11 12:18:29 +00:00
The AI Application Gateway is available under the ClearML Enterprise plan.
:::
2025-03-17 05:35:38 +00:00
This guide details the installation of the ClearML App Gateway Router.
The App Gateway Router enables access to your AI workloads (e.g. remote IDEs like VSCode and Jupyter, model API interface, etc.).
It acts as a proxy, identifying ClearML Tasks running within its [K8s namespace ](https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ )
and making them available for network access.
2025-03-11 12:18:29 +00:00
:::important
2025-03-17 05:35:38 +00:00
The App Gateway Router must be installed in the same K8s namespace as a dedicated ClearML Agent.
It can only configure access for ClearML Tasks within its own namespace.
2025-02-27 12:59:21 +00:00
:::
2025-02-23 15:33:55 +00:00
## Requirements
* Kubernetes cluster: `>= 1.21.0-0 < 1.32.0-0`
* Helm installed and configured
2025-03-11 12:18:29 +00:00
* Helm token to access `clearml` helm-chart repo
* Credentials for `clearml` docker repo
2025-02-23 15:33:55 +00:00
* A valid ClearML Server installation
## Optional for HTTPS
* A valid DNS entry for the new TTR instance
* A valid SSL certificate
## Helm
### Login
```
2025-03-11 12:18:29 +00:00
helm repo add clearml-enterprise \
2025-03-02 09:54:05 +00:00
https://raw.githubusercontent.com/clearml/clearml-enterprise-helm-charts/gh-pages \
2025-02-23 15:33:55 +00:00
--username < GITHUB_TOKEN > \
--password < GITHUB_TOKEN >
```
2025-03-11 12:18:29 +00:00
Replace `<GITHUB_TOKEN>` with your valid GitHub token that has access to the ClearML Enterprise Helm charts repository.
2025-03-10 17:35:41 +00:00
### Prepare Values
2025-02-23 15:33:55 +00:00
2025-03-17 05:35:38 +00:00
Before installing the App Gateway Router, create a Helm override file:
2025-02-23 15:33:55 +00:00
```
imageCredentials:
2025-03-11 12:18:29 +00:00
password: ""
2025-02-23 15:33:55 +00:00
clearml:
2025-03-11 12:18:29 +00:00
apiServerKey: ""
apiServerSecret: ""
apiServerUrlReference: ""
authCookieName: ""
sslVerify: true
2025-02-23 15:33:55 +00:00
ingress:
2025-03-11 12:18:29 +00:00
enabled: true
hostName: ""
2025-02-23 15:33:55 +00:00
tcpSession:
2025-03-11 12:18:29 +00:00
routerAddress: ""
service:
type: LoadBalancer
portRange:
start:
end:
2025-02-23 15:33:55 +00:00
```
2025-03-17 05:35:38 +00:00
Configuration options:
2025-02-23 15:33:55 +00:00
2025-03-11 12:18:29 +00:00
* `imageCredentials.password` : ClearML DockerHub Access Token.
* `clearml.apiServerKey` : ClearML server API key.
* `clearml.apiServerSecret` : ClearML server secret key.
2025-03-17 05:35:38 +00:00
* `clearml.apiServerUrlReference` : ClearML API server URL starting with `https://api.` .
* `clearml.authCookieName` : Cookie used by the ClearML server to store the ClearML authentication cookie.
2025-03-13 09:15:22 +00:00
* `clearml.sslVerify` : Enable or disable SSL certificate validation on `apiserver` calls check.
2025-03-11 12:18:29 +00:00
* `ingress.hostName` : Hostname of router used by the ingress controller to access it.
* `tcpSession.routerAddress` : The external router address (can be an IP, hostname, or load balancer address) depending on your network setup. Ensure this address is accessible for TCP connections.
* `tcpSession.service.type` : Service type used to expose TCP functionality, default is `NodePort` .
* `tcpSession.portRange.start` : Start port for the TCP Session feature.
* `tcpSession.portRange.end` : End port for the TCP Session feature.
2025-02-23 15:33:55 +00:00
2025-03-17 05:35:38 +00:00
The full list of supported configuration is available with the command:
2025-02-23 15:33:55 +00:00
```
helm show readme allegroai-enterprise/clearml-enterprise-task-traffic-router
```
### Install
To install the TTR component via Helm use the following command:
```
helm upgrade --install \
< RELEASE_NAME > \
2025-03-11 12:18:29 +00:00
-n < WORKLOAD_NAMESPACE > \
2025-02-23 15:33:55 +00:00
allegroai-enterprise/clearml-enterprise-task-traffic-router \
2025-03-11 12:18:29 +00:00
--version < CHART_VERSION > \
-f override.yaml
2025-02-23 15:33:55 +00:00
```
2025-03-11 12:18:29 +00:00
Replace the placeholders with the following values:
2025-03-17 05:35:38 +00:00
* `<RELEASE_NAME>` - Unique name for the App Gateway Router within the K8s namespace. This is a required parameter in
Helm, which identifies a specific installation of the chart. The release name also defines the router’
appears in the UI within session app URLs in the IDE. While we typically recommend using a fixed string (e.g.
`clearml-enterprise` or `clearml-agent` ), it can be customized to support multiple installations within the same
namespace by assigning different release names.
* `<WORKLOAD_NAMESPACE>` - [Kubernetes Namespace ](https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ )
where workloads will be executed. This namespace must be shared between a dedicated ClearML Agent and an App
Gateway Router. The agent is responsible for monitoring its assigned task queues and spawning workloads within this
namespace (unless otherwise configured). Meanwhile, the router monitors the same namespace for AI workloads, such as
session-based tasks. The router has a namespace-limited scope, meaning it can only detect and manage tasks within its
assigned namespace.
2025-03-11 12:18:29 +00:00
* `<CHART_VERSION>` - Version recommended by the ClearML Support Team.
