diff --git a/docs/deploying_clearml/enterprise_deploy/appgw.md b/docs/deploying_clearml/enterprise_deploy/appgw.md index 647c575a..3466dd5a 100644 --- a/docs/deploying_clearml/enterprise_deploy/appgw.md +++ b/docs/deploying_clearml/enterprise_deploy/appgw.md @@ -35,9 +35,10 @@ If your ClearML Deployment does not have the App Gateway Router properly install #### Installation -The App Gateway Router supports two deployment options: +The App Gateway Router supports the following deployment options: * [Docker Compose](appgw_install_compose.md) +* [Docker Compose for hosted servers](appgw_install_compose_hosted.md) * [Kubernetes](appgw_install_k8s.md) The deployment configuration specifies the external and internal address and port mappings for routing requests. diff --git a/docs/deploying_clearml/enterprise_deploy/appgw_install_compose_hosted.md b/docs/deploying_clearml/enterprise_deploy/appgw_install_compose_hosted.md index 9ded7f78..ad6ce13e 100644 --- a/docs/deploying_clearml/enterprise_deploy/appgw_install_compose_hosted.md +++ b/docs/deploying_clearml/enterprise_deploy/appgw_install_compose_hosted.md @@ -3,14 +3,14 @@ title: Docker-Compose - Hosted Server --- :::important Enterprise Feature -The Application Gateway is available under the ClearML Enterprise plan. +The AI Application Gateway is available under the ClearML Enterprise plan. ::: -The AI Application Gateway enables external access to ClearML tasks, and applications running on workload nodes that +The AI Application Gateway enables external access to ClearML tasks, and applications running on workload nodes that require HTTP or TCP access. The gateway is configured with an endpoint or external address, making these services accessible from the user's machine, outside the workload nodes’ network. -This guide details the installation of the ClearML AI Application Gateway for ClearML users who use ClearML’s SaaS control +This guide details the installation of the App Gateway Router for ClearML users who use ClearML's SaaS control plane while hosting their own workload nodes. ## Requirements @@ -104,12 +104,15 @@ TCP_PORT_START= TCP_PORT_END= ``` -Edit it according to the following guidelines: +**Configuration Options:** -* `ROUTER_NAME`: Unique name for this router. +* `ROUTER_NAME`: In the case of [multiple routers on the same tenant](#multiple-router-in-the-same-tenant), each router + needs to have a unique name. * `CLEARML_API_ACCESS_KEY, CLEARML_API_SECRET_KEY:` API credentials for Admin user or Service Account with admin privileges created in the ClearML web UI. Make sure to label these credentials clearly, so that they will not be revoked by mistake. -* `ROUTER_URL`: The URL for this router. This URL will be shown in the UI of any application for users to access (e.g. hosted Jupyter or LLM UI). +* `ROUTER_URL`: External address to access the router. This can be the IP address or DNS of the node where the router + is running, or the address of a load balancer if the router operates behind a proxy/load balancer. This URL is used + to access AI workload applications (e.g. remote IDE, model deployment, etc.), so it must be reachable and resolvable for them. * `TCP_ROUTER_ADDRESS`: Router external address, can be an IP or the host machine or a load balancer hostname, depends on network configuration. * `TCP_PORT_START`: Start port for the TCP Tasks, chosen by the customer. Ensure that ports are open and can be allocated on the host. * `TCP_PORT_END`: End port for the TCP Tasks, chosen by the customer. Ensure that ports are open and can be allocated on the host. @@ -122,47 +125,42 @@ Run the following command to start the router: sudo docker compose --env-file runtime.env up -d ``` -### Advanced +### Advanced Configuration -#### Running without Certificates +#### Using Open HTTP -When running on `docker-compose` with an HTTP interface and without certificates, set the following entry in the `runtime.env`: - -``` -AUTH_SECURE_ENABLED=false -``` - -#### Install Multiple Routers for the Same Tenant - -To deploy multiple routers within the same tenant, you must configure each router to handle specific workloads. - -Using this setting, each router will only route tasks that originated from its assigned queues. This -is important in case you have multiple networks with different agents. For example: -* Tasks started by Agent A can only be reached by Router A (within the same network), but cannot be reached by Router B -* Agent B will handle a separate set of tasks which can only be reached by Router B - -The assumption in this case is that Agent A and Agent B will service different queues, and routers must be configured to -route tasks based on these queue definitions. - -Each router in the same tenant must have: -* A unique `ROUTER_NAME` -* Distinct set of queues listed in `LISTEN_QUEUE_NAME`. It supports wildcards. - -For example: -* **Router-A** `runtime.env` - - ``` - ROUTER_NAME=router-a - LISTEN_QUEUE_NAME=queue1,queue2 - ``` - -* **Router-B** `runtime.env` - - ``` - ROUTER_NAME=router-b - LISTEN_QUEUE_NAME=queue3,queue4 - ```` - -Ensure that `LISTEN_QUEUE_NAME` is included in the [`docker-compose` environment variables](#docker-compose-file) for each router -instance. +To deploy the App Gateway Router on open HTTP (without a certificate), set the `AUTH_SECURE_ENABLED` entry +to `false` in the `runtime.env` file. +#### Multiple Router in the Same Tenant + + If you have workloads running in separate networks that cannot communicate with each other, you need to deploy multiple + routers, one for each isolated environment. Each router will only process tasks from designated queues, ensuring that + tasks are correctly routed to agents within the same network. + + For example: + * If Agent A and Agent B are in separate networks, each must have its own router to receive tasks. + * Router A will handle tasks from Agent A’s queues. Router B will handle tasks from Agent B’s queues. + + To achieve this, each router must be configured with: + * A unique `ROUTER_NAME` + * A distinct set of queues defined in `LISTEN_QUEUE_NAME`. + + ##### Example Configuration + Each router's `runtime.env` file should include: + + * Router A: + + ``` + ROUTER_NAME=router-a + LISTEN_QUEUE_NAME=queue1,queue2 + ``` + + * Router B: + + ``` + ROUTER_NAME=router-b + LISTEN_QUEUE_NAME=queue3,queue4 + ``` + + Make sure `LISTEN_QUEUE_NAME` is set in the [`docker-compose` environment variables](#docker-compose-file) for each router instance. \ No newline at end of file