ClearML/clearml-docs
1
0
Fork 0
mirror of https://github.com/clearml/clearml-docs synced 2025-05-17 18:55:10 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update app gateway deployment on K8s

Browse Source
This commit is contained in:
revital 2025-05-13 09:25:14 +03:00
parent c3b4224a6f
commit e321aa5532
1 changed files with 23 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
docs/deploying_clearml/enterprise_deploy/appgw_install_k8s.md
View File

@ -6,13 +6,13 @@ title: Kubernetes Deployment
The AI Application Gateway is available under the ClearML Enterprise plan. The AI Application Gateway is available under the ClearML Enterprise plan.
::: :::
This guide details the installation of the ClearML App Gateway Router. This guide details the installation of the ClearML App Gateway.
The App Gateway Router enables access to your AI workload applications (e.g. remote IDEs like VSCode and Jupyter, model API interface, etc.). The App Gateway enables access to your AI workload applications (e.g. remote IDEs like VSCode and Jupyter, model API interface, etc.).
It acts as a proxy, identifying ClearML Tasks running within its [K8s namespace](https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/) It acts as a proxy, identifying ClearML Tasks running within its [K8s namespace](https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/)
and making them available for network access. and making them available for network access.
:::important :::important
The App Gateway Router must be installed in the same K8s namespace as a dedicated ClearML Agent. The App Gateway must be installed in the same K8s namespace as a dedicated ClearML Agent.
It can only configure access for ClearML Tasks within its own namespace. It can only configure access for ClearML Tasks within its own namespace.
::: :::
@ -27,35 +27,31 @@ It can only configure access for ClearML Tasks within its own namespace.
## Optional for HTTPS ## Optional for HTTPS
* A valid DNS entry for the new App Gateway Router instance * A valid DNS entry for the new App Gateway instance
* A valid SSL certificate * A valid SSL certificate
## Helm ## Helm
### Login ### Login
``` ``` bash
helm repo add clearml-enterprise \ helm repo add clearml-enterprise https://raw.githubusercontent.com/clearml/clearml-enterprise-helm-charts/gh-pages --username <GITHUB_TOKEN> --password <GITHUB_TOKEN>
https://raw.githubusercontent.com/clearml/clearml-enterprise-helm-charts/gh-pages \
--username <GITHUB_TOKEN> \
--password <GITHUB_TOKEN>
``` ```
Replace `<GITHUB_TOKEN>` with your valid GitHub token that has access to the ClearML Enterprise Helm charts repository. Replace `<GITHUB_TOKEN>` with your valid GitHub token that has access to the ClearML Enterprise Helm charts repository.
### Prepare Values ### Prepare Values
Before installing the App Gateway Router, create a Helm override file: Before installing the App Gateway, create a Helm override `clearml-app-gateway-values.override.yaml` file:
``` ```yaml
imageCredentials: imageCredentials:
password: "" password: ""
clearml: clearml:
apiServerKey: "" apiKey: ""
apiServerSecret: "" apiSecret: ""
apiServerUrlReference: "" apiServerUrlReference: ""
authCookieName: "" authCookieName: ""
sslVerify: true
ingress: ingress:
enabled: true enabled: true
hostName: "" hostName: ""
@ -71,13 +67,12 @@ tcpSession:
**Configuration options:** **Configuration options:**
* `imageCredentials.password`: ClearML DockerHub Access Token. * `imageCredentials.password`: ClearML DockerHub Access Token.
* `clearml.apiServerKey`: ClearML server API key. * `clearml.apiKey` and `clearml.apiSecret`: API credentials created in the ClearML web UI by an Admin user or Service
* `clearml.apiServerSecret`: ClearML server secret key. Account with admin privileges. Make sure to label these credentials clearly, so that they will not be revoked by mistake.
* `clearml.apiServerUrlReference`: ClearML API server URL starting with `https://api.`. * `clearml.apiServerUrlReference`: ClearML API server URL starting with `https://api.`.
* `clearml.authCookieName`: Cookie used by the ClearML server to store the ClearML authentication cookie. * `clearml.authCookieName`: Cookie used by the ClearML server to store the ClearML authentication cookie.
* `clearml.sslVerify`: Enable or disable SSL certificate validation on `apiserver` calls check. * `ingress.hostName`: Hostname of App Gateway used by the ingress controller to access it.
* `ingress.hostName`: Hostname of router used by the ingress controller to access it. * `tcpSession.routerAddress`: The external App Gateway address (can be an IP, hostname, or load balancer address) depending on your network setup. Ensure this address is accessible for TCP connections.
* `tcpSession.routerAddress`: The external router address (can be an IP, hostname, or load balancer address) depending on your network setup. Ensure this address is accessible for TCP connections.
* `tcpSession.service.type`: Service type used to expose TCP functionality, default is `NodePort`. * `tcpSession.service.type`: Service type used to expose TCP functionality, default is `NodePort`.
* `tcpSession.portRange.start`: Start port for the TCP Session feature. * `tcpSession.portRange.start`: Start port for the TCP Session feature.
* `tcpSession.portRange.end`: End port for the TCP Session feature. * `tcpSession.portRange.end`: End port for the TCP Session feature.
@ -85,33 +80,28 @@ tcpSession:
The full list of supported configuration is available with the command: The full list of supported configuration is available with the command:
``` ``` bash
helm show readme allegroai-enterprise/clearml-enterprise-task-traffic-router helm show readme clearml-enterprise/clearml-enterprise-app-gateway
``` ```
### Install ### Install
To install the App Gateway Router component via Helm use the following command: To install the App Gateway component via Helm use the following command:
``` ``` bash
helm upgrade --install \ helm upgrade --install <RELEASE_NAME> -n <WORKLOAD_NAMESPACE> clearml-enterprise/clearml-enterprise-app-gateway --version <CHART_VERSION> -f clearml-app-gateway-values.override.yaml
<RELEASE_NAME> \
-n <WORKLOAD_NAMESPACE> \
allegroai-enterprise/clearml-enterprise-task-traffic-router \
--version <CHART_VERSION> \
-f override.yaml
``` ```
Replace the placeholders with the following values: Replace the placeholders with the following values:
* `<RELEASE_NAME>` - Unique name for the App Gateway Router within the K8s namespace. This is a required parameter in * `<RELEASE_NAME>` - Unique name for the App Gateway within the K8s namespace. This is a required parameter in
Helm, which identifies a specific installation of the chart. The release name also defines the routers name and Helm, which identifies a specific installation of the chart. The release name also defines the App Gateway’s name and
appears in the UI within AI workload application URLs (e.g. Remote IDE URLs). This can be customized to support multiple installations within the same appears in the UI within AI workload application URLs (e.g. Remote IDE URLs). This can be customized to support multiple installations within the same
namespace by assigning different release names. namespace by assigning different release names.
* `<WORKLOAD_NAMESPACE>` - [Kubernetes Namespace](https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/) * `<WORKLOAD_NAMESPACE>` - [Kubernetes Namespace](https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/)
where workloads will be executed. This namespace must be shared between a dedicated ClearML Agent and an App where workloads will be executed. This namespace must be shared between a dedicated ClearML Agent and an App
Gateway Router. The agent is responsible for monitoring its assigned task queues and spawning workloads within this Gateway. The agent is responsible for monitoring its assigned task queues and spawning workloads within this
namespace. The router monitors the same namespace for AI workloads (e.g. remote IDE applications). The router has a namespace. The App Gateway monitors the same namespace for AI workloads (e.g. remote IDE applications). The App Gateway has a
namespace-limited scope, meaning it can only detect and manage tasks within its namespace-limited scope, meaning it can only detect and manage tasks within its
assigned namespace. assigned namespace.
* `<CHART_VERSION>` - Version recommended by the ClearML Support Team. * `<CHART_VERSION>` - Version recommended by the ClearML Support Team.