ClearML/clearml-docs
1
0
Fork 0
mirror of https://github.com/clearml/clearml-docs synced 2025-02-25 05:24:39 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
1d37a59973
clearml-docs/docs/deploying_clearml/enterprise_deploy/appgw_install_k8s.md

2.7 KiB
Raw Blame History

Kubernetes Deployment

This guide details the installation of the ClearML AI Application Gateway, specifically the ClearML Task Router Component.

Requirements

  • Kubernetes cluster: >= 1.21.0-0 < 1.32.0-0
  • Helm installed and configured
  • Helm token to access allegroai helm-chart repo
  • Credentials for allegroai docker repo
  • A valid ClearML Server installation

Optional for HTTPS

  • A valid DNS entry for the new TTR instance
  • A valid SSL certificate

Helm

Login

helm repo add allegroai-enterprise \
https://raw.githubusercontent.com/allegroai/clearml-enterprise-helm-charts/gh-pages \
--username <GITHUB_TOKEN> \
--password <GITHUB_TOKEN>

Prepare values

Before installing the TTR create an helm-override files named task-traffic-router.values-override.yaml:

imageCredentials:
 password: "<DOCKERHUB_TOKEN>"
clearml:
 apiServerKey: ""
 apiServerSecret: ""
 apiServerUrlReference: "https://api."
 jwksKey: ""
 authCookieName: ""
ingress:
 enabled: true
 hostName: "task-router.dev"
tcpSession:
 routerAddress: ""
 portRange:
   start: 
   end:

Edit it accordingly to this guidelines:

  • clearml.apiServerUrlReference: url usually starting with https://api.
  • clearml.apiServerKey: ClearML server api key
  • clearml.apiServerSecret: ClearML server secret key
  • ingress.hostName: url of router we configured previously for loadbalancer starting with https://
  • clearml.sslVerify: enable or disable SSL certificate validation on apiserver calls check
  • clearml.authCookieName: value from value_prefix key starting with allegro_token in envoy.yaml file in ClearML server installation.
  • clearml.jwksKey: value form k key in jwks.json file in ClearML server installation (see below)
  • tcpSession.routerAddress: router external address can be an IP or the host machine or a loadbalancer hostname, depends on the network configuration
  • tcpSession.portRange.start: start port for the TCP Session feature
  • tcpSession.portRange.end: end port port for the TCP Session feature

::: How to find my jwkskey

The JSON Web Key Set (JWKS) is a set of keys containing the public keys used to verify any JSON Web Token (JWT).

kubectl -n clearml get secret clearml-conf \
-o jsonpath='{.data.secure_auth_token_secret}' \
| base64 -d && echo

:::

The whole list of supported configuration is available with the command:

helm show readme allegroai-enterprise/clearml-enterprise-task-traffic-router

Install

To install the TTR component via Helm use the following command:

helm upgrade --install \
<RELEASE_NAME> \
-n <NAME_SPACE> \
allegroai-enterprise/clearml-enterprise-task-traffic-router \
--version <CURRENT CHART VERSION> \
-f task-traffic-router.values-override.yaml