ClearML/clearml-docs
1
0
Fork 0
mirror of https://github.com/clearml/clearml-docs synced 2025-05-31 02:29:29 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
7779945d3e
clearml-docs/docs/deploying_clearml/enterprise_deploy/extra_configs/presign_service.md
revital 7779945d3e Add Enterprise Server deployment usecases
2025-05-14 14:57:35 +03:00

2.2 KiB
Raw Blame History

title
ClearML Presign Service

The ClearML Presign Service is a secure service that generates and redirects pre-signed storage URLs for authenticated users, enabling direct access to cloud-hosted data (e.g., S3) without exposing credentials.

Prerequisites

  • The ClearML Enterprise server is up and running.

  • Generate <ACCESS_KEY> and <SECRET_KEY> credentials in the ClearML Server. The easiest way is via the ClearML UI (Settings > Workspace > App Credentials > Create new credentials).

    :::note Make sure these credentials belong to an admin user or a service user with admin privileges. :::

  • The worker environment must be able to access the ClearML Server over the same network.

Installation

Add the Helm Repo Locally

Add the ClearML Helm repository:

helm repo add clearml-enterprise https://raw.githubusercontent.com/clearml/clearml-enterprise-helm-charts/gh-pages --username <HELM_REPO_TOKEN> --password <HELM_REPO_TOKEN>

Update the repository locally:

helm repo update

Prepare Configuration

Create a presign-service.override.yaml file (make sure to replace the placeholders):

imageCredentials:
  password: "<CLEARML_DOCKERHUB_TOKEN>"
clearml:
  apiServerUrlReference: "<CLEARML_API_SERVER_URL>"
  apiKey: "<ACCESS_KEY>"
  apiSecret: "<SECRET_KEY>"
ingress:
  enabled: true
  hostName: "<PRESIGN_SERVICE_URL>"

Deploy the Helm Chart

Install the clearml-presign-service helm chart in the same namespace as the ClearML Enterprise server:

helm install -n clearml clearml-presign-service clearml-enterprise/clearml-presign-service -f presign-service.override.yaml

Update ClearML Enterprise Server Configuration

Enable the ClearML Server to use the Presign Service by editing your clearml-values.override.yaml file. Add the following to the apiserver.extraEnvs section (make sure to replace <PRESIGN_SERVICE_URL>).

apiserver:
  extraEnvs:
    - name: CLEARML__SERVICES__SYSTEM__COMPANY__DEFAULT__SERVICES
      value: "[{\"type\":\"presign\",\"url\":\"https://<PRESIGN_SERVICE_URL>\",\"use_fallback\":\"false\",\"match_sets\":[{\"rules\":[{\"field\":\"\",\"obj_type\":\"\",\"regex\":\"^s3://\"}]}]}]"

Apply the changes with a Helm upgrade.