mirror of
https://github.com/clearml/clearml-helm-charts
synced 2025-04-17 01:31:13 +00:00
Changed: remove enterprise features (#204)
This commit is contained in:
Valeriano Manassero
GitHub
parent
da2fb44479
commit
25af4a4d8f
5
.github/workflows/ci.yaml
vendored
5
.github/workflows/ci.yaml
vendored
@ -53,6 +53,11 @@ jobs:
|
||||
echo "changed=true" >> "$GITHUB_OUTPUT"
|
||||
echo "changed_charts=\"${changed//$'\n'/,}\"" >> "$GITHUB_OUTPUT"
|
||||
fi
|
||||
- name: Inject secrets
|
||||
run: |
|
||||
find ./charts/*/ci/*.yaml -type f -exec sed -i "s/AGENTK8SGLUEKEY/${{ secrets.AGENTK8SGLUEKEY }}/g" {} \;
|
||||
find ./charts/*/ci/*.yaml -type f -exec sed -i "s/AGENTK8SGLUESECRET/${{ secrets.AGENTK8SGLUESECRET }}/g" {} \;
|
||||
if: steps.list-changed.outputs.changed == 'true'
|
||||
- name: Run chart-testing (lint and install)
|
||||
run: ct lint-and-install --chart-dirs charts --target-branch main --helm-extra-args "--timeout=15m" --charts=${{steps.list-changed.outputs.changed_charts}} --debug true
|
||||
if: steps.list-changed.outputs.changed == 'true'
|
||||
|
||||
@ -2,7 +2,7 @@ apiVersion: v2
|
||||
name: clearml-agent
|
||||
description: MLOps platform Task running agent
|
||||
type: application
|
||||
version: "4.0.10"
|
||||
version: "5.0.0"
|
||||
appVersion: "1.24"
|
||||
kubeVersion: ">= 1.21.0-0 < 1.28.0-0"
|
||||
home: https://clear.ml
|
||||
@ -20,5 +20,5 @@ keywords:
|
||||
- "task agent"
|
||||
annotations:
|
||||
artifacthub.io/changes: |
|
||||
- kind: added
|
||||
description: support for k8s 1.27
|
||||
- kind: changed
|
||||
description: removed support for enterprise features due to chart split
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
# ClearML Kubernetes Agent
|
||||
|
||||
  
|
||||
  
|
||||
|
||||
MLOps platform Task running agent
|
||||
|
||||
@ -40,20 +40,6 @@ Before issuing helm upgrade:
|
||||
|
||||
* if using securityContexts check for new value form in values.yaml (podSecurityContext and containerSecurityContext)
|
||||
|
||||
## ENTERPRISE Version
|
||||
|
||||
There are some specific Enterprise version features that can be enabled only with specific Enterprise licensed images.
|
||||
Enabling this features on OSS version can cause the entire installation to break.
|
||||
|
||||
### Non root/privileged environments
|
||||
|
||||
*This feature is available for Enterprise version only*
|
||||
|
||||
In environments like Openshift or Tanzu it can be required to run non-root/non-privileged pods/containers.
|
||||
In this case it's recommended to use `values-enterprise-non-root-privileged.yaml` as base for override file.
|
||||
|
||||
Keep in mind it's not possible to install packages on non-root containers so images used for Tasks must already have python, pip and git installed.
|
||||
|
||||
## Source Code
|
||||
|
||||
* <https://github.com/allegroai/clearml-helm-charts>
|
||||
@ -117,19 +103,6 @@ Kubernetes: `>= 1.21.0-0 < 1.28.0-0`
|
||||
| clearml.clearmlConfig | string | `"sdk {\n}"` | ClearML configuration file |
|
||||
| clearml.existingAgentk8sglueSecret | string | `""` | If this is set, chart will not generate a secret but will use what is defined here |
|
||||
| clearml.existingClearmlConfigSecret | string | `""` | If this is set, chart will not generate a secret but will use what is defined here |
|
||||
| enterpriseFeatures | object | `{"agentImageTagOverride":"1.24-58","applyVaultEnvVars":true,"createQueues":false,"enabled":false,"maxPods":10,"monitoredResources":{"maxResources":0,"maxResourcesFieldName":"resources|limits|nvidia.com/gpu","minResourcesFieldName":"resources|limits|nvidia.com/gpu"},"queues":null,"serviceAccountClusterAccess":false,"useOwnerToken":true}` | Enterprise features (work only with an Enterprise license) |
|
||||
| enterpriseFeatures.agentImageTagOverride | string | `"1.24-58"` | Image tag override for enterprise version |
|
||||
| enterpriseFeatures.applyVaultEnvVars | bool | `true` | push env vars from Clear.ML Vault to task pods |
|
||||
| enterpriseFeatures.createQueues | bool | `false` | Create queues if they don't exist |
|
||||
| enterpriseFeatures.enabled | bool | `false` | Enable/Disable Enterprise features |
|
||||
| enterpriseFeatures.maxPods | int | `10` | maximum concurrent consume ClearML Task pod |
|
||||
| enterpriseFeatures.monitoredResources | object | `{"maxResources":0,"maxResourcesFieldName":"resources|limits|nvidia.com/gpu","minResourcesFieldName":"resources|limits|nvidia.com/gpu"}` | GPU resource general counters |
|
||||
| enterpriseFeatures.monitoredResources.maxResources | int | `0` | Maximum resources counter |
|
||||
| enterpriseFeatures.monitoredResources.maxResourcesFieldName | string | `"resources|limits|nvidia.com/gpu"` | Field name used by Agent to count maximum resources |
|
||||
| enterpriseFeatures.monitoredResources.minResourcesFieldName | string | `"resources|limits|nvidia.com/gpu"` | Field name used by Agent to count minimum resources |
|
||||
| enterpriseFeatures.queues | string | `nil` | ClearML queues and related template OVERRIDES used this agent will consume |
|
||||
| enterpriseFeatures.serviceAccountClusterAccess | bool | `false` | service account access every namespace flag |
|
||||
| enterpriseFeatures.useOwnerToken | bool | `true` | Agent must use owner Token |
|
||||
| global | object | `{"imageRegistry":"docker.io"}` | Global parameters section |
|
||||
| global.imageRegistry | string | `"docker.io"` | Images registry |
|
||||
| imageCredentials | object | `{"email":"someone@host.com","enabled":false,"existingSecret":"","password":"pwd","registry":"docker.io","username":"someone"}` | Private image registry configuration |
|
||||
|
||||
@ -37,20 +37,6 @@ Before issuing helm upgrade:
|
||||
|
||||
* if using securityContexts check for new value form in values.yaml (podSecurityContext and containerSecurityContext)
|
||||
|
||||
## ENTERPRISE Version
|
||||
|
||||
There are some specific Enterprise version features that can be enabled only with specific Enterprise licensed images.
|
||||
Enabling this features on OSS version can cause the entire installation to break.
|
||||
|
||||
### Non root/privileged environments
|
||||
|
||||
*This feature is available for Enterprise version only*
|
||||
|
||||
In environments like Openshift or Tanzu it can be required to run non-root/non-privileged pods/containers.
|
||||
In this case it's recommended to use `values-enterprise-non-root-privileged.yaml` as base for override file.
|
||||
|
||||
Keep in mind it's not possible to install packages on non-root containers so images used for Tasks must already have python, pip and git installed.
|
||||
|
||||
{{ template "chart.sourcesSection" . }}
|
||||
|
||||
{{ template "chart.requirementsSection" . }}
|
||||
|
||||
@ -120,160 +120,3 @@ Create secret to access docker registry
|
||||
{{- printf "{\"auths\":{\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}}}" .registry .username .password .email (printf "%s:%s" .username .password | b64enc) | b64enc }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create a queues parameter
|
||||
*/}}
|
||||
{{- define "agentk8sglue.createQueues" -}}
|
||||
{{- if .Values.enterpriseFeatures.createQueues }}
|
||||
{{- printf "%d" 1}}
|
||||
{{- else }}
|
||||
{{- printf "%d" 0 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create a string composed by queue names
|
||||
*/}}
|
||||
{{- define "agentk8sglue.queues" -}}
|
||||
{{- $list := list }}
|
||||
{{- range $key, $value := .Values.enterpriseFeatures.queues }}
|
||||
{{- $list = append $list (printf "%s" $key) }}
|
||||
{{- end }}
|
||||
{{- join " " $list }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create a task container template
|
||||
*/}}
|
||||
{{- define "taskContainer.containerTemplate" -}}
|
||||
{{- if .main.Values.imageCredentials.enabled }}
|
||||
imagePullSecrets:
|
||||
- name: {{ .main.Values.imageCredentials.existingSecret | default (printf "%s-ark" (include "clearmlAgent.fullname" .main )) }}
|
||||
{{- end }}
|
||||
schedulerName: {{ .value.templateOverrides.schedulerName | default (.main.Values.agentk8sglue.basePodTemplate.schedulerName) }}
|
||||
restartPolicy: Never
|
||||
securityContext:
|
||||
{{- .value.templateOverrides.podSecurityContext | default .main.Values.agentk8sglue.basePodTemplate.podSecurityContext | toYaml | nindent 2 }}
|
||||
hostAliases:
|
||||
{{- .value.templateOverrides.hostAliases | default .main.Values.agentk8sglue.basePodTemplate.hostAliases | toYaml | nindent 2 }}
|
||||
volumes:
|
||||
{{ $computedvolumes := (.value.templateOverrides.volumes | default .main.Values.agentk8sglue.basePodTemplate.volumes) }}
|
||||
{{- if $computedvolumes }}{{- $computedvolumes | toYaml | nindent 2 }}{{- end }}
|
||||
{{- if .value.templateOverrides.fileMounts }}
|
||||
- name: filemounts
|
||||
secret:
|
||||
secretName: {{ include "clearmlAgent.fullname" .main }}-{{ .key }}-fm
|
||||
{{- else if .main.Values.agentk8sglue.basePodTemplate.fileMounts }}
|
||||
- name: filemounts
|
||||
secret:
|
||||
secretName: {{ include "clearmlAgent.fullname" .main }}-fm
|
||||
{{- end }}
|
||||
{{- if not .main.Values.enterpriseFeatures.serviceAccountClusterAccess }}
|
||||
serviceAccountName: {{ include "clearmlAgent.serviceAccountName" .main }}
|
||||
{{- end }}
|
||||
initContainers:
|
||||
{{- .value.templateOverrides.initContainers | default .main.Values.agentk8sglue.basePodTemplate.initContainers | toYaml | nindent 2 }}
|
||||
priorityClassName: {{ .value.templateOverrides.priorityClassName | default .main.Values.agentk8sglue.basePodTemplate.priorityClassName }}
|
||||
containers:
|
||||
- resources:
|
||||
{{- .value.templateOverrides.resources | default .main.Values.agentk8sglue.basePodTemplate.resources | toYaml | nindent 4 }}
|
||||
securityContext:
|
||||
{{- .value.templateOverrides.containerSecurityContext | default .main.Values.agentk8sglue.basePodTemplate.containerSecurityContext | toYaml | nindent 4 }}
|
||||
ports:
|
||||
- containerPort: 10022
|
||||
volumeMounts:
|
||||
{{ $computedvolumemounts := (.value.templateOverrides.volumeMounts | default .main.Values.agentk8sglue.basePodTemplate.volumeMounts) }}
|
||||
{{- if $computedvolumemounts }}{{- $computedvolumemounts | toYaml | nindent 4 }}{{- end }}
|
||||
{{- if .value.templateOverrides.fileMounts }}
|
||||
{{- range .value.templateOverrides.fileMounts }}
|
||||
- name: filemounts
|
||||
mountPath: "{{ .folderPath }}/{{ .name }}"
|
||||
subPath: "{{ .name }}"
|
||||
readOnly: true
|
||||
{{- end }}
|
||||
{{- else if .main.Values.agentk8sglue.basePodTemplate.fileMounts }}
|
||||
{{- range .main.Values.agentk8sglue.basePodTemplate.fileMounts }}
|
||||
- name: filemounts
|
||||
mountPath: "{{ .folderPath }}/{{ .name }}"
|
||||
subPath: "{{ .name }}"
|
||||
readOnly: true
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
env:
|
||||
- name: CLEARML_API_HOST
|
||||
value: {{ .main.Values.agentk8sglue.apiServerUrlReference }}
|
||||
- name: CLEARML_WEB_HOST
|
||||
value: {{ .main.Values.agentk8sglue.webServerUrlReference }}
|
||||
- name: CLEARML_FILES_HOST
|
||||
value: {{ .main.Values.agentk8sglue.fileServerUrlReference }}
|
||||
{{- if not .main.Values.enterpriseFeatures.useOwnerToken }}
|
||||
- name: CLEARML_API_ACCESS_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ .main.Values.clearml.existingAgentk8sglueSecret | default (printf "%s-ac" (include "clearmlAgent.fullname" .main )) }}
|
||||
key: agentk8sglue_key
|
||||
- name: CLEARML_API_SECRET_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ .main.Values.clearml.existingAgentk8sglueSecret | default (printf "%s-ac" (include "clearmlAgent.fullname" .main )) }}
|
||||
key: agentk8sglue_secret
|
||||
{{- end }}
|
||||
- name: PYTHONUNBUFFERED
|
||||
value: "x"
|
||||
{{- if not .main.Values.agentk8sglue.clearmlcheckCertificate }}
|
||||
- name: CLEARML_API_HOST_VERIFY_CERT
|
||||
value: "false"
|
||||
{{- end }}
|
||||
{{- $computedenvs := (.value.templateOverrides.env | default .main.Values.agentk8sglue.basePodTemplate.env) -}}
|
||||
{{- if $computedenvs }}{{- $computedenvs | toYaml | nindent 4 }}{{- end }}
|
||||
nodeSelector:
|
||||
{{ .value.templateOverrides.nodeSelector | default .main.Values.agentk8sglue.basePodTemplate.nodeSelector | toYaml | nindent 2 }}
|
||||
tolerations:
|
||||
{{ .value.templateOverrides.tolerations | default .main.Values.agentk8sglue.basePodTemplate.tolerations | toYaml | nindent 2 }}
|
||||
affinity:
|
||||
{{ .value.templateOverrides.affinity | default .main.Values.agentk8sglue.basePodTemplate.affinity | toYaml | nindent 2 }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create a task container template
|
||||
*/}}
|
||||
{{- define "taskContainer.podTemplate" -}}
|
||||
{{- range $key, $value := $.Values.enterpriseFeatures.queues }}
|
||||
{{ $key }}:
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
namespace: {{ $.Release.Namespace }}
|
||||
labels:
|
||||
{{ $value.templateOverrides.labels | default $.Values.agentk8sglue.basePodTemplate.labels | toYaml }}
|
||||
annotations:
|
||||
{{ $value.templateOverrides.annotations | default $.Values.agentk8sglue.basePodTemplate.annotations | toYaml }}
|
||||
spec:
|
||||
{{- $data := dict "main" $ "key" $key "value" $value -}}
|
||||
{{- include "taskContainer.containerTemplate" $data | nindent 4}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create a task container template
|
||||
*/}}
|
||||
{{- define "taskContainer.jobTemplate" -}}
|
||||
{{- range $key, $value := $.Values.enterpriseFeatures.queues }}
|
||||
{{ $key }}:
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
namespace: {{ $.Release.Namespace }}
|
||||
labels:
|
||||
{{ $value.templateOverrides.labels | default $.Values.agentk8sglue.basePodTemplate.labels | toYaml }}
|
||||
annotations:
|
||||
{{ $value.templateOverrides.annotations | default $.Values.agentk8sglue.basePodTemplate.annotations | toYaml }}
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
{{- $data := dict "main" $ "key" $key "value" $value -}}
|
||||
{{- include "taskContainer.containerTemplate" $data | nindent 8 }}
|
||||
backoffLimit: 4
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
@ -3,23 +3,6 @@ kind: ConfigMap
|
||||
metadata:
|
||||
name: {{ include "clearmlAgent.fullname" . }}-pt
|
||||
data:
|
||||
{{- if .Values.enterpriseFeatures.enabled }}
|
||||
template.yaml: |
|
||||
{{- if .Values.agentk8sglue.taskAsJob }}
|
||||
{{ include "taskContainer.jobTemplate" . | nindent 4}}
|
||||
{{- else }}
|
||||
{{ include "taskContainer.podTemplate" . | nindent 4}}
|
||||
{{- end }}
|
||||
secrets.yaml: |
|
||||
{{- range $key, $value := $.Values.enterpriseFeatures.queues }}
|
||||
{{ $key }}:
|
||||
{{- if $value.templateOverrides.fileMounts }}
|
||||
- {{ include "clearmlAgent.fullname" $ }}-{{ $key }}-fm
|
||||
{{- else if $.Values.agentk8sglue.basePodTemplate.fileMounts }}
|
||||
- {{ include "clearmlAgent.fullname" $ }}-fm
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- else }}
|
||||
template.yaml: |
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
@ -98,7 +81,6 @@ data:
|
||||
affinity:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.sessions.portModeEnabled }}
|
||||
{{- range untilStep 1 ( ( add .Values.sessions.maxServices 1 ) | int ) 1 }}
|
||||
services-{{ . }}.yaml: |
|
||||
|
||||
@ -32,11 +32,7 @@ spec:
|
||||
{{ toYaml .Values.agentk8sglue.podSecurityContext | nindent 8 }}
|
||||
initContainers:
|
||||
- name: init-k8s-glue
|
||||
{{- if .Values.enterpriseFeatures.enabled }}
|
||||
image: "{{ include "registryNamePrefix" (dict "globalValues" .Values.global "imageRegistryValue" .Values.agentk8sglue.image.registry) }}{{ .Values.agentk8sglue.image.repository }}:{{ .Values.enterpriseFeatures.agentImageTagOverride }}"
|
||||
{{- else }}
|
||||
image: "{{ include "registryNamePrefix" (dict "globalValues" .Values.global "imageRegistryValue" .Values.agentk8sglue.image.registry) }}{{ .Values.agentk8sglue.image.repository }}:{{ .Values.agentk8sglue.image.tag }}"
|
||||
{{- end }}
|
||||
command:
|
||||
- /bin/sh
|
||||
- -c
|
||||
@ -58,11 +54,7 @@ spec:
|
||||
{{ toYaml .Values.agentk8sglue.containerSecurityContext | nindent 12 }}
|
||||
containers:
|
||||
- name: k8s-glue
|
||||
{{- if .Values.enterpriseFeatures.enabled }}
|
||||
image: "{{ include "registryNamePrefix" (dict "globalValues" .Values.global "imageRegistryValue" .Values.agentk8sglue.image.registry) }}{{ .Values.agentk8sglue.image.repository }}:{{ .Values.enterpriseFeatures.agentImageTagOverride }}"
|
||||
{{- else }}
|
||||
image: "{{ include "registryNamePrefix" (dict "globalValues" .Values.global "imageRegistryValue" .Values.agentk8sglue.image.registry) }}{{ .Values.agentk8sglue.image.repository }}:{{ .Values.agentk8sglue.image.tag }}"
|
||||
{{- end }}
|
||||
imagePullPolicy: IfNotPresent
|
||||
command:
|
||||
- /bin/bash
|
||||
@ -104,7 +96,7 @@ spec:
|
||||
value: "--namespace {{ .Release.Namespace }} --template-yaml /root/template/template.yaml \
|
||||
--ports-mode --num-of-services {{ .Values.sessions.maxServices }} \
|
||||
--base-port {{ .Values.sessions.startingPort }} \
|
||||
--gateway-address {{ .Values.sessions.externalIP }}{{ if .Values.enterpriseFeatures.enabled }}{{ if .Values.enterpriseFeatures.useOwnerToken }} --use-owner-token{{ end }}{{ end }}"
|
||||
--gateway-address {{ .Values.sessions.externalIP }}"
|
||||
{{- if .Values.sessions.dynamicSvcs }}
|
||||
- name: CLEARML_K8S_GLUE_POD_POST_APPLY_CMD
|
||||
value: "kubectl -n {namespace} apply -f ~/template/services-{pod_number}.yaml ; kubectl -n {namespace} label svc clearml-session-{pod_number} service-for={pod_name}"
|
||||
@ -113,8 +105,7 @@ spec:
|
||||
{{- end }}
|
||||
{{- else}}
|
||||
- name: K8S_GLUE_EXTRA_ARGS
|
||||
value: "--namespace {{ .Release.Namespace }} --template-yaml /root/template/template.yaml \
|
||||
--max-pods {{.Values.enterpriseFeatures.maxPods}}{{ if .Values.enterpriseFeatures.enabled }}{{ if .Values.enterpriseFeatures.useOwnerToken }} --use-owner-token{{ end }}{{ end }}"
|
||||
value: "--namespace {{ .Release.Namespace }} --template-yaml /root/template/template.yaml"
|
||||
{{- end }}
|
||||
{{- if .Values.clearml.clearmlConfig }}
|
||||
- name: CLEARML_CONFIG_FILE
|
||||
@ -169,23 +160,8 @@ spec:
|
||||
- name: "CLEARML_K8S_GLUE_KIND"
|
||||
value: "pod"
|
||||
{{- end }}
|
||||
{{- if .Values.enterpriseFeatures.enabled }}
|
||||
- name: K8S_GLUE_QUEUE
|
||||
value: {{ include "agentk8sglue.queues" . | quote }}
|
||||
- name: CLEARML_K8S_GLUE_CREATE_QUEUE
|
||||
value: {{ include "agentk8sglue.createQueues" . | quote }}
|
||||
- name: CLEARML_K8S_GLUE_APPLY_VAULT_ENV_VARS
|
||||
value: {{ .Values.enterpriseFeatures.applyVaultEnvVars | quote }}
|
||||
- name: "CLEARML_K8S_GLUE_POD_MIN_RES_FIELD"
|
||||
value: {{ .Values.enterpriseFeatures.monitoredResources.minResourcesFieldName }}
|
||||
- name: "CLEARML_K8S_GLUE_MAX_RESOURCES"
|
||||
value: "{{.Values.enterpriseFeatures.monitoredResources.maxResources}}"
|
||||
- name: "CLEARML_K8S_GLUE_POD_MAX_RES_FIELD"
|
||||
value: {{ .Values.enterpriseFeatures.monitoredResources.maxResourcesFieldName }}
|
||||
{{- else }}
|
||||
- name: K8S_GLUE_QUEUE
|
||||
value: {{ .Values.agentk8sglue.queue }}
|
||||
{{- end }}
|
||||
{{- if .Values.agentk8sglue.extraEnvs }}
|
||||
{{ toYaml .Values.agentk8sglue.extraEnvs | nindent 12 }}
|
||||
{{- end }}
|
||||
|
||||
@ -5,48 +5,6 @@ metadata:
|
||||
name: {{ include "clearmlAgent.serviceAccountName" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
{{- end }}
|
||||
{{- if .Values.enterpriseFeatures.serviceAccountClusterAccess }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: {{ include "clearmlAgent.fullname" . }}-kpa
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- pods
|
||||
- secrets
|
||||
- services
|
||||
- events
|
||||
verbs: ["get", "list", "watch", "create", "patch", "delete"]
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- namespaces
|
||||
verbs: ["list"]
|
||||
{{- if .Values.agentk8sglue.taskAsJob }}
|
||||
- apiGroups:
|
||||
- batch
|
||||
- extensions
|
||||
resources:
|
||||
- jobs
|
||||
verbs: ["get", "list", "watch", "create", "patch", "delete"]
|
||||
{{- end }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: {{ include "clearmlAgent.fullname" . }}-kpa
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ include "clearmlAgent.serviceAccountName" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: {{ include "clearmlAgent.fullname" . }}-kpa
|
||||
{{- else }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
@ -87,7 +45,6 @@ roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: {{ include "clearmlAgent.fullname" . }}-kpa
|
||||
{{- end }}
|
||||
{{- range .Values.agentk8sglue.additionalClusterRoleBindings }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
|
||||
@ -8,30 +8,3 @@ data:
|
||||
{{ .name }}: {{ .fileContent | b64enc }}
|
||||
{{- end }}
|
||||
{{ end }}
|
||||
---
|
||||
{{- if .Values.enterpriseFeatures.enabled }}
|
||||
{{ if .Values.agentk8sglue.basePodTemplate.fileMounts }}
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ include "clearmlAgent.fullname" . }}-fm
|
||||
data:
|
||||
{{- range .Values.agentk8sglue.basePodTemplate.fileMounts }}
|
||||
{{ .name }}: {{ .fileContent | b64enc }}
|
||||
{{- end }}
|
||||
{{ end }}
|
||||
---
|
||||
{{- range $key, $value := $.Values.agentk8sglue.queues }}
|
||||
{{ if .templateOverrides.fileMounts }}
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ include "clearmlAgent.fullname" $ }}-{{ $key }}-fm
|
||||
data:
|
||||
{{- range .templateOverrides.fileMounts }}
|
||||
{{ .name }}: {{ .fileContent | b64enc }}
|
||||
{{- end }}
|
||||
{{ end }}
|
||||
---
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
@ -1,38 +0,0 @@
|
||||
# These values are for ENTERPRISE version only and they need to be adapted to specific infrastructure needs
|
||||
# containerSecurityContext is highly related to Kubernetes distribution used/configuration and will probably
|
||||
# need to be customized accordingly
|
||||
|
||||
agentk8sglue:
|
||||
defaultContainerImage: "python:3.9"
|
||||
containerSecurityContext:
|
||||
runAsUser: 1000
|
||||
runAsNonRoot: true
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop: ["ALL"]
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
containerCustomBashScript: |
|
||||
export HOME=/tmp ;
|
||||
export LOCAL_PYTHON=python3 ;
|
||||
$LOCAL_PYTHON -m pip install clearml-agent{agent_install_args} ;
|
||||
$LOCAL_PYTHON -m clearml_agent execute {default_execution_agent_args} --id {task_id}
|
||||
extraEnvs:
|
||||
- name: CLEARML_K8S_GLUE_START_AGENT_SCRIPT_PATH
|
||||
value: /tmp/__start_agent__.sh
|
||||
|
||||
basePodTemplate:
|
||||
env:
|
||||
- name: HOME
|
||||
value: /tmp
|
||||
containerSecurityContext:
|
||||
runAsUser: 1000
|
||||
runAsNonRoot: true
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop: ["ALL"]
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
|
||||
enterpriseFeatures:
|
||||
enabled: true
|
||||
@ -230,42 +230,3 @@ sessions:
|
||||
maxServices: 20
|
||||
# -- set interactive queue tags
|
||||
setInteractiveQueuesTag: true
|
||||
|
||||
# -- Enterprise features (work only with an Enterprise license)
|
||||
enterpriseFeatures:
|
||||
# -- Enable/Disable Enterprise features
|
||||
enabled: false
|
||||
# -- Image tag override for enterprise version
|
||||
agentImageTagOverride: "1.24-58"
|
||||
# -- service account access every namespace flag
|
||||
serviceAccountClusterAccess: false
|
||||
# -- push env vars from Clear.ML Vault to task pods
|
||||
applyVaultEnvVars: true
|
||||
# -- GPU resource general counters
|
||||
monitoredResources:
|
||||
# -- Field name used by Agent to count minimum resources
|
||||
minResourcesFieldName: "resources|limits|nvidia.com/gpu"
|
||||
# -- Maximum resources counter
|
||||
maxResources: 0
|
||||
# -- Field name used by Agent to count maximum resources
|
||||
maxResourcesFieldName: "resources|limits|nvidia.com/gpu"
|
||||
# -- maximum concurrent consume ClearML Task pod
|
||||
maxPods: 10
|
||||
# -- Agent must use owner Token
|
||||
useOwnerToken: true
|
||||
# -- Create queues if they don't exist
|
||||
createQueues: false
|
||||
# -- ClearML queues and related template OVERRIDES used this agent will consume
|
||||
queues:
|
||||
# -- name of the queue will be used for this template
|
||||
# default:
|
||||
# -- overrides of the base template for this queue (must be declared even if empty!)
|
||||
# templateOverrides: {}
|
||||
## -- name of the queue will be used for this template
|
||||
# default-gpu:
|
||||
# # -- overrides of the base template for this queue
|
||||
# templateOverrides:
|
||||
# # -- resources declaration for pods spawned to consume ClearML Task
|
||||
# resources:
|
||||
# limits:
|
||||
# nvidia.com/gpu: 1
|
||||
|
||||
@ -2,7 +2,7 @@ apiVersion: v2
|
||||
name: clearml
|
||||
description: MLOps platform
|
||||
type: application
|
||||
version: "6.1.1"
|
||||
version: "7.0.0"
|
||||
appVersion: "1.10.0"
|
||||
kubeVersion: ">= 1.21.0-0 < 1.28.0-0"
|
||||
home: https://clear.ml
|
||||
@ -32,5 +32,5 @@ dependencies:
|
||||
condition: elasticsearch.enabled
|
||||
annotations:
|
||||
artifacthub.io/changes: |
|
||||
- kind: added
|
||||
description: support for k8s 1.27
|
||||
- kind: changed
|
||||
description: removed support for enterprise features due to chart split
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
# ClearML Ecosystem for Kubernetes
|
||||
|
||||
  
|
||||
  
|
||||
|
||||
MLOps platform
|
||||
|
||||
@ -117,18 +117,6 @@ Before issuing helm upgrade:
|
||||
* scale MongoDB deployment(s) replicas to 0
|
||||
* if using securityContexts check for new value form in values.yaml (podSecurityContext and containerSecurityContext)
|
||||
|
||||
## ENTERPRISE Version
|
||||
|
||||
There are some specific Enterprise version features that can be enabled only with specific Enterprise licensed images.
|
||||
Enabling this features on OSS version can cause the entire installation to break.
|
||||
|
||||
### Non root/privileged environments
|
||||
|
||||
*This feature is available for Enterprise version only*
|
||||
|
||||
In environments like Openshift or Tanzu it can be required to run non-root/non-privileged pods/containers.
|
||||
In this case it's recommended to use `values-enterprise-non-root-privileged.yaml` as base for override file.
|
||||
|
||||
## Additional Configuration for ClearML Server
|
||||
|
||||
You can also configure the **clearml-server** for:
|
||||
@ -206,40 +194,6 @@ Kubernetes: `>= 1.21.0-0 < 1.28.0-0`
|
||||
| clearml.testUserKey | string | `"ENP39EQM4SLACGD5FXB7"` | Test Server basic auth key |
|
||||
| clearml.testUserSecret | string | `"lPcm0imbcBZ8mwgO7tpadutiS3gnJD05x9j7afwXPS35IKbpiQ"` | Test File Server basic auth secret |
|
||||
| elasticsearch | object | `{"clusterHealthCheckParams":"wait_for_status=yellow&timeout=1s","clusterName":"clearml-elastic","enabled":true,"esConfig":{"elasticsearch.yml":"xpack.security.enabled: false\n"},"esJavaOpts":"-Xmx2g -Xms2g","extraEnvs":[{"name":"bootstrap.memory_lock","value":"false"},{"name":"cluster.routing.allocation.node_initial_primaries_recoveries","value":"500"},{"name":"cluster.routing.allocation.disk.watermark.low","value":"500mb"},{"name":"cluster.routing.allocation.disk.watermark.high","value":"500mb"},{"name":"cluster.routing.allocation.disk.watermark.flood_stage","value":"500mb"},{"name":"http.compression_level","value":"7"},{"name":"reindex.remote.whitelist","value":"*.*"},{"name":"xpack.monitoring.enabled","value":"false"},{"name":"xpack.security.enabled","value":"false"}],"httpPort":9200,"minimumMasterNodes":1,"persistence":{"enabled":true},"replicas":1,"resources":{"limits":{"cpu":"2000m","memory":"4Gi"},"requests":{"cpu":"100m","memory":"2Gi"}},"roles":{"data":"true","ingest":"true","master":"true","remote_cluster_client":"true"},"volumeClaimTemplate":{"accessModes":["ReadWriteOnce"],"resources":{"requests":{"storage":"50Gi"}},"storageClassName":null}}` | Configuration from https://github.com/elastic/helm-charts/blob/7.16/elasticsearch/values.yaml |
|
||||
| enterpriseFeatures | object | `{"airGappedDocumentation":{"enabled":false,"image":{"registry":"","repository":"","tag":"4"}},"apiserverImageTagOverride":"3.16.0-959","clearmlApplications":{"additionalClusterRoleBindings":[],"additionalRoleBindings":[],"affinity":{},"agentKey":"GK4PRTVT3706T25K6BA1","agentSecret":"ymLh1ok5k5xNUQfS944Xdx9xjf0wueokqKM2dMZfHuH9ayItG2","basePodImage":{"repository":"","tag":"app-1.1.1-47"},"containerCustomBashScript":"","containerSecurityContext":{},"customBashScript":"","enabled":true,"extraEnvs":[],"fileMounts":[],"gitAgentPass":"git_password","gitAgentUser":"git_user","image":{"pullPolicy":"IfNotPresent","repository":"","tag":"1.24-58"},"nodeSelector":{},"podAnnotations":{},"podSecurityContext":{},"replicaCount":1,"resources":{"limits":{"cpu":"2000m","memory":"1Gi"},"requests":{"cpu":"100m","memory":"256Mi"}},"tolerations":[]},"defaultCompanyGuid":"d1bd92a3b039400cbafc60a7a5b1e52b","enabled":false,"extraIndexUrl":"","fileserverImageTagOverride":"3.16.0-959","overrideReferenceApiUrl":"","overrideReferenceFileUrl":"","webserverImageTagOverride":"3.16-922"}` | Enterprise features (work only with an Enterprise license) |
|
||||
| enterpriseFeatures.airGappedDocumentation | object | `{"enabled":false,"image":{"registry":"","repository":"","tag":"4"}}` | Air gapped documentation configurations |
|
||||
| enterpriseFeatures.airGappedDocumentation.enabled | bool | `false` | Enable/Disable air gapped documentation deployment |
|
||||
| enterpriseFeatures.airGappedDocumentation.image | object | `{"registry":"","repository":"","tag":"4"}` | Air gapped documentation image configuration |
|
||||
| enterpriseFeatures.apiserverImageTagOverride | string | `"3.16.0-959"` | Image tag override for apiserver enterprise version |
|
||||
| enterpriseFeatures.clearmlApplications | object | `{"additionalClusterRoleBindings":[],"additionalRoleBindings":[],"affinity":{},"agentKey":"GK4PRTVT3706T25K6BA1","agentSecret":"ymLh1ok5k5xNUQfS944Xdx9xjf0wueokqKM2dMZfHuH9ayItG2","basePodImage":{"repository":"","tag":"app-1.1.1-47"},"containerCustomBashScript":"","containerSecurityContext":{},"customBashScript":"","enabled":true,"extraEnvs":[],"fileMounts":[],"gitAgentPass":"git_password","gitAgentUser":"git_user","image":{"pullPolicy":"IfNotPresent","repository":"","tag":"1.24-58"},"nodeSelector":{},"podAnnotations":{},"podSecurityContext":{},"replicaCount":1,"resources":{"limits":{"cpu":"2000m","memory":"1Gi"},"requests":{"cpu":"100m","memory":"256Mi"}},"tolerations":[]}` | APPS configurations |
|
||||
| enterpriseFeatures.clearmlApplications.additionalClusterRoleBindings | list | `[]` | additional existing ClusterRoleBindings |
|
||||
| enterpriseFeatures.clearmlApplications.additionalRoleBindings | list | `[]` | additional existing RoleBindings |
|
||||
| enterpriseFeatures.clearmlApplications.affinity | object | `{}` | APPS affinity setup |
|
||||
| enterpriseFeatures.clearmlApplications.agentKey | string | `"GK4PRTVT3706T25K6BA1"` | Apps Server basic auth key |
|
||||
| enterpriseFeatures.clearmlApplications.agentSecret | string | `"ymLh1ok5k5xNUQfS944Xdx9xjf0wueokqKM2dMZfHuH9ayItG2"` | Apps Server basic auth secret |
|
||||
| enterpriseFeatures.clearmlApplications.basePodImage | object | `{"repository":"","tag":"app-1.1.1-47"}` | APPS base spawning pods image |
|
||||
| enterpriseFeatures.clearmlApplications.containerCustomBashScript | string | `""` | Custom Bash script for the APPS Task Pods ran by Glue Agent |
|
||||
| enterpriseFeatures.clearmlApplications.containerSecurityContext | object | `{}` | APPS containers security context |
|
||||
| enterpriseFeatures.clearmlApplications.customBashScript | string | `""` | Custom Bash script for the APPS Agent pod ran by Glue Agent |
|
||||
| enterpriseFeatures.clearmlApplications.enabled | bool | `true` | Enable/Disable component deployment |
|
||||
| enterpriseFeatures.clearmlApplications.extraEnvs | list | `[]` | APPS extra envrinoment variables |
|
||||
| enterpriseFeatures.clearmlApplications.fileMounts | list | `[]` | file definition |
|
||||
| enterpriseFeatures.clearmlApplications.gitAgentPass | string | `"git_password"` | Apps Server Git password |
|
||||
| enterpriseFeatures.clearmlApplications.gitAgentUser | string | `"git_user"` | Apps Server Git user |
|
||||
| enterpriseFeatures.clearmlApplications.image | object | `{"pullPolicy":"IfNotPresent","repository":"","tag":"1.24-58"}` | APPS image configuration |
|
||||
| enterpriseFeatures.clearmlApplications.nodeSelector | object | `{}` | APPS nodeselector |
|
||||
| enterpriseFeatures.clearmlApplications.podAnnotations | object | `{}` | specific annotation for APPS pods |
|
||||
| enterpriseFeatures.clearmlApplications.podSecurityContext | object | `{}` | APPS pod security context |
|
||||
| enterpriseFeatures.clearmlApplications.replicaCount | int | `1` | APPS number of pods |
|
||||
| enterpriseFeatures.clearmlApplications.resources | object | `{"limits":{"cpu":"2000m","memory":"1Gi"},"requests":{"cpu":"100m","memory":"256Mi"}}` | APPS resources per pod; these are minimal requirements, it's suggested to increase these values in production environments |
|
||||
| enterpriseFeatures.clearmlApplications.tolerations | list | `[]` | APPS tolerations setup |
|
||||
| enterpriseFeatures.defaultCompanyGuid | string | `"d1bd92a3b039400cbafc60a7a5b1e52b"` | Company ID |
|
||||
| enterpriseFeatures.enabled | bool | `false` | Enable/Disable Enterprise features |
|
||||
| enterpriseFeatures.extraIndexUrl | string | `""` | extra index URL for Enterprise packages |
|
||||
| enterpriseFeatures.fileserverImageTagOverride | string | `"3.16.0-959"` | Image tag override for fileserver enterprise version |
|
||||
| enterpriseFeatures.overrideReferenceApiUrl | string | `""` | set this value AND overrideReferenceFileUrl if external endpoint exposure is in place (like a LoadBalancer) example: "https://api.clearml.local" |
|
||||
| enterpriseFeatures.overrideReferenceFileUrl | string | `""` | set this value AND overrideReferenceAPIUrl if external endpoint exposure is in place (like a LoadBalancer) example: "https://files.clearml.local" |
|
||||
| enterpriseFeatures.webserverImageTagOverride | string | `"3.16-922"` | Image tag override for webserver enterprise version |
|
||||
| externalServices | object | `{"elasticsearchConnectionString":"","mongodbConnectionStringAuth":"","mongodbConnectionStringBackend":"","redisHost":"","redisPort":6379}` | Definition of external services to use if not enabled as dependency charts here |
|
||||
| externalServices.elasticsearchConnectionString | string | `""` | Existing ElasticSearch connectionstring if elasticsearch.enabled is false (example in values.yaml) |
|
||||
| externalServices.mongodbConnectionStringAuth | string | `""` | Existing MongoDB connection string for BACKEND to use if mongodb.enabled is false |
|
||||
|
||||
@ -114,18 +114,6 @@ Before issuing helm upgrade:
|
||||
* scale MongoDB deployment(s) replicas to 0
|
||||
* if using securityContexts check for new value form in values.yaml (podSecurityContext and containerSecurityContext)
|
||||
|
||||
## ENTERPRISE Version
|
||||
|
||||
There are some specific Enterprise version features that can be enabled only with specific Enterprise licensed images.
|
||||
Enabling this features on OSS version can cause the entire installation to break.
|
||||
|
||||
### Non root/privileged environments
|
||||
|
||||
*This feature is available for Enterprise version only*
|
||||
|
||||
In environments like Openshift or Tanzu it can be required to run non-root/non-privileged pods/containers.
|
||||
In this case it's recommended to use `values-enterprise-non-root-privileged.yaml` as base for override file.
|
||||
|
||||
## Additional Configuration for ClearML Server
|
||||
|
||||
You can also configure the **clearml-server** for:
|
||||
|
||||
@ -45,11 +45,7 @@ spec:
|
||||
{{ toYaml .Values.apiserver.podSecurityContext | nindent 8 }}
|
||||
initContainers:
|
||||
- name: init-apiserver
|
||||
{{- if .Values.enterpriseFeatures.enabled }}
|
||||
image: "{{ include "registryNamePrefix" (dict "globalValues" .Values.global "imageRegistryValue" .Values.apiserver.image.registry) }}{{ .Values.apiserver.image.repository }}:{{ .Values.enterpriseFeatures.apiserverImageTagOverride }}"
|
||||
{{- else }}
|
||||
image: "{{ include "registryNamePrefix" (dict "globalValues" .Values.global "imageRegistryValue" .Values.apiserver.image.registry) }}{{ .Values.apiserver.image.repository }}:{{ .Values.apiserver.image.tag }}"
|
||||
{{- end }}
|
||||
command:
|
||||
- /bin/sh
|
||||
- -c
|
||||
@ -77,11 +73,7 @@ spec:
|
||||
{{ toYaml .Values.apiserver.containerSecurityContext | nindent 12 }}
|
||||
containers:
|
||||
- name: clearml-apiserver
|
||||
{{- if .Values.enterpriseFeatures.enabled }}
|
||||
image: "{{ include "registryNamePrefix" (dict "globalValues" .Values.global "imageRegistryValue" .Values.apiserver.image.registry) }}{{ .Values.apiserver.image.repository }}:{{ .Values.enterpriseFeatures.apiserverImageTagOverride }}"
|
||||
{{- else }}
|
||||
image: "{{ include "registryNamePrefix" (dict "globalValues" .Values.global "imageRegistryValue" .Values.apiserver.image.registry) }}{{ .Values.apiserver.image.repository }}:{{ .Values.apiserver.image.tag }}"
|
||||
{{- end }}
|
||||
imagePullPolicy: {{ .Values.apiserver.image.pullPolicy }}
|
||||
ports:
|
||||
- name: http
|
||||
@ -140,70 +132,6 @@ spec:
|
||||
- name: CLEARML__APISERVER__PRE_POPULATE__ZIP_FILES
|
||||
value: "/opt/clearml/db-pre-populate"
|
||||
{{- end }}
|
||||
{{- if .Values.enterpriseFeatures.enabled }}
|
||||
- name: CLEARML__apiserver__default_company
|
||||
value: "{{ .Values.enterpriseFeatures.defaultCompanyGuid }}"
|
||||
- name: APPLY_ES_MAPPINGS
|
||||
value: "false"
|
||||
- name: NUMBER_OF_GUNICORN_WORKERS
|
||||
value: "{{ .Values.apiserver.processes.count }}"
|
||||
- name: GUNICORN_TIMEOUT
|
||||
value: "{{ .Values.apiserver.processes.timeout }}"
|
||||
- name: GUNICORN_MAX_REQUESTS
|
||||
value: "{{ .Values.apiserver.processes.maxRequests }}"
|
||||
- name: GUNICORN_MAX_REQUESTS_JITTER
|
||||
value: "{{ .Values.apiserver.processes.maxRequestsJitter }}"
|
||||
- name: CLEARML_CONFIG_VERBOSE
|
||||
value: "0"
|
||||
- name: CLEARML__SERVICES__APPLICATIONS__TEMPLATES__FOLDER
|
||||
value: "/opt/allegro/config/applications"
|
||||
- name: CLEARML__apiserver__apilog__prefix
|
||||
value: "fluentd."
|
||||
- name: CLEARML__apiserver__apilog__index_name_prefix__default
|
||||
value: "allegro.apiserver.api-logs."
|
||||
- name: CLEARML__apiserver__apilog__adapter
|
||||
value: "logging"
|
||||
- name: CLEARML__apiserver__apilog__rotation__index_size
|
||||
value: "225000"
|
||||
- name: CLEARML__services__tasks__non_responsive_tasks_watchdog__enabled
|
||||
value: "false"
|
||||
- name: CLEARML__APISERVER__AUTH__COOKIES__MAX_AGE
|
||||
value: "2678400"
|
||||
- name: CLEARML__services__frames__scroll_state_expiration_hours
|
||||
value: "6"
|
||||
- name: CLEARML__services__organization__features__applications
|
||||
value: "true"
|
||||
- name: CLEARML__services__organization__features__app_management
|
||||
value: "true"
|
||||
- name: CLEARML__SERVICES___ELASTIC__MAPPINGS__EVENTS__NUMBER_OF_REPLICAS
|
||||
value: {{ .Values.apiserver.indexReplicas | quote }}
|
||||
- name: CLEARML__SERVICES___ELASTIC__MAPPINGS__EVENTS__NUMBER_OF_SHARDS
|
||||
value: {{ .Values.apiserver.indexShards | quote }}
|
||||
- name: CLEARML__APISERVER__LOG_CALLS
|
||||
value: "false"
|
||||
- name: ALLEGRO_ENV
|
||||
value: "onprem_k8s"
|
||||
- name: CLEARML__secure__credentials__fileserver__user_key
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: clearml-conf
|
||||
key: fileserver_key
|
||||
- name: CLEARML__secure__credentials__fileserver__user_secret
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: clearml-conf
|
||||
key: fileserver_secret
|
||||
- name: CLEARML__secure__applications__agents_credentials__apps_agent__user_key
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: clearml-conf
|
||||
key: apps_agent_key
|
||||
- name: CLEARML__secure__applications__agents_credentials__apps_agent__user_secret
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: clearml-conf
|
||||
key: apps_agent_secret
|
||||
{{- else }}
|
||||
- name: CLEARML__SECURE__CREDENTIALS__TESTS__USER_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
@ -216,14 +144,11 @@ spec:
|
||||
key: test_user_secret
|
||||
- name: CLEARML_ENV
|
||||
value: "helm-cloud"
|
||||
{{- end }}
|
||||
{{- if .Values.apiserver.extraEnvs }}
|
||||
{{ toYaml .Values.apiserver.extraEnvs | nindent 10 }}
|
||||
{{- end }}
|
||||
{{- if not .Values.enterpriseFeatures.enabled }}
|
||||
args:
|
||||
- apiserver
|
||||
{{- end }}
|
||||
livenessProbe:
|
||||
initialDelaySeconds: 60
|
||||
httpGet:
|
||||
@ -233,11 +158,7 @@ spec:
|
||||
initialDelaySeconds: 60
|
||||
failureThreshold: 8
|
||||
httpGet:
|
||||
{{- if .Values.enterpriseFeatures.enabled }}
|
||||
path: /server.health_check
|
||||
{{- else }}
|
||||
path: /debug.ping
|
||||
{{- end }}
|
||||
port: 8008
|
||||
httpHeaders:
|
||||
- name: Authorization
|
||||
@ -245,11 +166,7 @@ spec:
|
||||
{{- if or .Values.apiserver.additionalConfigs .Values.apiserver.existingAdditionalConfigsConfigMap .Values.apiserver.existingAdditionalConfigsSecret }}
|
||||
volumeMounts:
|
||||
- name: apiserver-config
|
||||
{{- if .Values.enterpriseFeatures.enabled }}
|
||||
mountPath: /opt/clearml/config/default
|
||||
{{- else }}
|
||||
mountPath: /opt/clearml/config
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
resources:
|
||||
{{- toYaml .Values.apiserver.resources | nindent 12 }}
|
||||
|
||||
@ -1,51 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: {{ include "clearml.fullname" . }}-apps-pt
|
||||
data:
|
||||
template.yaml: |
|
||||
apps_queue:
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
namespace: {{ $.Release.Namespace }}
|
||||
spec:
|
||||
{{- if $.Values.imageCredentials.enabled }}
|
||||
imagePullSecrets:
|
||||
{{- if $.Values.imageCredentials.existingSecret }}
|
||||
- name: {{ $.Values.imageCredentials.existingSecret }}
|
||||
{{- else }}
|
||||
- name: clearml-registry-key
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
serviceAccountName: "clearml-apps-sa"
|
||||
securityContext:
|
||||
{{ toYaml .Values.enterpriseFeatures.clearmlApplications.podSecurityContext | nindent 10 }}
|
||||
volumes:
|
||||
{{- if .Values.enterpriseFeatures.clearmlApplications.fileMounts }}
|
||||
- name: filemounts
|
||||
secret:
|
||||
secretName: {{ include "clearml.fullname" . }}-apps-fm
|
||||
{{- end }}
|
||||
containers:
|
||||
- resources:
|
||||
ports:
|
||||
- containerPort: 10022
|
||||
volumeMounts:
|
||||
{{- range .Values.enterpriseFeatures.clearmlApplications.fileMounts }}
|
||||
- name: filemounts
|
||||
mountPath: "{{ .folderPath }}/{{ .name }}"
|
||||
subPath: "{{ .name }}"
|
||||
readOnly: true
|
||||
{{- end }}
|
||||
env:
|
||||
- name: CLEARML_API_HOST
|
||||
value: "http://{{ include "apiserver.referenceName" . }}:{{ .Values.apiserver.service.port }}"
|
||||
- name: CLEARML_FILES_HOST
|
||||
value: "http://{{ include "fileserver.referenceName" . }}:{{ .Values.fileserver.service.port }}"
|
||||
- name: CLEARML_WEB_HOST
|
||||
value: "http://{{ include "webserver.referenceName" . }}:{{ .Values.webserver.service.port }}"
|
||||
{{- if .Values.enterpriseFeatures.clearmlApplications.extraEnvs }}
|
||||
{{ toYaml .Values.enterpriseFeatures.clearmlApplications.extraEnvs | nindent 10 }}
|
||||
{{- end }}
|
||||
securityContext:
|
||||
{{ toYaml .Values.enterpriseFeatures.clearmlApplications.containerSecurityContext | nindent 12 }}
|
||||
@ -1,149 +0,0 @@
|
||||
{{- if .Values.enterpriseFeatures.enabled }}
|
||||
{{- if .Values.enterpriseFeatures.clearmlApplications.enabled }}
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: {{ include "clearmlApplications.referenceName" . }}
|
||||
labels:
|
||||
{{- include "clearml.labels" . | nindent 4 }}
|
||||
spec:
|
||||
replicas: {{ .Values.enterpriseFeatures.clearmlApplications.replicaCount }}
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "clearmlApplications.selectorLabels" . | nindent 6 }}
|
||||
template:
|
||||
metadata:
|
||||
{{- with .Values.enterpriseFeatures.clearmlApplications.podAnnotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "clearmlApplications.selectorLabels" . | nindent 8 }}
|
||||
spec:
|
||||
{{- if .Values.imageCredentials.enabled }}
|
||||
imagePullSecrets:
|
||||
{{- if .Values.imageCredentials.existingSecret }}
|
||||
- name: {{ .Values.imageCredentials.existingSecret }}
|
||||
{{- else }}
|
||||
- name: clearml-registry-key
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
volumes:
|
||||
- name: {{ include "clearml.fullname" . }}-apps-pt
|
||||
configMap:
|
||||
name: {{ include "clearml.fullname" . }}-apps-pt
|
||||
{{- if .Values.enterpriseFeatures.clearmlApplications.additionalConfigs }}
|
||||
- name: apps-config
|
||||
configMap:
|
||||
name: "{{ include "clearmlApplications.referenceName" . }}-configmap"
|
||||
{{- end }}
|
||||
{{- if .Values.enterpriseFeatures.clearmlApplications.fileMounts }}
|
||||
- name: filemounts
|
||||
secret:
|
||||
secretName: {{ include "clearml.fullname" . }}-apps-fm
|
||||
{{- end }}
|
||||
serviceAccountName: "clearml-apps-sa"
|
||||
securityContext:
|
||||
{{ toYaml .Values.enterpriseFeatures.clearmlApplications.podSecurityContext | nindent 8 }}
|
||||
initContainers:
|
||||
- name: init-apps
|
||||
image: "{{ .Values.enterpriseFeatures.clearmlApplications.image.repository }}:{{ .Values.enterpriseFeatures.clearmlApplications.image.tag | default .Chart.AppVersion }}"
|
||||
command:
|
||||
- /bin/sh
|
||||
- -c
|
||||
- >
|
||||
set -x;
|
||||
while [ $(curl -sw '%{http_code}' "http://{{ include "apiserver.referenceName" . }}:{{ .Values.apiserver.service.port }}/debug.ping" -o /dev/null) -ne 200 ] ; do
|
||||
echo "waiting for apiserver" ;
|
||||
sleep 5 ;
|
||||
done
|
||||
securityContext:
|
||||
{{ toYaml .Values.enterpriseFeatures.clearmlApplications.containerSecurityContext | nindent 12 }}
|
||||
containers:
|
||||
- name: clearml-apps
|
||||
image: "{{ .Values.enterpriseFeatures.clearmlApplications.image.repository }}:{{ .Values.enterpriseFeatures.clearmlApplications.image.tag | default .Chart.AppVersion }}"
|
||||
imagePullPolicy: {{ .Values.enterpriseFeatures.clearmlApplications.image.pullPolicy }}
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 8008
|
||||
protocol: TCP
|
||||
env:
|
||||
- name: CLEARML_API_HOST
|
||||
value: "http://{{ include "apiserver.referenceName" . }}:{{ .Values.apiserver.service.port }}"
|
||||
- name: CLEARML_FILES_HOST
|
||||
value: "http://{{ include "fileserver.referenceName" . }}:{{ .Values.fileserver.service.port }}"
|
||||
- name: CLEARML_WEB_HOST
|
||||
value: "http://{{ include "webserver.referenceName" . }}:{{ .Values.webserver.service.port }}"
|
||||
- name: CLEARML_DOCKER_IMAGE
|
||||
value: "{{ .Values.enterpriseFeatures.clearmlApplications.basePodImage.repository }}:{{ .Values.enterpriseFeatures.clearmlApplications.basePodImage.tag }}"
|
||||
- name: CLEARML_WORKER_ID
|
||||
value: "apps-agent-1"
|
||||
- name: CLEARML_NO_DEFAULT_SERVER
|
||||
value: "true"
|
||||
- name: K8S_GLUE_EXTRA_ARGS
|
||||
value: "--namespace {{ .Release.Namespace }} --template-yaml /root/template/template.yaml \
|
||||
--child-report-tags application --max-pods 5 --use-owner-token"
|
||||
- name: K8S_GLUE_QUEUE
|
||||
value: "apps_queue"
|
||||
- name: CLEARML_AGENT_DISABLE_SSH_MOUNT
|
||||
value: "1"
|
||||
- name: K8S_GLUE_POD_AGENT_INSTALL_ARGS
|
||||
value: " -U"
|
||||
{{ if .Values.enterpriseFeatures.clearmlApplications.containerCustomBashScript }}
|
||||
- name: CLEARML_K8S_GLUE_POD_BASH_SCRIPT
|
||||
value: "{{ .Values.enterpriseFeatures.clearmlApplications.containerCustomBashScript }}"
|
||||
{{- end }}
|
||||
- name: CLEARML_API_ACCESS_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: clearml-conf
|
||||
key: apps_agent_key
|
||||
- name: CLEARML_API_SECRET_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: clearml-conf
|
||||
key: apps_agent_secret
|
||||
- name: CLEARML_AGENT_GIT_USER
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: clearml-conf
|
||||
key: apps_git_agent_user
|
||||
- name: CLEARML_AGENT_GIT_PASS
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: clearml-conf
|
||||
key: apps_git_agent_pass
|
||||
{{- if .Values.enterpriseFeatures.clearmlApplications.extraEnvs }}
|
||||
{{ toYaml .Values.enterpriseFeatures.clearmlApplications.extraEnvs | nindent 10 }}
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
- name: {{ include "clearml.fullname" . }}-apps-pt
|
||||
mountPath: /root/template
|
||||
{{- if .Values.enterpriseFeatures.clearmlApplications.additionalConfigs }}
|
||||
- name: apps-config
|
||||
mountPath: /opt/clearml/config/default
|
||||
{{- end }}
|
||||
{{- range .Values.enterpriseFeatures.clearmlApplications.fileMounts }}
|
||||
- name: filemounts
|
||||
mountPath: "{{ .folderPath }}/{{ .name }}"
|
||||
subPath: "{{ .name }}"
|
||||
readOnly: true
|
||||
{{- end }}
|
||||
securityContext:
|
||||
{{ toYaml .Values.enterpriseFeatures.clearmlApplications.containerSecurityContext | nindent 12 }}
|
||||
resources:
|
||||
{{- toYaml .Values.enterpriseFeatures.clearmlApplications.resources | nindent 12 }}
|
||||
{{- with .Values.enterpriseFeatures.clearmlApplications.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.enterpriseFeatures.clearmlApplications.affinity }}
|
||||
affinity:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.enterpriseFeatures.clearmlApplications.tolerations }}
|
||||
tolerations:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@ -1,63 +0,0 @@
|
||||
{{- if .Values.enterpriseFeatures.enabled }}
|
||||
{{- if .Values.enterpriseFeatures.clearmlApplications.enabled }}
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: "clearml-apps-sa"
|
||||
namespace: {{ .Release.Namespace }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: {{ include "clearmlApplications.referenceName" . }}-kpa
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- pods
|
||||
verbs: ["get", "list", "watch", "create", "patch", "delete"]
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: {{ include "clearmlApplications.referenceName" . }}-kpa
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: "clearml-apps-sa"
|
||||
namespace: {{ .Release.Namespace }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: {{ include "clearmlApplications.referenceName" . }}-kpa
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- range .Values.enterpriseFeatures.clearmlApplications.additionalClusterRoleBindings }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: {{ include "clearmlApplications.referenceName" $ }}-kpa-{{ . }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: "clearml-apps-sa"
|
||||
namespace: {{ $.Release.Namespace }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: {{ . }}
|
||||
{{- end }}
|
||||
{{- range .Values.enterpriseFeatures.clearmlApplications.additionalRoleBindings }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: {{ include "clearmlApplications.referenceName" $ }}-kpa-{{ . }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: "clearml-apps-sa"
|
||||
namespace: {{ $.Release.Namespace }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: {{ . }}
|
||||
{{- end }}
|
||||
@ -1,10 +0,0 @@
|
||||
{{ if .Values.enterpriseFeatures.clearmlApplications.fileMounts }}
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ include "clearml.fullname" . }}-apps-fm
|
||||
data:
|
||||
{{- range .Values.enterpriseFeatures.clearmlApplications.fileMounts }}
|
||||
{{ .name }}: {{ .fileContent | b64enc }}
|
||||
{{- end }}
|
||||
{{ end }}
|
||||
@ -7,11 +7,7 @@ data:
|
||||
apiserver_secret: {{ .Values.clearml.apiserverSecret | b64enc }}
|
||||
fileserver_key: {{ .Values.clearml.fileserverKey | b64enc }}
|
||||
fileserver_secret: {{ .Values.clearml.fileserverSecret | b64enc }}
|
||||
apps_agent_key: {{ .Values.enterpriseFeatures.clearmlApplications.agentKey | b64enc }}
|
||||
apps_agent_secret: {{ .Values.enterpriseFeatures.clearmlApplications.agentSecret | b64enc }}
|
||||
secure_auth_token_secret: {{ .Values.clearml.secureAuthTokenSecret | b64enc }}
|
||||
apps_git_agent_user: {{ .Values.enterpriseFeatures.clearmlApplications.gitAgentUser | b64enc }}
|
||||
apps_git_agent_pass: {{ .Values.enterpriseFeatures.clearmlApplications.gitAgentPass | b64enc }}
|
||||
test_user_key: {{ .Values.clearml.testUserKey | b64enc }}
|
||||
test_user_secret: {{ .Values.clearml.testUserSecret | b64enc }}
|
||||
---
|
||||
|
||||
@ -46,11 +46,7 @@ spec:
|
||||
{{ toYaml .Values.fileserver.podSecurityContext | nindent 8 }}
|
||||
initContainers:
|
||||
- name: init-fileserver
|
||||
{{- if .Values.enterpriseFeatures.enabled }}
|
||||
image: "{{ include "registryNamePrefix" (dict "globalValues" .Values.global "imageRegistryValue" .Values.fileserver.image.registry) }}{{ .Values.fileserver.image.repository }}:{{ .Values.enterpriseFeatures.fileserverImageTagOverride }}"
|
||||
{{- else }}
|
||||
image: "{{ include "registryNamePrefix" (dict "globalValues" .Values.global "imageRegistryValue" .Values.fileserver.image.registry) }}{{ .Values.fileserver.image.repository }}:{{ .Values.fileserver.image.tag }}"
|
||||
{{- end }}
|
||||
command:
|
||||
- /bin/sh
|
||||
- -c
|
||||
@ -64,11 +60,7 @@ spec:
|
||||
{{ toYaml .Values.fileserver.containerSecurityContext | nindent 12 }}
|
||||
containers:
|
||||
- name: clearml-fileserver
|
||||
{{- if .Values.enterpriseFeatures.enabled }}
|
||||
image: "{{ include "registryNamePrefix" (dict "globalValues" .Values.global "imageRegistryValue" .Values.fileserver.image.registry) }}{{ .Values.fileserver.image.repository }}:{{ .Values.enterpriseFeatures.fileserverImageTagOverride }}"
|
||||
{{- else }}
|
||||
image: "{{ include "registryNamePrefix" (dict "globalValues" .Values.global "imageRegistryValue" .Values.fileserver.image.registry) }}{{ .Values.fileserver.image.repository }}:{{ .Values.fileserver.image.tag }}"
|
||||
{{- end }}
|
||||
imagePullPolicy: {{ .Values.fileserver.image.pullPolicy }}
|
||||
ports:
|
||||
- name: http
|
||||
@ -98,10 +90,8 @@ spec:
|
||||
{{- if .Values.fileserver.extraEnvs }}
|
||||
{{ toYaml .Values.fileserver.extraEnvs | nindent 10 }}
|
||||
{{- end }}
|
||||
{{- if not .Values.enterpriseFeatures.enabled }}
|
||||
args:
|
||||
- fileserver
|
||||
{{- end }}
|
||||
livenessProbe:
|
||||
exec:
|
||||
command:
|
||||
|
||||
@ -6,24 +6,6 @@ metadata:
|
||||
labels:
|
||||
{{- include "clearml.labels" . | nindent 4 }}
|
||||
data:
|
||||
{{- if .Values.enterpriseFeatures.enabled }}
|
||||
configuration.json: |
|
||||
{
|
||||
"gettingStartedContext": {
|
||||
"install":"pip install -U --extra-index-url {{ .Values.enterpriseFeatures.extraIndexUrl }} allegroai",
|
||||
"configure": "allegroai-init",
|
||||
"packageName": "allegroai",
|
||||
"agentName": "allegroai"
|
||||
},
|
||||
"docsLink": "https://clear.ml/docs/",
|
||||
"applicationsBackground": "ui-assets/apps-message.svg"
|
||||
{{- if and .Values.enterpriseFeatures.overrideReferenceApiUrl .Values.enterpriseFeatures.overrideReferenceFileUrl }}
|
||||
,
|
||||
"fileBaseUrl": "{{ .Values.enterpriseFeatures.overrideReferenceFileUrl }}",
|
||||
"apiBaseUrl": "{{ .Values.enterpriseFeatures.overrideReferenceApiUrl }}"
|
||||
{{- end }}
|
||||
}
|
||||
{{- end }}
|
||||
{{- range $key, $val := .Values.webserver.additionalConfigs }}
|
||||
{{ $key }}: |
|
||||
{{- $val | nindent 4 }}
|
||||
|
||||
@ -31,36 +31,11 @@ spec:
|
||||
- name: webserver-config
|
||||
configMap:
|
||||
name: "{{ include "webserver.referenceName" . }}-configmap"
|
||||
{{- if .Values.enterpriseFeatures.airGappedDocumentation.enabled }}
|
||||
- name: documentation
|
||||
emptyDir: {}
|
||||
{{- end }}
|
||||
securityContext:
|
||||
{{ toYaml .Values.webserver.podSecurityContext | nindent 8 }}
|
||||
initContainers:
|
||||
{{- if .Values.enterpriseFeatures.airGappedDocumentation.enabled }}
|
||||
- name: init-airgap-docs
|
||||
image: "{{ include "registryNamePrefix" (dict "globalValues" .Values.global "imageRegistryValue" .Values.enterpriseFeatures.airGappedDocumentation.image.registry) }}{{ .Values.enterpriseFeatures.airGappedDocumentation.image.repository }}:{{ .Values.enterpriseFeatures.airGappedDocumentation.image.tag | default .Chart.AppVersion }}"
|
||||
command:
|
||||
- /bin/sh
|
||||
- -c
|
||||
- cp -a /docs_site/* /usr/share/nginx/html/clearml
|
||||
volumeMounts:
|
||||
- name: webserver-config
|
||||
mountPath: /mnt/external_files/configs
|
||||
{{- if .Values.enterpriseFeatures.airGappedDocumentation.enabled }}
|
||||
- mountPath: /usr/share/nginx/html/clearml
|
||||
name: documentation
|
||||
{{- end }}
|
||||
securityContext:
|
||||
{{ toYaml .Values.webserver.containerSecurityContext | nindent 12 }}
|
||||
{{- end }}
|
||||
- name: init-webserver
|
||||
{{- if .Values.enterpriseFeatures.enabled }}
|
||||
image: "{{ include "registryNamePrefix" (dict "globalValues" .Values.global "imageRegistryValue" .Values.webserver.image.registry) }}{{ .Values.webserver.image.repository }}:{{ .Values.enterpriseFeatures.webserverImageTagOverride }}"
|
||||
{{- else }}
|
||||
image: "{{ include "registryNamePrefix" (dict "globalValues" .Values.global "imageRegistryValue" .Values.webserver.image.registry) }}{{ .Values.webserver.image.repository }}:{{ .Values.webserver.image.tag }}"
|
||||
{{- end }}
|
||||
command:
|
||||
- /bin/sh
|
||||
- -c
|
||||
@ -74,67 +49,29 @@ spec:
|
||||
{{ toYaml .Values.webserver.containerSecurityContext | nindent 12 }}
|
||||
containers:
|
||||
- name: clearml-webserver
|
||||
{{- if .Values.enterpriseFeatures.enabled }}
|
||||
image: "{{ include "registryNamePrefix" (dict "globalValues" .Values.global "imageRegistryValue" .Values.webserver.image.registry) }}{{ .Values.webserver.image.repository }}:{{ .Values.enterpriseFeatures.webserverImageTagOverride }}"
|
||||
{{- else }}
|
||||
image: "{{ include "registryNamePrefix" (dict "globalValues" .Values.global "imageRegistryValue" .Values.webserver.image.registry) }}{{ .Values.webserver.image.repository }}:{{ .Values.webserver.image.tag }}"
|
||||
{{- end }}
|
||||
imagePullPolicy: {{ .Values.webserver.image.pullPolicy }}
|
||||
ports:
|
||||
- name: http
|
||||
{{- if .Values.enterpriseFeatures.enabled }}
|
||||
containerPort: 8080
|
||||
{{- else }}
|
||||
containerPort: 80
|
||||
{{- end }}
|
||||
protocol: TCP
|
||||
livenessProbe:
|
||||
exec:
|
||||
command:
|
||||
- curl
|
||||
- -X OPTIONS
|
||||
{{- if .Values.enterpriseFeatures.enabled }}
|
||||
- http://localhost:8080/
|
||||
{{- else }}
|
||||
- http://localhost:80/
|
||||
{{- end }}
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
- curl
|
||||
- -X OPTIONS
|
||||
{{- if .Values.enterpriseFeatures.enabled }}
|
||||
- http://localhost:8080/
|
||||
{{- else }}
|
||||
- http://localhost:80/
|
||||
{{- end }}
|
||||
env:
|
||||
- name: NGINX_APISERVER_ADDRESS
|
||||
value: "http://{{ include "apiserver.referenceName" . }}:{{ .Values.apiserver.service.port }}"
|
||||
- name: NGINX_FILESERVER_ADDRESS
|
||||
value: "http://{{ include "fileserver.referenceName" . }}:{{ .Values.fileserver.service.port }}"
|
||||
{{- if .Values.enterpriseFeatures.enabled }}
|
||||
{{- if .Values.enterpriseFeatures.airGappedDocumentation.enabled }}
|
||||
- name: WEBSERVER__docsLink
|
||||
value: "\"clearml/docs/\""
|
||||
{{- end }}
|
||||
- name: COMPANY_ID
|
||||
value: "{{ .Values.clearml.defaultCompany }}"
|
||||
- name: WEBSERVER__appsYouTubeIntroLink
|
||||
value: "\"https://www.youtube.com/embed/HACL60h1Z54\""
|
||||
- name: WEBSERVER__appsYouTubeIntroVideoId
|
||||
value: "\"HACL60h1Z54\""
|
||||
- name: USER_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: clearml-conf
|
||||
key: apiserver_key
|
||||
- name: USER_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: clearml-conf
|
||||
key: apiserver_secret
|
||||
{{- end }}
|
||||
{{- if include "clearml.clientConfiguration" . }}
|
||||
- name: WEBSERVER__displayedServerUrls
|
||||
value: {{ include "clearml.clientConfiguration" . | quote }}
|
||||
@ -142,17 +79,11 @@ spec:
|
||||
{{- if .Values.webserver.extraEnvs }}
|
||||
{{ toYaml .Values.webserver.extraEnvs | nindent 10 }}
|
||||
{{- end }}
|
||||
{{- if not .Values.enterpriseFeatures.enabled }}
|
||||
args:
|
||||
- webserver
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
- name: webserver-config
|
||||
mountPath: /mnt/external_files/configs
|
||||
{{- if .Values.enterpriseFeatures.airGappedDocumentation.enabled }}
|
||||
- mountPath: /usr/share/nginx/html/clearml
|
||||
name: documentation
|
||||
{{- end }}
|
||||
resources:
|
||||
{{- toYaml .Values.webserver.resources | nindent 12 }}
|
||||
securityContext:
|
||||
|
||||
@ -13,11 +13,7 @@ spec:
|
||||
type: {{ .Values.webserver.service.type }}
|
||||
ports:
|
||||
- port: {{ .Values.webserver.service.port }}
|
||||
{{- if .Values.enterpriseFeatures.enabled }}
|
||||
targetPort: 8080
|
||||
{{- else }}
|
||||
targetPort: 80
|
||||
{{- end }}
|
||||
{{- if eq .Values.webserver.service.type "NodePort" }}
|
||||
nodePort: {{ .Values.webserver.service.nodePort }}
|
||||
{{- end }}
|
||||
|
||||
@ -1,84 +0,0 @@
|
||||
# These values are for ENTERPRISE version only and they need to be adapted to specific infrastructure needs
|
||||
# containerSecurityContext is highly related to Kubernetes distribution used/configuration and will probably
|
||||
# need to be customized accordingly
|
||||
|
||||
apiserver:
|
||||
containerSecurityContext:
|
||||
runAsUser: 1000
|
||||
runAsNonRoot: true
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop: ["ALL"]
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
|
||||
fileserver:
|
||||
containerSecurityContext:
|
||||
runAsUser: 1000
|
||||
runAsNonRoot: true
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop: ["ALL"]
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
|
||||
webserver:
|
||||
containerSecurityContext:
|
||||
runAsUser: 1000
|
||||
runAsNonRoot: true
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop: ["ALL"]
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
|
||||
enterpriseFeatures:
|
||||
enabled: true
|
||||
clearmlApplications:
|
||||
containerSecurityContext:
|
||||
runAsUser: 1000
|
||||
runAsNonRoot: true
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop: ["ALL"]
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
containerCustomBashScript: |
|
||||
export HOME=/tmp ;
|
||||
export LOCAL_PYTHON=python3 ;
|
||||
$LOCAL_PYTHON -m pip install clearml-agent{agent_install_args} ;
|
||||
$LOCAL_PYTHON -m clearml_agent execute {default_execution_agent_args} --id {task_id}
|
||||
extraEnvs:
|
||||
- name: CLEARML_K8S_GLUE_START_AGENT_SCRIPT_PATH
|
||||
value: /tmp/__start_agent__.sh
|
||||
- name: HOME
|
||||
value: /tmp
|
||||
|
||||
redis:
|
||||
master:
|
||||
containerSecurityContext:
|
||||
runAsNonRoot: true
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop: ["ALL"]
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
mongodb:
|
||||
containerSecurityContext:
|
||||
enabled: true
|
||||
runAsNonRoot: true
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop: ["ALL"]
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
elasticsearch:
|
||||
sysctlInitContainer:
|
||||
enabled: false
|
||||
securityContext:
|
||||
runAsNonRoot: true
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop: ["ALL"]
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
@ -397,91 +397,3 @@ elasticsearch:
|
||||
esConfig:
|
||||
elasticsearch.yml: |
|
||||
xpack.security.enabled: false
|
||||
|
||||
# -- Enterprise features (work only with an Enterprise license)
|
||||
enterpriseFeatures:
|
||||
# -- Enable/Disable Enterprise features
|
||||
enabled: false
|
||||
# -- Company ID
|
||||
defaultCompanyGuid: "d1bd92a3b039400cbafc60a7a5b1e52b"
|
||||
# -- Image tag override for apiserver enterprise version
|
||||
apiserverImageTagOverride: "3.16.0-959"
|
||||
# -- Image tag override for fileserver enterprise version
|
||||
fileserverImageTagOverride: "3.16.0-959"
|
||||
# -- Image tag override for webserver enterprise version
|
||||
webserverImageTagOverride: "3.16-922"
|
||||
# -- Air gapped documentation configurations
|
||||
airGappedDocumentation:
|
||||
# -- Enable/Disable air gapped documentation deployment
|
||||
enabled: false
|
||||
# -- Air gapped documentation image configuration
|
||||
image:
|
||||
registry: ""
|
||||
repository: ""
|
||||
tag: "4"
|
||||
# -- set this value AND overrideReferenceFileUrl if external endpoint exposure is in place (like a LoadBalancer)
|
||||
# example: "https://api.clearml.local"
|
||||
overrideReferenceApiUrl: ""
|
||||
# -- set this value AND overrideReferenceAPIUrl if external endpoint exposure is in place (like a LoadBalancer)
|
||||
# example: "https://files.clearml.local"
|
||||
overrideReferenceFileUrl: ""
|
||||
# -- extra index URL for Enterprise packages
|
||||
extraIndexUrl: ""
|
||||
# -- APPS configurations
|
||||
clearmlApplications:
|
||||
# -- Apps Server basic auth key
|
||||
agentKey: GK4PRTVT3706T25K6BA1
|
||||
# -- Apps Server basic auth secret
|
||||
agentSecret: ymLh1ok5k5xNUQfS944Xdx9xjf0wueokqKM2dMZfHuH9ayItG2
|
||||
# -- Apps Server Git user
|
||||
gitAgentUser: "git_user"
|
||||
# -- Apps Server Git password
|
||||
gitAgentPass: "git_password"
|
||||
# -- Enable/Disable component deployment
|
||||
enabled: true
|
||||
# -- APPS image configuration
|
||||
image:
|
||||
repository: ""
|
||||
pullPolicy: IfNotPresent
|
||||
tag: "1.24-58"
|
||||
# -- APPS base spawning pods image
|
||||
basePodImage:
|
||||
repository: ""
|
||||
tag: "app-1.1.1-47"
|
||||
# -- APPS number of pods
|
||||
replicaCount: 1
|
||||
# -- APPS extra envrinoment variables
|
||||
extraEnvs: []
|
||||
# -- additional existing ClusterRoleBindings
|
||||
additionalClusterRoleBindings: []
|
||||
# - privileged
|
||||
# -- additional existing RoleBindings
|
||||
additionalRoleBindings: []
|
||||
# - privileged
|
||||
# -- Custom Bash script for the APPS Agent pod ran by Glue Agent
|
||||
customBashScript: ""
|
||||
# -- Custom Bash script for the APPS Task Pods ran by Glue Agent
|
||||
containerCustomBashScript: ""
|
||||
# -- APPS pod security context
|
||||
podSecurityContext: {}
|
||||
# -- APPS containers security context
|
||||
containerSecurityContext: {}
|
||||
# -- file definition
|
||||
fileMounts: []
|
||||
# -- specific annotation for APPS pods
|
||||
podAnnotations: {}
|
||||
# -- APPS resources per pod; these are minimal requirements, it's suggested to increase
|
||||
# these values in production environments
|
||||
resources:
|
||||
requests:
|
||||
cpu: 100m
|
||||
memory: 256Mi
|
||||
limits:
|
||||
cpu: 2000m
|
||||
memory: 1Gi
|
||||
# -- APPS nodeselector
|
||||
nodeSelector: {}
|
||||
# -- APPS tolerations setup
|
||||
tolerations: []
|
||||
# -- APPS affinity setup
|
||||
affinity: {}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user