add imagecredentials to triton docker image (#242)

* add imagecredentials to triton docker image * bump version * add secrets to all serving charts * add changelog entry * Fixed: removed one chart annotations --------- Co-authored-by: Robin <robinvandijk@klippa.com> Co-authored-by: Valeriano Manassero <14011549+valeriano-manassero@users.noreply.github.com>
2025-04-17 01:31:13 +00:00 · 2023-07-19 11:53:25 +02:00 · 2023-07-19 11:53:25 +02:00 · 5ef3727154
commit 5ef3727154
parent 3f7d1a1c1e
8 changed files with 70 additions and 6 deletions
--- a/charts/clearml-serving/Chart.yaml
+++ b/charts/clearml-serving/Chart.yaml
@ -2,7 +2,7 @@ apiVersion: v2
 name: clearml-serving
 description: ClearML Serving Helm Chart
 type: application
-version: "1.3.0"
+version: "1.4.0"
 appVersion: "1.3.0"
 kubeVersion: ">= 1.21.0-0 < 1.28.0-0"
 home: https://clear.ml
@ -33,7 +33,5 @@ dependencies:
    condition: grafana.enabled
 annotations:
  artifacthub.io/changes: |
-    - kind: changed
-      description: removed deprecated networkPolicy
-    - kind: fixed
-      description: missng ingresses className
+    - kind: added
+      description: add support for imageCredentials
--- a/charts/clearml-serving/README.md
+++ b/charts/clearml-serving/README.md
@ -1,6 +1,6 @@
 # ClearML Kubernetes Serving

-![Version: 1.3.0](https://img.shields.io/badge/Version-1.3.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.3.0](https://img.shields.io/badge/AppVersion-1.3.0-informational?style=flat-square)
+![Version: 1.4.0](https://img.shields.io/badge/Version-1.4.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.3.0](https://img.shields.io/badge/AppVersion-1.3.0-informational?style=flat-square)

 ClearML Serving Helm Chart

@ -95,5 +95,12 @@ Kubernetes: `>= 1.21.0-0 < 1.28.0-0`
 | clearml_serving_triton.resources | object | `{}` | Pod resources definition |
 | clearml_serving_triton.tolerations | list | `[]` | Tolerations configuration |
 | grafana | object | `{"adminPassword":"clearml","adminUser":"admin","datasources":{"datasources.yaml":{"apiVersion":1,"datasources":[{"access":"proxy","isDefault":true,"name":"Prometheus","type":"prometheus","url":"http://{{ .Release.Name }}-prometheus-server"}]}},"enabled":true}` | Configuration from https://github.com/grafana/helm-charts/blob/main/charts/grafana/values.yaml |
+| imageCredentials | object | `{"email":"someone@host.com","enabled":false,"existingSecret":"","password":"pwd","registry":"docker.io","username":"someone"}` | Private image registry configuration |
+| imageCredentials.email | string | `"someone@host.com"` | Email |
+| imageCredentials.enabled | bool | `false` | Use private authentication mode |
+| imageCredentials.existingSecret | string | `""` | If this is set, chart will not generate a secret but will use what is defined here |
+| imageCredentials.password | string | `"pwd"` | Registry password |
+| imageCredentials.registry | string | `"docker.io"` | Registry name |
+| imageCredentials.username | string | `"someone"` | Registry username |
 | kafka | object | `{"enabled":true}` | Configuration from https://github.com/bitnami/charts/blob/main/bitnami/kafka/values.yaml |
 | prometheus | object | `{"enabled":true,"extraScrapeConfigs":"- job_name: \"{{ .Release.Name }}-stats\"\n  static_configs:\n    - targets:\n      - \"{{ .Release.Name }}-statistics:9999\"\n","kube-state-metrics":{"enabled":false},"prometheus-node-exporter":{"enabled":false},"prometheus-pushgateway":{"enabled":false},"serverFiles":{"prometheus.yml":{"scrape_configs":[{"job_name":"prometheus","static_configs":[{"targets":["localhost:9090"]}]}]}}}` | Configuration from https://github.com/prometheus-community/helm-charts/blob/main/charts/prometheus/values.yaml |
--- a/charts/clearml-serving/templates/_helpers.tpl
+++ b/charts/clearml-serving/templates/_helpers.tpl
@ -61,6 +61,15 @@ Create the name of the service account to use
 {{- end }}
 {{- end }}

+{{/*
+Create secret to access docker registry
+*/}}
+{{- define "imagePullSecret" }}
+{{- with .Values.imageCredentials }}
+{{- printf "{\"auths\":{\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}}}" .registry .username .password .email (printf "%s:%s" .username .password | b64enc) | b64enc }}
+{{- end }}
+{{- end }}
+
 {{/*
 Return the target Kubernetes version
 */}}
--- a/charts/clearml-serving/templates/clearml-secrets.yaml
+++ b/charts/clearml-serving/templates/clearml-secrets.yaml
@ -0,0 +1,11 @@
+{{- if .Values.imageCredentials.enabled }}
+{{- if not .Values.imageCredentials.existingSecret }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "clearmlAgent.fullname" . }}-ark
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: {{ template "imagePullSecret" . }}
+{{- end }}
+{{- end }}
--- a/charts/clearml-serving/templates/clearml-serving-inference-deployment.yaml
+++ b/charts/clearml-serving/templates/clearml-serving-inference-deployment.yaml
@ -18,6 +18,14 @@ spec:
        clearml.serving.network/clearml-serving-backend: "true"
        clearml.serving.service: {{ include "clearmlServing.fullname" . }}-inference
    spec:
+      {{- if .Values.imageCredentials.enabled }}
+      imagePullSecrets:
+      {{- if .Values.imageCredentials.existingSecret }}
+      - name: {{ .Values.imageCredentials.existingSecret }}
+      {{- else }}
+      - name: clearml-registry-key
+      {{- end }}
+      {{- end }}
      containers:
        - env:
            - name: CLEARML_API_ACCESS_KEY
--- a/charts/clearml-serving/templates/clearml-serving-statistics-deployment.yaml
+++ b/charts/clearml-serving/templates/clearml-serving-statistics-deployment.yaml
@ -19,6 +19,14 @@ spec:
        clearml.serving.network/clearml-serving-backend: "true"
        clearml.serving.service: {{ include "clearmlServing.fullname" . }}-statistics
    spec:
+      {{- if .Values.imageCredentials.enabled }}
+      imagePullSecrets:
+      {{- if .Values.imageCredentials.existingSecret }}
+      - name: {{ .Values.imageCredentials.existingSecret }}
+      {{- else }}
+      - name: clearml-registry-key
+      {{- end }}
+      {{- end }}
      containers:
        - env:
            - name: CLEARML_API_ACCESS_KEY
--- a/charts/clearml-serving/templates/clearml-serving-triton-deployment.yaml
+++ b/charts/clearml-serving/templates/clearml-serving-triton-deployment.yaml
@ -19,6 +19,14 @@ spec:
        clearml.serving.network/clearml-serving-backend: "true"
        clearml.serving.service: {{ include "clearmlServing.fullname" . }}-triton
    spec:
+      {{- if .Values.imageCredentials.enabled }}
+      imagePullSecrets:
+      {{- if .Values.imageCredentials.existingSecret }}
+      - name: {{ .Values.imageCredentials.existingSecret }}
+      {{- else }}
+      - name: clearml-registry-key
+      {{- end }}
+      {{- end }}
      containers:
        - env:
            - name: CLEARML_API_ACCESS_KEY
--- a/charts/clearml-serving/values.yaml
+++ b/charts/clearml-serving/values.yaml
@ -1,3 +1,18 @@
+# -- Private image registry configuration
+imageCredentials:
+  # -- Use private authentication mode
+  enabled: false
+  # -- If this is set, chart will not generate a secret but will use what is defined here
+  existingSecret: ""
+  # -- Registry name
+  registry: docker.io
+  # -- Registry username
+  username: someone
+  # -- Registry password
+  password: pwd
+  # -- Email
+  email: someone@host.com
+
 # -- ClearMl generic configurations
 clearml:
  apiAccessKey: "ClearML API Access Key"