diff --git a/charts/clearml-serving/Chart.yaml b/charts/clearml-serving/Chart.yaml index 6eb50b6..78787d2 100644 --- a/charts/clearml-serving/Chart.yaml +++ b/charts/clearml-serving/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: clearml-serving description: ClearML Serving Helm Chart type: application -version: "1.3.0" +version: "1.4.0" appVersion: "1.3.0" kubeVersion: ">= 1.21.0-0 < 1.28.0-0" home: https://clear.ml @@ -33,7 +33,5 @@ dependencies: condition: grafana.enabled annotations: artifacthub.io/changes: | - - kind: changed - description: removed deprecated networkPolicy - - kind: fixed - description: missng ingresses className + - kind: added + description: add support for imageCredentials diff --git a/charts/clearml-serving/README.md b/charts/clearml-serving/README.md index 6cef479..a18b4e0 100644 --- a/charts/clearml-serving/README.md +++ b/charts/clearml-serving/README.md @@ -1,6 +1,6 @@ # ClearML Kubernetes Serving -![Version: 1.3.0](https://img.shields.io/badge/Version-1.3.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.3.0](https://img.shields.io/badge/AppVersion-1.3.0-informational?style=flat-square) +![Version: 1.4.0](https://img.shields.io/badge/Version-1.4.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.3.0](https://img.shields.io/badge/AppVersion-1.3.0-informational?style=flat-square) ClearML Serving Helm Chart @@ -95,5 +95,12 @@ Kubernetes: `>= 1.21.0-0 < 1.28.0-0` | clearml_serving_triton.resources | object | `{}` | Pod resources definition | | clearml_serving_triton.tolerations | list | `[]` | Tolerations configuration | | grafana | object | `{"adminPassword":"clearml","adminUser":"admin","datasources":{"datasources.yaml":{"apiVersion":1,"datasources":[{"access":"proxy","isDefault":true,"name":"Prometheus","type":"prometheus","url":"http://{{ .Release.Name }}-prometheus-server"}]}},"enabled":true}` | Configuration from https://github.com/grafana/helm-charts/blob/main/charts/grafana/values.yaml | +| imageCredentials | object | `{"email":"someone@host.com","enabled":false,"existingSecret":"","password":"pwd","registry":"docker.io","username":"someone"}` | Private image registry configuration | +| imageCredentials.email | string | `"someone@host.com"` | Email | +| imageCredentials.enabled | bool | `false` | Use private authentication mode | +| imageCredentials.existingSecret | string | `""` | If this is set, chart will not generate a secret but will use what is defined here | +| imageCredentials.password | string | `"pwd"` | Registry password | +| imageCredentials.registry | string | `"docker.io"` | Registry name | +| imageCredentials.username | string | `"someone"` | Registry username | | kafka | object | `{"enabled":true}` | Configuration from https://github.com/bitnami/charts/blob/main/bitnami/kafka/values.yaml | | prometheus | object | `{"enabled":true,"extraScrapeConfigs":"- job_name: \"{{ .Release.Name }}-stats\"\n static_configs:\n - targets:\n - \"{{ .Release.Name }}-statistics:9999\"\n","kube-state-metrics":{"enabled":false},"prometheus-node-exporter":{"enabled":false},"prometheus-pushgateway":{"enabled":false},"serverFiles":{"prometheus.yml":{"scrape_configs":[{"job_name":"prometheus","static_configs":[{"targets":["localhost:9090"]}]}]}}}` | Configuration from https://github.com/prometheus-community/helm-charts/blob/main/charts/prometheus/values.yaml | diff --git a/charts/clearml-serving/templates/_helpers.tpl b/charts/clearml-serving/templates/_helpers.tpl index d299aca..5250c9c 100644 --- a/charts/clearml-serving/templates/_helpers.tpl +++ b/charts/clearml-serving/templates/_helpers.tpl @@ -61,6 +61,15 @@ Create the name of the service account to use {{- end }} {{- end }} +{{/* +Create secret to access docker registry +*/}} +{{- define "imagePullSecret" }} +{{- with .Values.imageCredentials }} +{{- printf "{\"auths\":{\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}}}" .registry .username .password .email (printf "%s:%s" .username .password | b64enc) | b64enc }} +{{- end }} +{{- end }} + {{/* Return the target Kubernetes version */}} diff --git a/charts/clearml-serving/templates/clearml-secrets.yaml b/charts/clearml-serving/templates/clearml-secrets.yaml new file mode 100644 index 0000000..ce952a2 --- /dev/null +++ b/charts/clearml-serving/templates/clearml-secrets.yaml @@ -0,0 +1,11 @@ +{{- if .Values.imageCredentials.enabled }} +{{- if not .Values.imageCredentials.existingSecret }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "clearmlAgent.fullname" . }}-ark +type: kubernetes.io/dockerconfigjson +data: + .dockerconfigjson: {{ template "imagePullSecret" . }} +{{- end }} +{{- end }} diff --git a/charts/clearml-serving/templates/clearml-serving-inference-deployment.yaml b/charts/clearml-serving/templates/clearml-serving-inference-deployment.yaml index 9df93b3..58e0997 100644 --- a/charts/clearml-serving/templates/clearml-serving-inference-deployment.yaml +++ b/charts/clearml-serving/templates/clearml-serving-inference-deployment.yaml @@ -18,6 +18,14 @@ spec: clearml.serving.network/clearml-serving-backend: "true" clearml.serving.service: {{ include "clearmlServing.fullname" . }}-inference spec: + {{- if .Values.imageCredentials.enabled }} + imagePullSecrets: + {{- if .Values.imageCredentials.existingSecret }} + - name: {{ .Values.imageCredentials.existingSecret }} + {{- else }} + - name: clearml-registry-key + {{- end }} + {{- end }} containers: - env: - name: CLEARML_API_ACCESS_KEY diff --git a/charts/clearml-serving/templates/clearml-serving-statistics-deployment.yaml b/charts/clearml-serving/templates/clearml-serving-statistics-deployment.yaml index f0f95c0..63ae6dc 100644 --- a/charts/clearml-serving/templates/clearml-serving-statistics-deployment.yaml +++ b/charts/clearml-serving/templates/clearml-serving-statistics-deployment.yaml @@ -19,6 +19,14 @@ spec: clearml.serving.network/clearml-serving-backend: "true" clearml.serving.service: {{ include "clearmlServing.fullname" . }}-statistics spec: + {{- if .Values.imageCredentials.enabled }} + imagePullSecrets: + {{- if .Values.imageCredentials.existingSecret }} + - name: {{ .Values.imageCredentials.existingSecret }} + {{- else }} + - name: clearml-registry-key + {{- end }} + {{- end }} containers: - env: - name: CLEARML_API_ACCESS_KEY diff --git a/charts/clearml-serving/templates/clearml-serving-triton-deployment.yaml b/charts/clearml-serving/templates/clearml-serving-triton-deployment.yaml index 5c9a90a..86343c8 100644 --- a/charts/clearml-serving/templates/clearml-serving-triton-deployment.yaml +++ b/charts/clearml-serving/templates/clearml-serving-triton-deployment.yaml @@ -19,6 +19,14 @@ spec: clearml.serving.network/clearml-serving-backend: "true" clearml.serving.service: {{ include "clearmlServing.fullname" . }}-triton spec: + {{- if .Values.imageCredentials.enabled }} + imagePullSecrets: + {{- if .Values.imageCredentials.existingSecret }} + - name: {{ .Values.imageCredentials.existingSecret }} + {{- else }} + - name: clearml-registry-key + {{- end }} + {{- end }} containers: - env: - name: CLEARML_API_ACCESS_KEY diff --git a/charts/clearml-serving/values.yaml b/charts/clearml-serving/values.yaml index dba86a4..9fcaf9a 100644 --- a/charts/clearml-serving/values.yaml +++ b/charts/clearml-serving/values.yaml @@ -1,3 +1,18 @@ +# -- Private image registry configuration +imageCredentials: + # -- Use private authentication mode + enabled: false + # -- If this is set, chart will not generate a secret but will use what is defined here + existingSecret: "" + # -- Registry name + registry: docker.io + # -- Registry username + username: someone + # -- Registry password + password: pwd + # -- Email + email: someone@host.com + # -- ClearMl generic configurations clearml: apiAccessKey: "ClearML API Access Key"