From a51c7ee856e9dd310fe26dbd72922604b0be41a1 Mon Sep 17 00:00:00 2001 From: Daglar Berk Erdem Date: Thu, 2 Jan 2025 17:56:11 +0300 Subject: [PATCH] [ClearML] Added service account annotations (#336) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * fix: removed harcoded apiVersion * feat: add support for custom annotations to the created service account * feat: added service account annotations * chore: updated README.md * chore: chart version bump * Revert "fix: removed harcoded apiVersion" This reverts commit 18da292366cc39050a091af5e156352bc981d857. * Revert "feat: add support for custom annotations to the created service account" This reverts commit 8dc926bf1b52397bda7f3b56111cc84d8356a244. --------- Co-authored-by: Dağlar Berk Erdem --- charts/clearml/Chart.yaml | 4 ++-- charts/clearml/README.md | 11 +++++++---- charts/clearml/templates/serviceAccount.yaml | 12 ++++++++++++ charts/clearml/values.yaml | 6 ++++++ 4 files changed, 27 insertions(+), 6 deletions(-) diff --git a/charts/clearml/Chart.yaml b/charts/clearml/Chart.yaml index 3584a1b..e941fbc 100644 --- a/charts/clearml/Chart.yaml +++ b/charts/clearml/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: clearml description: MLOps platform type: application -version: "7.11.5" +version: "7.12.0" appVersion: "1.16" kubeVersion: ">= 1.21.0-0 < 1.32.0-0" home: https://clear.ml @@ -33,4 +33,4 @@ dependencies: annotations: artifacthub.io/changes: | - kind: added - description: Support for Kubernetes 1.31 + description: Added ability to add annotations to server service accounts diff --git a/charts/clearml/README.md b/charts/clearml/README.md index b76cc58..3a3fff8 100644 --- a/charts/clearml/README.md +++ b/charts/clearml/README.md @@ -1,6 +1,6 @@ # ClearML Ecosystem for Kubernetes -![Version: 7.11.5](https://img.shields.io/badge/Version-7.11.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.16](https://img.shields.io/badge/AppVersion-1.16-informational?style=flat-square) +![Version: 7.12.0](https://img.shields.io/badge/Version-7.12.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.16](https://img.shields.io/badge/AppVersion-1.16-informational?style=flat-square) MLOps platform @@ -153,7 +153,7 @@ Kubernetes: `>= 1.21.0-0 < 1.32.0-0` | Key | Type | Default | Description | |-----|------|---------|-------------| -| apiserver | object | `{"additionalConfigs":{},"additionalVolumeMounts":{},"additionalVolumes":{},"affinity":{},"containerSecurityContext":{},"deploymentAnnotations":null,"enabled":true,"existingAdditionalConfigsConfigMap":"","existingAdditionalConfigsSecret":"","extraEnvs":[],"image":{"pullPolicy":"IfNotPresent","registry":"","repository":"allegroai/clearml","tag":"1.16.2-502"},"ingress":{"annotations":{},"enabled":false,"hostName":"api.clearml.127-0-0-1.nip.io","ingressClassName":"","path":"/","tlsSecretName":""},"initContainers":{"resources":{"limits":{"cpu":"10m","memory":"64Mi"},"requests":{"cpu":"10m","memory":"64Mi"}}},"nodeSelector":{},"podAnnotations":{},"podSecurityContext":{},"prepopulateEnabled":true,"processes":{"count":8,"maxRequests":1000,"maxRequestsJitter":300,"timeout":24000},"replicaCount":1,"resources":{"limits":{"cpu":"2000m","memory":"1Gi"},"requests":{"cpu":"100m","memory":"256Mi"}},"service":{"annotations":{},"nodePort":30008,"port":8008,"type":"NodePort"},"serviceAccountName":"clearml","tolerations":[]}` | Api Server configurations | +| apiserver | object | `{"additionalConfigs":{},"additionalVolumeMounts":{},"additionalVolumes":{},"affinity":{},"containerSecurityContext":{},"deploymentAnnotations":null,"enabled":true,"existingAdditionalConfigsConfigMap":"","existingAdditionalConfigsSecret":"","extraEnvs":[],"image":{"pullPolicy":"IfNotPresent","registry":"","repository":"allegroai/clearml","tag":"1.16.2-502"},"ingress":{"annotations":{},"enabled":false,"hostName":"api.clearml.127-0-0-1.nip.io","ingressClassName":"","path":"/","tlsSecretName":""},"initContainers":{"resources":{"limits":{"cpu":"10m","memory":"64Mi"},"requests":{"cpu":"10m","memory":"64Mi"}}},"nodeSelector":{},"podAnnotations":{},"podSecurityContext":{},"prepopulateEnabled":true,"processes":{"count":8,"maxRequests":1000,"maxRequestsJitter":300,"timeout":24000},"replicaCount":1,"resources":{"limits":{"cpu":"2000m","memory":"1Gi"},"requests":{"cpu":"100m","memory":"256Mi"}},"service":{"annotations":{},"nodePort":30008,"port":8008,"type":"NodePort"},"serviceAccountAnnotations":{},"serviceAccountName":"clearml","tolerations":[]}` | Api Server configurations | | apiserver.additionalConfigs | object | `{}` | files declared in this parameter will be mounted and read by apiserver (examples in values.yaml) if not overridden by existingAdditionalConfigsSecret | | apiserver.additionalVolumeMounts | object | `{}` | Specifies where and how the volumes defined in additionalVolumes. | | apiserver.additionalVolumes | object | `{}` | # Defines extra Kubernetes volumes to be attached to the pod. | @@ -187,6 +187,7 @@ Kubernetes: `>= 1.21.0-0 < 1.32.0-0` | apiserver.service | object | `{"annotations":{},"nodePort":30008,"port":8008,"type":"NodePort"}` | Api Server internal service configuration | | apiserver.service.annotations | object | `{}` | specific annotation for Api Server service | | apiserver.service.nodePort | int | `30008` | If service.type set to NodePort, this will be set to service's nodePort field. If service.type is set to others, this field will be ignored | +| apiserver.serviceAccountAnnotations | object | `{}` | Add the provided map to the annotations for the ServiceAccount resource created by this chart. | | apiserver.serviceAccountName | string | `"clearml"` | The default serviceAccountName to be used | | apiserver.tolerations | list | `[]` | Api Server tolerations setup | | clearml | object | `{"apiserverKey":"GGS9F4M6XB2DXJ5AFT9F","apiserverSecret":"2oGujVFhPfaozhpuz2GzQfA5OyxmMsR3WVJpsCR5hrgHFs20PO","clientConfigurationApiUrl":"","clientConfigurationFilesUrl":"","cookieDomain":"","cookieName":"clearml-token-k8s","defaultCompany":"d1bd92a3b039400cbafc60a7a5b1e52b","existingSecret":"","fileserverKey":"XXCRJ123CEE2KSQ068WO","fileserverSecret":"YIy8EVAC7QCT4FtgitxAQGyW7xRHDZ4jpYlTE7HKiscpORl1hG","readinessprobeKey":"GK4PRTVT3706T25K6BA1","readinessprobeSecret":"ymLh1ok5k5xNUQfS944Xdx9xjf0wueokqKM2dMZfHuH9ayItG2","secureAuthTokenSecret":"ymLh1ok5k5xNUQfS944Xdx9xjf0wueokqKM2dMZfHuH9ayItG2","testUserKey":"ENP39EQM4SLACGD5FXB7","testUserSecret":"lPcm0imbcBZ8mwgO7tpadutiS3gnJD05x9j7afwXPS35IKbpiQ"}` | ClearMl generic configurations | @@ -212,7 +213,7 @@ Kubernetes: `>= 1.21.0-0 < 1.32.0-0` | externalServices.mongodbConnectionStringBackend | string | `"mongodb://mongodb_hostnamehostname:27017/backend"` | Existing MongoDB connection string for AUTH to use if mongodb.enabled is false (example in values.yaml) | | externalServices.redisHost | string | `"redis_hostname"` | Existing Redis Hostname to use if redis.enabled is false (example in values.yaml) | | externalServices.redisPort | int | `6379` | Existing Redis Port to use if redis.enabled is false | -| fileserver | object | `{"additionalVolumeMounts":{},"additionalVolumes":{},"affinity":{},"containerSecurityContext":{},"deploymentAnnotations":{},"enabled":true,"extraEnvs":[],"image":{"pullPolicy":"IfNotPresent","registry":"","repository":"allegroai/clearml","tag":"1.16.2-502"},"ingress":{"annotations":{},"enabled":false,"hostName":"files.clearml.127-0-0-1.nip.io","ingressClassName":"","path":"/","tlsSecretName":""},"initContainers":{"resources":{"limits":{"cpu":"10m","memory":"64Mi"},"requests":{"cpu":"10m","memory":"64Mi"}}},"nodeSelector":{},"podAnnotations":{},"podSecurityContext":{},"replicaCount":1,"resources":{"limits":{"cpu":"2000m","memory":"1Gi"},"requests":{"cpu":"100m","memory":"256Mi"}},"service":{"annotations":{},"nodePort":30081,"port":8081,"type":"NodePort"},"serviceAccountName":"clearml","storage":{"data":{"accessMode":"ReadWriteOnce","class":"","existingPVC":"","size":"50Gi"},"enabled":true},"tolerations":[]}` | File Server configurations | +| fileserver | object | `{"additionalVolumeMounts":{},"additionalVolumes":{},"affinity":{},"containerSecurityContext":{},"deploymentAnnotations":{},"enabled":true,"extraEnvs":[],"image":{"pullPolicy":"IfNotPresent","registry":"","repository":"allegroai/clearml","tag":"1.16.2-502"},"ingress":{"annotations":{},"enabled":false,"hostName":"files.clearml.127-0-0-1.nip.io","ingressClassName":"","path":"/","tlsSecretName":""},"initContainers":{"resources":{"limits":{"cpu":"10m","memory":"64Mi"},"requests":{"cpu":"10m","memory":"64Mi"}}},"nodeSelector":{},"podAnnotations":{},"podSecurityContext":{},"replicaCount":1,"resources":{"limits":{"cpu":"2000m","memory":"1Gi"},"requests":{"cpu":"100m","memory":"256Mi"}},"service":{"annotations":{},"nodePort":30081,"port":8081,"type":"NodePort"},"serviceAccountAnnotations":{},"serviceAccountName":"clearml","storage":{"data":{"accessMode":"ReadWriteOnce","class":"","existingPVC":"","size":"50Gi"},"enabled":true},"tolerations":[]}` | File Server configurations | | fileserver.additionalVolumeMounts | object | `{}` | Specifies where and how the volumes defined in additionalVolumes. | | fileserver.additionalVolumes | object | `{}` | # Defines extra Kubernetes volumes to be attached to the pod. | | fileserver.affinity | object | `{}` | File Server affinity setup | @@ -237,6 +238,7 @@ Kubernetes: `>= 1.21.0-0 < 1.32.0-0` | fileserver.service | object | `{"annotations":{},"nodePort":30081,"port":8081,"type":"NodePort"}` | File Server internal service configuration | | fileserver.service.annotations | object | `{}` | specific annotation for File Server service | | fileserver.service.nodePort | int | `30081` | If service.type set to NodePort, this will be set to service's nodePort field. If service.type is set to others, this field will be ignored | +| fileserver.serviceAccountAnnotations | object | `{}` | Add the provided map to the annotations for the ServiceAccount resource created by this chart. | | fileserver.serviceAccountName | string | `"clearml"` | The default serviceAccountName to be used | | fileserver.storage | object | `{"data":{"accessMode":"ReadWriteOnce","class":"","existingPVC":"","size":"50Gi"},"enabled":true}` | File server persistence settings | | fileserver.storage.data.accessMode | string | `"ReadWriteOnce"` | Access mode (must be ReadWriteMany if fileserver replica > 1) | @@ -255,7 +257,7 @@ Kubernetes: `>= 1.21.0-0 < 1.32.0-0` | imageCredentials.username | string | `"someone"` | Registry username | | mongodb | object | `{"architecture":"standalone","auth":{"enabled":false},"enabled":true,"persistence":{"accessModes":["ReadWriteOnce"],"enabled":true,"size":"50Gi","storageClass":null},"replicaCount":1}` | Configuration from https://github.com/bitnami/charts/blob/master/bitnami/mongodb/values.yaml | | redis | object | `{"architecture":"standalone","auth":{"enabled":false},"databaseNumber":0,"enabled":true,"master":{"name":"{{ .Release.Name }}-redis-master","persistence":{"accessModes":["ReadWriteOnce"],"enabled":true,"size":"5Gi","storageClass":null},"port":6379}}` | Configuration from https://github.com/bitnami/charts/blob/master/bitnami/redis/values.yaml | -| webserver | object | `{"additionalConfigs":{},"additionalVolumeMounts":{},"additionalVolumes":{},"affinity":{},"containerSecurityContext":{},"deploymentAnnotations":{},"enabled":true,"extraEnvs":[],"image":{"pullPolicy":"IfNotPresent","registry":"","repository":"allegroai/clearml","tag":"1.16.2-502"},"ingress":{"annotations":{},"enabled":false,"hostName":"app.clearml.127-0-0-1.nip.io","ingressClassName":"","path":"/","tlsSecretName":""},"initContainers":{"resources":{"limits":{"cpu":"10m","memory":"64Mi"},"requests":{"cpu":"10m","memory":"64Mi"}}},"nodeSelector":{},"podAnnotations":{},"podSecurityContext":{},"replicaCount":1,"resources":{"limits":{"cpu":"2000m","memory":"1Gi"},"requests":{"cpu":"100m","memory":"256Mi"}},"service":{"annotations":{},"nodePort":30080,"port":8080,"type":"NodePort"},"serviceAccountName":"clearml","tolerations":[]}` | Web Server configurations | +| webserver | object | `{"additionalConfigs":{},"additionalVolumeMounts":{},"additionalVolumes":{},"affinity":{},"containerSecurityContext":{},"deploymentAnnotations":{},"enabled":true,"extraEnvs":[],"image":{"pullPolicy":"IfNotPresent","registry":"","repository":"allegroai/clearml","tag":"1.16.2-502"},"ingress":{"annotations":{},"enabled":false,"hostName":"app.clearml.127-0-0-1.nip.io","ingressClassName":"","path":"/","tlsSecretName":""},"initContainers":{"resources":{"limits":{"cpu":"10m","memory":"64Mi"},"requests":{"cpu":"10m","memory":"64Mi"}}},"nodeSelector":{},"podAnnotations":{},"podSecurityContext":{},"replicaCount":1,"resources":{"limits":{"cpu":"2000m","memory":"1Gi"},"requests":{"cpu":"100m","memory":"256Mi"}},"service":{"annotations":{},"nodePort":30080,"port":8080,"type":"NodePort"},"serviceAccountAnnotations":{},"serviceAccountName":"clearml","tolerations":[]}` | Web Server configurations | | webserver.additionalConfigs | object | `{}` | Additional specific webserver configurations | | webserver.additionalVolumeMounts | object | `{}` | Specifies where and how the volumes defined in additionalVolumes. | | webserver.additionalVolumes | object | `{}` | # Defines extra Kubernetes volumes to be attached to the pod. | @@ -281,5 +283,6 @@ Kubernetes: `>= 1.21.0-0 < 1.32.0-0` | webserver.service | object | `{"annotations":{},"nodePort":30080,"port":8080,"type":"NodePort"}` | Web Server internal service configuration | | webserver.service.annotations | object | `{}` | specific annotation for Web Server service | | webserver.service.nodePort | int | `30080` | If service.type set to NodePort, this will be set to service's nodePort field. If service.type is set to others, this field will be ignored | +| webserver.serviceAccountAnnotations | object | `{}` | Add the provided map to the annotations for the ServiceAccount resource created by this chart. | | webserver.serviceAccountName | string | `"clearml"` | The default serviceAccountName to be used | | webserver.tolerations | list | `[]` | Web Server tolerations setup | diff --git a/charts/clearml/templates/serviceAccount.yaml b/charts/clearml/templates/serviceAccount.yaml index d22d4b5..8b8155a 100644 --- a/charts/clearml/templates/serviceAccount.yaml +++ b/charts/clearml/templates/serviceAccount.yaml @@ -2,13 +2,25 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ .Values.apiserver.serviceAccountName }}-apiserver + {{- if .Values.apiserver.serviceAccountAnnotations }} + annotations: + {{- toYaml .Values.apiserver.serviceAccountAnnotations | nindent 4 }} + {{- end }} --- apiVersion: v1 kind: ServiceAccount metadata: name: {{ .Values.fileserver.serviceAccountName }}-fileserver + {{- if .Values.fileserver.serviceAccountAnnotations }} + annotations: + {{- toYaml .Values.fileserver.serviceAccountAnnotations | nindent 4 }} + {{- end }} --- apiVersion: v1 kind: ServiceAccount metadata: name: {{ .Values.webserver.serviceAccountName }}-webserver + {{- if .Values.webserver.serviceAccountAnnotations }} + annotations: + {{- toYaml .Values.webserver.serviceAccountAnnotations | nindent 4 }} + {{- end }} diff --git a/charts/clearml/values.yaml b/charts/clearml/values.yaml index e431353..9033416 100644 --- a/charts/clearml/values.yaml +++ b/charts/clearml/values.yaml @@ -62,6 +62,8 @@ apiserver: prepopulateEnabled: true # -- The default serviceAccountName to be used serviceAccountName: clearml + # -- Add the provided map to the annotations for the ServiceAccount resource created by this chart. + serviceAccountAnnotations: {} # -- Api Server image configuration image: registry: "" @@ -190,6 +192,8 @@ fileserver: deploymentAnnotations: {} # -- The default serviceAccountName to be used serviceAccountName: clearml + # -- Add the provided map to the annotations for the ServiceAccount resource created by this chart. + serviceAccountAnnotations: {} # -- File Server image configuration image: registry: "" @@ -286,6 +290,8 @@ webserver: deploymentAnnotations: {} # -- The default serviceAccountName to be used serviceAccountName: clearml + # -- Add the provided map to the annotations for the ServiceAccount resource created by this chart. + serviceAccountAnnotations: {} # -- Web Server image configuration image: registry: ""