ClearML/clearml-helm-charts
1
0
Fork 0
mirror of https://github.com/clearml/clearml-helm-charts synced 2025-04-17 01:31:13 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Clearml enterprise features (#120)

Browse Source 
* Changed: rename alignment

* Changed: general refactoring

* Changed: version bump

* Added: enterprise company guid

* Added: tanzu rolebinding

* Changed: updated parames

* Changed: bump to 1.9

* Fixed: whitespaces

* Added: fake values for apps git user

* Changed: updated deps

* Changed: app version reference

* Changed: enterprise parameters name

* Changed: image version bump

* Changed: extra index url config for enterprise
This commit is contained in:
Valeriano Manassero 2023-01-04 09:32:01 +01:00 committed by GitHub
parent 874f1cf0ce
commit cb98ae9a19
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
33 changed files with 1349 additions and 763 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
charts/clearml/Chart.yaml
View File

@ -2,8 +2,8 @@ apiVersion: v2
name: clearml
description: MLOps platform
type: application
version: "4.4.0"
appVersion: "1.8.0"
version: "5.0.0"
appVersion: "1.9.0"
kubeVersion: ">= 1.21.0-0 < 1.26.0-0"
home: https://clear.ml
icon: https://raw.githubusercontent.com/allegroai/clearml/master/docs/clearml-logo.svg

254
charts/clearml/README.md
View File

@ -1,6 +1,6 @@
# ClearML Ecosystem for Kubernetes
![Version: 4.4.0](https://img.shields.io/badge/Version-4.4.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.8.0](https://img.shields.io/badge/AppVersion-1.8.0-informational?style=flat-square)
![Version: 5.0.0](https://img.shields.io/badge/Version-5.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.9.0](https://img.shields.io/badge/AppVersion-1.9.0-informational?style=flat-square)
MLOps platform
@ -31,7 +31,7 @@ For development/evaluation it's possible to use [kind](https://kind.sigs.k8s.io)
After installation, following commands will create a complete ClearML insatllation:
```
cat <<EOF | kind create cluster --config=-
cat <<EOF | kind create cluster --config=-
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
@ -85,6 +85,12 @@ This will create 3 ingress rules:
Just pointing the domain records to the IP where ingress controller is responding will complete the deployment process.
A production ready cluster should also have some different configuration like the one proposed in `values-production.yaml` that can be applied with:
```
helm install clearml allegroai/clearml -f values-production.yaml
```
## Upgrades/ Values upgrades
Updating to latest version of this chart can be done in two steps:
@ -103,6 +109,11 @@ helm upgrade clearml allegroai/clearml --version <CURRENT CHART VERSION> -f cust
Please note: updating values only should always be done setting explicit chart version to avoid a possible chart update.
Keeping separate updates procedures between version and values can be a good practice to seprate potential concerns.
## ENTERPRISE Version
There are some specific Enterprise version features that can be enabled only with specific Enterprise licensed images.
Enabling this features on OSS version can cause the entire installation to break.
## Additional Configuration for ClearML Server
You can also configure the **clearml-server** for:
@ -131,146 +142,125 @@ Kubernetes: `>= 1.21.0-0 < 1.26.0-0`
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| apiserver.affinity | object | `{}` | |
| apiserver.authCookiesMaxAge | int | `864000` | Amount of seconds the authorization cookie will last in user browser |
| apiserver.configDir | string | `"/opt/clearml/config"` | |
| apiserver.configuration | object | `{"additionalConfigs":{},"configRefName":"","secretRefName":""}` | additional configurations that can be used by api server; check examples in values.yaml file |
| apiserver.extraEnvs | list | `[]` | |
| apiserver.image.pullPolicy | string | `"IfNotPresent"` | |
| apiserver.image.repository | string | `"allegroai/clearml"` | |
| apiserver.image.tag | string | `"1.8.0"` | |
| apiserver.livenessDelay | int | `60` | |
| apiserver.nodeSelector | object | `{}` | |
| apiserver.podAnnotations | object | `{}` | |
| apiserver.prepopulateArtifactsPath | string | `"/mnt/fileserver"` | |
| apiserver.prepopulateEnabled | string | `"true"` | |
| apiserver.prepopulateZipFiles | string | `"/opt/clearml/db-pre-populate"` | |
| apiserver.readinessDelay | int | `60` | |
| apiserver.replicaCount | int | `1` | |
| apiserver.resources | object | `{}` | |
| apiserver | object | `{"additionalConfigs":{},"affinity":{},"enabled":true,"extraEnvs":[],"image":{"pullPolicy":"IfNotPresent","repository":"allegroai/clearml","tag":"1.9.1-312"},"indexReplicas":0,"indexShards":1,"ingress":{"annotations":{},"enabled":false,"hostName":"api.clearml.127-0-0-1.nip.io","path":"/","tlsSecretName":""},"nodeSelector":{},"podAnnotations":{},"prepopulateEnabled":true,"processes":{"count":8,"maxRequests":1000,"maxRequestsJitter":300,"timeout":24000},"replicaCount":1,"resources":{"limits":{"cpu":"2000m","memory":"1Gi"},"requests":{"cpu":"100m","memory":"256Mi"}},"service":{"nodePort":30008,"port":8008,"type":"NodePort"},"tolerations":[]}` | Api Server configurations |
| apiserver.additionalConfigs | object | `{}` | files declared in this parameter will be mounted and read by apiserver (examples in values.yaml) |
| apiserver.affinity | object | `{}` | Api Server affinity setup |
| apiserver.enabled | bool | `true` | Enable/Disable component deployment |
| apiserver.extraEnvs | list | `[]` | Api Server extra envrinoment variables |
| apiserver.image | object | `{"pullPolicy":"IfNotPresent","repository":"allegroai/clearml","tag":"1.9.1-312"}` | Api Server image configuration |
| apiserver.indexReplicas | int | `0` | Number of additional replicas in Elasticsearch indexes |
| apiserver.indexShards | int | `1` | Number of shards in Elasticsearch indexes |
| apiserver.ingress | object | `{"annotations":{},"enabled":false,"hostName":"api.clearml.127-0-0-1.nip.io","path":"/","tlsSecretName":""}` | Ingress configuration for Api Server component |
| apiserver.ingress.annotations | object | `{}` | Ingress annotations |
| apiserver.ingress.enabled | bool | `false` | Enable/Disable ingress |
| apiserver.ingress.hostName | string | `"api.clearml.127-0-0-1.nip.io"` | Ingress hostname domain |
| apiserver.ingress.path | string | `"/"` | Ingress root path url |
| apiserver.ingress.tlsSecretName | string | `""` | Reference to secret containing TLS certificate. If set, it enables HTTPS on ingress rule. |
| apiserver.nodeSelector | object | `{}` | Api Server nodeselector |
| apiserver.podAnnotations | object | `{}` | specific annotation for Api Server pods |
| apiserver.prepopulateEnabled | bool | `true` | Enable/Disable example data load |
| apiserver.processes | object | `{"count":8,"maxRequests":1000,"maxRequestsJitter":300,"timeout":24000}` | Api Server internal processes configuration |
| apiserver.processes.count | int | `8` | Api Server internal listing processes |
| apiserver.processes.maxRequests | int | `1000` | Api Server maximum number of concurrent requests |
| apiserver.processes.maxRequestsJitter | int | `300` | Api Server max jitter on api request |
| apiserver.processes.timeout | int | `24000` | Api timeout (ms) |
| apiserver.replicaCount | int | `1` | Api Server number of pods |
| apiserver.resources | object | `{"limits":{"cpu":"2000m","memory":"1Gi"},"requests":{"cpu":"100m","memory":"256Mi"}}` | Api Server resources per pod; these are minimal requirements, it's suggested to increase these values in production environments |
| apiserver.service | object | `{"nodePort":30008,"port":8008,"type":"NodePort"}` | Api Server internal service configuration |
| apiserver.service.nodePort | int | `30008` | If service.type set to NodePort, this will be set to service's nodePort field. If service.type is set to others, this field will be ignored |
| apiserver.service.port | int | `8008` | |
| apiserver.service.type | string | `"NodePort"` | This will set to service's spec.type field |
| apiserver.tolerations | list | `[]` | |
| clearml | object | `{"defaultCompany":"d1bd92a3b039400cbafc60a7a5b1e52b"}` | ClearMl generic configurations |
| elasticsearch.clusterHealthCheckParams | string | `"wait_for_status=yellow&timeout=1s"` | |
| elasticsearch.clusterName | string | `"clearml-elastic"` | |
| elasticsearch.enabled | bool | `true` | |
| elasticsearch.esConfig."elasticsearch.yml" | string | `"xpack.security.enabled: false\n"` | |
| elasticsearch.esJavaOpts | string | `"-Xmx2g -Xms2g"` | |
| elasticsearch.extraEnvs[0].name | string | `"bootstrap.memory_lock"` | |
| elasticsearch.extraEnvs[0].value | string | `"false"` | |
| elasticsearch.extraEnvs[1].name | string | `"cluster.routing.allocation.node_initial_primaries_recoveries"` | |
| elasticsearch.extraEnvs[1].value | string | `"500"` | |
| elasticsearch.extraEnvs[2].name | string | `"cluster.routing.allocation.disk.watermark.low"` | |
| elasticsearch.extraEnvs[2].value | string | `"500mb"` | |
| elasticsearch.extraEnvs[3].name | string | `"cluster.routing.allocation.disk.watermark.high"` | |
| elasticsearch.extraEnvs[3].value | string | `"500mb"` | |
| elasticsearch.extraEnvs[4].name | string | `"cluster.routing.allocation.disk.watermark.flood_stage"` | |
| elasticsearch.extraEnvs[4].value | string | `"500mb"` | |
| elasticsearch.extraEnvs[5].name | string | `"http.compression_level"` | |
| elasticsearch.extraEnvs[5].value | string | `"7"` | |
| elasticsearch.extraEnvs[6].name | string | `"reindex.remote.whitelist"` | |
| elasticsearch.extraEnvs[6].value | string | `"*.*"` | |
| elasticsearch.extraEnvs[7].name | string | `"xpack.monitoring.enabled"` | |
| elasticsearch.extraEnvs[7].value | string | `"false"` | |
| elasticsearch.extraEnvs[8].name | string | `"xpack.security.enabled"` | |
| elasticsearch.extraEnvs[8].value | string | `"false"` | |
| elasticsearch.httpPort | int | `9200` | |
| elasticsearch.minimumMasterNodes | int | `1` | |
| elasticsearch.persistence.enabled | bool | `true` | |
| elasticsearch.replicas | int | `1` | |
| elasticsearch.resources.limits.memory | string | `"4Gi"` | |
| elasticsearch.resources.requests.memory | string | `"4Gi"` | |
| elasticsearch.roles.data | string | `"true"` | |
| elasticsearch.roles.ingest | string | `"true"` | |
| elasticsearch.roles.master | string | `"true"` | |
| elasticsearch.roles.remote_cluster_client | string | `"true"` | |
| elasticsearch.volumeClaimTemplate.accessModes[0] | string | `"ReadWriteOnce"` | |
| elasticsearch.volumeClaimTemplate.resources.requests.storage | string | `"50Gi"` | |
| apiserver.tolerations | list | `[]` | Api Server tolerations setup |
| clearml | object | `{"apiserverKey":"GGS9F4M6XB2DXJ5AFT9F","apiserverSecret":"2oGujVFhPfaozhpuz2GzQfA5OyxmMsR3WVJpsCR5hrgHFs20PO","clientConfigurationApiUrl":"","clientConfigurationFilesUrl":"","cookieDomain":"","cookieName":"clearml-token-k8s","defaultCompany":"d1bd92a3b039400cbafc60a7a5b1e52b","fileserverKey":"XXCRJ123CEE2KSQ068WO","fileserverSecret":"YIy8EVAC7QCT4FtgitxAQGyW7xRHDZ4jpYlTE7HKiscpORl1hG","readinessprobeKey":"GK4PRTVT3706T25K6BA1","readinessprobeSecret":"ymLh1ok5k5xNUQfS944Xdx9xjf0wueokqKM2dMZfHuH9ayItG2","secureAuthTokenSecret":"ymLh1ok5k5xNUQfS944Xdx9xjf0wueokqKM2dMZfHuH9ayItG2","testUserKey":"ENP39EQM4SLACGD5FXB7","testUserSecret":"lPcm0imbcBZ8mwgO7tpadutiS3gnJD05x9j7afwXPS35IKbpiQ"}` | ClearMl generic configurations |
| clearml.apiserverKey | string | `"GGS9F4M6XB2DXJ5AFT9F"` | Api Server basic auth key |
| clearml.apiserverSecret | string | `"2oGujVFhPfaozhpuz2GzQfA5OyxmMsR3WVJpsCR5hrgHFs20PO"` | Api Server basic auth secret |
| clearml.clientConfigurationApiUrl | string | `""` | Override the API Urls displayed when showing an example of the SDK's clearml.conf configuration |
| clearml.clientConfigurationFilesUrl | string | `""` | Override the Files Urls displayed when showing an example of the SDK's clearml.conf configuration |
| clearml.cookieDomain | string | `""` | Cookie domain to be left empty if not exposed with an ingress |
| clearml.cookieName | string | `"clearml-token-k8s"` | Name fo the UI cookie |
| clearml.defaultCompany | string | `"d1bd92a3b039400cbafc60a7a5b1e52b"` | Company name |
| clearml.fileserverKey | string | `"XXCRJ123CEE2KSQ068WO"` | File Server basic auth key |
| clearml.fileserverSecret | string | `"YIy8EVAC7QCT4FtgitxAQGyW7xRHDZ4jpYlTE7HKiscpORl1hG"` | File Server basic auth secret |
| clearml.readinessprobeKey | string | `"GK4PRTVT3706T25K6BA1"` | Readiness probe basic auth key |
| clearml.readinessprobeSecret | string | `"ymLh1ok5k5xNUQfS944Xdx9xjf0wueokqKM2dMZfHuH9ayItG2"` | Readiness probe basic auth secret |
| clearml.secureAuthTokenSecret | string | `"ymLh1ok5k5xNUQfS944Xdx9xjf0wueokqKM2dMZfHuH9ayItG2"` | Secure Auth secret |
| clearml.testUserKey | string | `"ENP39EQM4SLACGD5FXB7"` | Test Server basic auth key |
| clearml.testUserSecret | string | `"lPcm0imbcBZ8mwgO7tpadutiS3gnJD05x9j7afwXPS35IKbpiQ"` | Test File Server basic auth secret |
| elasticsearch | object | `{"clusterHealthCheckParams":"wait_for_status=yellow&timeout=1s","clusterName":"clearml-elastic","enabled":true,"esConfig":{"elasticsearch.yml":"xpack.security.enabled: false\n"},"esJavaOpts":"-Xmx2g -Xms2g","extraEnvs":[{"name":"bootstrap.memory_lock","value":"false"},{"name":"cluster.routing.allocation.node_initial_primaries_recoveries","value":"500"},{"name":"cluster.routing.allocation.disk.watermark.low","value":"500mb"},{"name":"cluster.routing.allocation.disk.watermark.high","value":"500mb"},{"name":"cluster.routing.allocation.disk.watermark.flood_stage","value":"500mb"},{"name":"http.compression_level","value":"7"},{"name":"reindex.remote.whitelist","value":"*.*"},{"name":"xpack.monitoring.enabled","value":"false"},{"name":"xpack.security.enabled","value":"false"}],"httpPort":9200,"minimumMasterNodes":1,"persistence":{"enabled":true},"replicas":1,"resources":{"limits":{"cpu":"2000m","memory":"4Gi"},"requests":{"cpu":"100m","memory":"2Gi"}},"roles":{"data":"true","ingest":"true","master":"true","remote_cluster_client":"true"},"volumeClaimTemplate":{"accessModes":["ReadWriteOnce"],"resources":{"requests":{"storage":"50Gi"}},"storageClassName":null}}` | Configuration from https://github.com/elastic/helm-charts/blob/7.16/elasticsearch/values.yaml |
| enterpriseFeatures | object | `{"airGappedDocumentation":{"enabled":false,"image":{"repository":"","tag":""}},"clearmlApplications":{"affinity":{},"agentKey":"GK4PRTVT3706T25K6BA1","agentSecret":"ymLh1ok5k5xNUQfS944Xdx9xjf0wueokqKM2dMZfHuH9ayItG2","basePodImage":{"repository":"","tag":""},"enabled":true,"extraEnvs":[],"gitAgentPass":"git_password","gitAgentUser":"git_user","image":{"pullPolicy":"IfNotPresent","repository":"","tag":""},"nodeSelector":{},"podAnnotations":{},"replicaCount":1,"resources":{"limits":{"cpu":"2000m","memory":"1Gi"},"requests":{"cpu":"100m","memory":"256Mi"}},"tolerations":[]},"defaultCompanyGuid":"d1bd92a3b039400cbafc60a7a5b1e52b","enabled":false,"extraIndexUrl":"","overrideReferenceApiUrl":"","overrideReferenceFileUrl":""}` | Enterprise features (work only with an Enterprise license) |
| enterpriseFeatures.airGappedDocumentation | object | `{"enabled":false,"image":{"repository":"","tag":""}}` | Air gapped documentation configurations |
| enterpriseFeatures.airGappedDocumentation.enabled | bool | `false` | Enable/Disable air gapped documentation deployment |
| enterpriseFeatures.airGappedDocumentation.image | object | `{"repository":"","tag":""}` | Air gapped documentation image configuration |
| enterpriseFeatures.clearmlApplications | object | `{"affinity":{},"agentKey":"GK4PRTVT3706T25K6BA1","agentSecret":"ymLh1ok5k5xNUQfS944Xdx9xjf0wueokqKM2dMZfHuH9ayItG2","basePodImage":{"repository":"","tag":""},"enabled":true,"extraEnvs":[],"gitAgentPass":"git_password","gitAgentUser":"git_user","image":{"pullPolicy":"IfNotPresent","repository":"","tag":""},"nodeSelector":{},"podAnnotations":{},"replicaCount":1,"resources":{"limits":{"cpu":"2000m","memory":"1Gi"},"requests":{"cpu":"100m","memory":"256Mi"}},"tolerations":[]}` | APPS configurations |
| enterpriseFeatures.clearmlApplications.affinity | object | `{}` | APPS affinity setup |
| enterpriseFeatures.clearmlApplications.agentKey | string | `"GK4PRTVT3706T25K6BA1"` | Apps Server basic auth key |
| enterpriseFeatures.clearmlApplications.agentSecret | string | `"ymLh1ok5k5xNUQfS944Xdx9xjf0wueokqKM2dMZfHuH9ayItG2"` | Apps Server basic auth secret |
| enterpriseFeatures.clearmlApplications.basePodImage | object | `{"repository":"","tag":""}` | APPS base spawning pods image |
| enterpriseFeatures.clearmlApplications.enabled | bool | `true` | Enable/Disable component deployment |
| enterpriseFeatures.clearmlApplications.extraEnvs | list | `[]` | APPS extra envrinoment variables |
| enterpriseFeatures.clearmlApplications.gitAgentPass | string | `"git_password"` | Apps Server Git password |
| enterpriseFeatures.clearmlApplications.gitAgentUser | string | `"git_user"` | Apps Server Git user |
| enterpriseFeatures.clearmlApplications.image | object | `{"pullPolicy":"IfNotPresent","repository":"","tag":""}` | APPS image configuration |
| enterpriseFeatures.clearmlApplications.nodeSelector | object | `{}` | APPS nodeselector |
| enterpriseFeatures.clearmlApplications.podAnnotations | object | `{}` | specific annotation for APPS pods |
| enterpriseFeatures.clearmlApplications.replicaCount | int | `1` | APPS number of pods |
| enterpriseFeatures.clearmlApplications.resources | object | `{"limits":{"cpu":"2000m","memory":"1Gi"},"requests":{"cpu":"100m","memory":"256Mi"}}` | APPS resources per pod; these are minimal requirements, it's suggested to increase these values in production environments |
| enterpriseFeatures.clearmlApplications.tolerations | list | `[]` | APPS tolerations setup |
| enterpriseFeatures.defaultCompanyGuid | string | `"d1bd92a3b039400cbafc60a7a5b1e52b"` | Company ID |
| enterpriseFeatures.enabled | bool | `false` | Enable/Disable Enterprise features |
| enterpriseFeatures.extraIndexUrl | string | `""` | extra index URL for Enterprise packages |
| enterpriseFeatures.overrideReferenceApiUrl | string | `""` | set this value AND overrideReferenceFileUrl if external endpoint exposure is in place (like a LoadBalancer) example: "https://api.clearml.local" |
| enterpriseFeatures.overrideReferenceFileUrl | string | `""` | set this value AND overrideReferenceAPIUrl if external endpoint exposure is in place (like a LoadBalancer) example: "https://files.clearml.local" |
| externalServices | object | `{"elasticsearchHost":"","elasticsearchPort":9200,"mongodbConnectionString":"","redisHost":"","redisPort":6379}` | Definition of external services to use if not enabled as dependency charts here |
| externalServices.elasticsearchHost | string | `""` | Existing ElasticSearch Hostname to use if elasticsearch.enabled is false |
| externalServices.elasticsearchPort | int | `9200` | Existing ElasticSearch Port to use if elasticsearch.enabled is false |
| externalServices.mongodbHost | string | `""` | Existing MongoDB Hostname to use if mongodb.enabled is false |
| externalServices.mongodbPort | int | `27017` | Existing MongoDB Port to use if mongodb.enabled is false |
| externalServices.mongodbConnectionString | string | `""` | Existing MongoDB connection string to use if mongodb.enabled is false |
| externalServices.redisHost | string | `""` | Existing Redis Hostname to use if redis.enabled is false |
| externalServices.redisPort | int | `6379` | Existing Redis Port to use if redis.enabled is false |
| fileserver.affinity | object | `{}` | |
| fileserver.extraEnvs | list | `[]` | |
| fileserver.image.pullPolicy | string | `"IfNotPresent"` | |
| fileserver.image.repository | string | `"allegroai/clearml"` | |
| fileserver.image.tag | string | `"1.8.0"` | |
| fileserver.nodeSelector | object | `{}` | |
| fileserver.podAnnotations | object | `{}` | |
| fileserver.replicaCount | int | `1` | |
| fileserver.resources | object | `{}` | |
| fileserver | object | `{"affinity":{},"enabled":true,"extraEnvs":[],"image":{"pullPolicy":"IfNotPresent","repository":"allegroai/clearml","tag":"1.9.1-312"},"ingress":{"annotations":{},"enabled":false,"hostName":"files.clearml.127-0-0-1.nip.io","path":"/","tlsSecretName":""},"nodeSelector":{},"podAnnotations":{},"replicaCount":1,"resources":{"limits":{"cpu":"2000m","memory":"1Gi"},"requests":{"cpu":"100m","memory":"256Mi"}},"service":{"nodePort":30081,"port":8081,"type":"NodePort"},"storage":{"data":{"accessMode":"ReadWriteOnce","class":"","size":"50Gi"}},"tolerations":[]}` | File Server configurations |
| fileserver.affinity | object | `{}` | File Server affinity setup |
| fileserver.enabled | bool | `true` | Enable/Disable component deployment |
| fileserver.extraEnvs | list | `[]` | File Server extra envrinoment variables |
| fileserver.image | object | `{"pullPolicy":"IfNotPresent","repository":"allegroai/clearml","tag":"1.9.1-312"}` | File Server image configuration |
| fileserver.ingress | object | `{"annotations":{},"enabled":false,"hostName":"files.clearml.127-0-0-1.nip.io","path":"/","tlsSecretName":""}` | Ingress configuration for File Server component |
| fileserver.ingress.annotations | object | `{}` | Ingress annotations |
| fileserver.ingress.enabled | bool | `false` | Enable/Disable ingress |
| fileserver.ingress.hostName | string | `"files.clearml.127-0-0-1.nip.io"` | Ingress hostname domain |
| fileserver.ingress.path | string | `"/"` | Ingress root path url |
| fileserver.ingress.tlsSecretName | string | `""` | Reference to secret containing TLS certificate. If set, it enables HTTPS on ingress rule. |
| fileserver.nodeSelector | object | `{}` | File Server nodeselector |
| fileserver.podAnnotations | object | `{}` | specific annotation for File Server pods |
| fileserver.replicaCount | int | `1` | File Server number of pods |
| fileserver.resources | object | `{"limits":{"cpu":"2000m","memory":"1Gi"},"requests":{"cpu":"100m","memory":"256Mi"}}` | File Server resources per pod; these are minimal requirements, it's suggested to increase these values in production environments |
| fileserver.service | object | `{"nodePort":30081,"port":8081,"type":"NodePort"}` | File Server internal service configuration |
| fileserver.service.nodePort | int | `30081` | If service.type set to NodePort, this will be set to service's nodePort field. If service.type is set to others, this field will be ignored |
| fileserver.service.port | int | `8081` | |
| fileserver.service.type | string | `"NodePort"` | This will set to service's spec.type field |
| fileserver.storage.data.class | string | `""` | |
| fileserver.storage.data.size | string | `"50Gi"` | |
| fileserver.tolerations | list | `[]` | |
| imageCredentials | object | `{"email":"someone@host.com","enabled":false,"existingSecret":"","password":"pwd","registry":"docker.io","username":"someone"}` | Private image registry configuration |
| fileserver.storage | object | `{"data":{"accessMode":"ReadWriteOnce","class":"","size":"50Gi"}}` | File server persistence settings |
| fileserver.storage.data.accessMode | string | `"ReadWriteOnce"` | Access mode (must be ReadWriteMany if fileserver replica > 1) |
| fileserver.storage.data.class | string | `""` | Storage class (use default if empty) |
| fileserver.tolerations | list | `[]` | File Server tolerations setup |
| imageCredentials | object | `{"email":"someone@host.com","enabled":false,"existingSecret":"","password":"pwd","registry":"docker.io","username":"someone"}` | Container registry configuration |
| imageCredentials.email | string | `"someone@host.com"` | Email |
| imageCredentials.enabled | bool | `false` | Use private authentication mode |
| imageCredentials.existingSecret | string | `""` | If this is set, chart will not generate a secret but will use what is defined here |
| imageCredentials.password | string | `"pwd"` | Registry password |
| imageCredentials.registry | string | `"docker.io"` | Registry name |
| imageCredentials.username | string | `"someone"` | Registry username |
| ingress.annotations | object | `{}` | |
| ingress.api.annotations | object | `{}` | |
| ingress.api.enabled | bool | `false` | |
| ingress.api.hostName | string | `"api.clearml.127-0-0-1.nip.io"` | |
| ingress.api.path | string | `"/"` | |
| ingress.api.tlsSecretName | string | `""` | |
| ingress.app.annotations | object | `{}` | |
| ingress.app.enabled | bool | `false` | |
| ingress.app.hostName | string | `"app.clearml.127-0-0-1.nip.io"` | |
| ingress.app.path | string | `"/"` | |
| ingress.app.tlsSecretName | string | `""` | |
| ingress.files.annotations | object | `{}` | |
| ingress.files.enabled | bool | `false` | |
| ingress.files.hostName | string | `"files.clearml.127-0-0-1.nip.io"` | |
| ingress.files.path | string | `"/"` | |
| ingress.files.tlsSecretName | string | `""` | |
| ingress.name | string | `"clearml-server-ingress"` | |
| mongodb.architecture | string | `"standalone"` | |
| mongodb.auth.enabled | bool | `false` | |
| mongodb.enabled | bool | `true` | |
| mongodb.persistence.accessModes[0] | string | `"ReadWriteOnce"` | |
| mongodb.persistence.enabled | bool | `true` | |
| mongodb.persistence.size | string | `"50Gi"` | |
| mongodb.replicaCount | int | `1` | |
| mongodb.service.name | string | `"{{ .Release.Name }}-mongodb"` | |
| mongodb.service.port | int | `27017` | |
| mongodb.service.portName | string | `"mongo-service"` | |
| mongodb.service.type | string | `"ClusterIP"` | |
| redis.cluster.enabled | bool | `false` | |
| redis.databaseNumber | int | `0` | |
| redis.enabled | bool | `true` | |
| redis.master.name | string | `"{{ .Release.Name }}-redis-master"` | |
| redis.master.persistence.accessModes[0] | string | `"ReadWriteOnce"` | |
| redis.master.persistence.enabled | bool | `true` | |
| redis.master.persistence.size | string | `"5Gi"` | |
| redis.master.port | int | `6379` | |
| redis.usePassword | bool | `false` | |
| secret.authToken | string | `"1SCf0ov3Nm544Td2oZ0gXSrsNx5XhMWdVlKz1tOgcx158bD5RV"` | Set for auth_token field |
| secret.credentials.apiserver.accessKey | string | `"5442F3443MJMORWZA3ZH"` | Set for apiserver_key field |
| secret.credentials.apiserver.secretKey | string | `"BxapIRo9ZINi8x25CRxz8Wdmr2pQjzuWVB4PNASZqCtTyWgWVQ"` | Set for apiserver_secret field |
| secret.credentials.tests.accessKey | string | `"ENP39EQM4SLACGD5FXB7"` | Set for tests_user_key field |
| secret.credentials.tests.secretKey | string | `"lPcm0imbcBZ8mwgO7tpadutiS3gnJD05x9j7afwXPS35IKbpiQ"` | Set for tests_user_secret field |
| secret.existingSecret | string | `""` | If this is set, chart will not generate a secret but will use what is defined here |
| secret.httpSession | string | `"9Tw20RbhJ1bLBiHEOWXvhplKGUbTgLzAtwFN2oLQvWwS0uRpD5"` | Set for http_session field |
| webserver.additionalConfigs | object | `{}` | |
| webserver.affinity | object | `{}` | |
| webserver.extraEnvs | list | `[]` | |
| webserver.image.pullPolicy | string | `"IfNotPresent"` | |
| webserver.image.repository | string | `"allegroai/clearml"` | |
| webserver.image.tag | string | `"1.8.0"` | |
| webserver.nodeSelector | object | `{}` | |
| webserver.podAnnotations | object | `{}` | |
| webserver.replicaCount | int | `1` | |
| webserver.resources | object | `{}` | |
| mongodb | object | `{"architecture":"standalone","auth":{"enabled":false},"enabled":true,"persistence":{"accessModes":["ReadWriteOnce"],"enabled":true,"size":"50Gi","storageClass":null},"replicaCount":1}` | Configuration from https://github.com/bitnami/charts/blob/master/bitnami/mongodb/values.yaml |
| redis | object | `{"cluster":{"enabled":false},"databaseNumber":0,"enabled":true,"master":{"name":"{{ .Release.Name }}-redis-master","persistence":{"accessModes":["ReadWriteOnce"],"enabled":true,"size":"5Gi","storageClass":null},"port":6379},"usePassword":false}` | Configuration from https://github.com/bitnami/charts/blob/master/bitnami/redis/values.yaml |
| webserver | object | `{"additionalConfigs":{},"affinity":{},"enabled":true,"extraEnvs":[],"image":{"pullPolicy":"IfNotPresent","repository":"allegroai/clearml","tag":"1.9.1-312"},"ingress":{"annotations":{},"enabled":false,"hostName":"app.clearml.127-0-0-1.nip.io","path":"/","tlsSecretName":""},"nodeSelector":{},"podAnnotations":{},"replicaCount":1,"resources":{"limits":{"cpu":"2000m","memory":"1Gi"},"requests":{"cpu":"100m","memory":"256Mi"}},"service":{"nodePort":30080,"port":8080,"type":"NodePort"},"tolerations":[]}` | Web Server configurations |
| webserver.additionalConfigs | object | `{}` | Additional specific webserver configurations |
| webserver.affinity | object | `{}` | Web Server affinity setup |
| webserver.enabled | bool | `true` | Enable/Disable component deployment |
| webserver.extraEnvs | list | `[]` | Web Server extra envrinoment variables |
| webserver.image | object | `{"pullPolicy":"IfNotPresent","repository":"allegroai/clearml","tag":"1.9.1-312"}` | Web Server image configuration |
| webserver.ingress | object | `{"annotations":{},"enabled":false,"hostName":"app.clearml.127-0-0-1.nip.io","path":"/","tlsSecretName":""}` | Ingress configuration for Web Server component |
| webserver.ingress.annotations | object | `{}` | Ingress annotations |
| webserver.ingress.enabled | bool | `false` | Enable/Disable ingress |
| webserver.ingress.hostName | string | `"app.clearml.127-0-0-1.nip.io"` | Ingress hostname domain |
| webserver.ingress.path | string | `"/"` | Ingress root path url |
| webserver.ingress.tlsSecretName | string | `""` | Reference to secret containing TLS certificate. If set, it enables HTTPS on ingress rule. |
| webserver.nodeSelector | object | `{}` | Web Server nodeselector |
| webserver.podAnnotations | object | `{}` | specific annotation for Web Server pods |
| webserver.replicaCount | int | `1` | Web Server number of pods |
| webserver.resources | object | `{"limits":{"cpu":"2000m","memory":"1Gi"},"requests":{"cpu":"100m","memory":"256Mi"}}` | Web Server resources per pod; these are minimal requirements, it's suggested to increase these values in production environments |
| webserver.service | object | `{"nodePort":30080,"port":8080,"type":"NodePort"}` | Web Server internal service configuration |
| webserver.service.nodePort | int | `30080` | If service.type set to NodePort, this will be set to service's nodePort field. If service.type is set to others, this field will be ignored |
| webserver.service.port | int | `80` | |
| webserver.service.type | string | `"NodePort"` | This will set to service's spec.type field |
| webserver.tolerations | list | `[]` | |
| webserver.tolerations | list | `[]` | Web Server tolerations setup |

13
charts/clearml/README.md.gotmpl
View File

@ -28,7 +28,7 @@ For development/evaluation it's possible to use [kind](https://kind.sigs.k8s.io)
After installation, following commands will create a complete ClearML insatllation:
```
cat <<EOF | kind create cluster --config=- ─╯
cat <<EOF | kind create cluster --config=-
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
@ -82,6 +82,12 @@ This will create 3 ingress rules:
Just pointing the domain records to the IP where ingress controller is responding will complete the deployment process.
A production ready cluster should also have some different configuration like the one proposed in `values-production.yaml` that can be applied with:
```
helm install clearml allegroai/clearml -f values-production.yaml
```
## Upgrades/ Values upgrades
Updating to latest version of this chart can be done in two steps:
@ -100,6 +106,11 @@ helm upgrade clearml allegroai/clearml --version <CURRENT CHART VERSION> -f cust
Please note: updating values only should always be done setting explicit chart version to avoid a possible chart update.
Keeping separate updates procedures between version and values can be a good practice to seprate potential concerns.
## ENTERPRISE Version
There are some specific Enterprise version features that can be enabled only with specific Enterprise licensed images.
Enabling this features on OSS version can cause the entire installation to break.
## Additional Configuration for ClearML Server
You can also configure the **clearml-server** for:

BIN
charts/clearml/charts/elasticsearch-7.16.2.tgz
View File

Binary file not shown.

BIN
charts/clearml/charts/mongodb-10.3.4.tgz
View File

Binary file not shown.

BIN
charts/clearml/charts/redis-10.9.0.tgz
View File

Binary file not shown.

10
charts/clearml/templates/NOTES.txt
View File

@ -1,10 +1,6 @@
1. Get the application URL by running these commands:
{{- if .Values.ingress.enabled }}
{{- range $host := .Values.ingress.hosts }}
{{- range .paths }}
http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
{{- end }}
{{- end }}
1. Get the application URL:
{{- if .Values.webserver.ingress.enabled }}
http{{ if $.Values.webserver.ingress.tls }}s{{ end }}://{{ .Values.webserver.ingress.hostName }}
{{- else if contains "NodePort" .Values.webserver.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "clearml.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")

187
charts/clearml/templates/_helpers.tpl
View File

@ -50,39 +50,64 @@ app.kubernetes.io/name: {{ include "clearml.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Reference Name (apiserver)
*/}}
{{- define "apiserver.referenceName" -}}
{{- include "clearml.name" . }}-apiserver
{{- end }}
{{/*
Selector labels (apiserver)
*/}}
{{- define "clearml.selectorLabelsApiServer" -}}
{{- define "apiserver.selectorLabels" -}}
app.kubernetes.io/name: {{ include "clearml.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}-apiserver
app.kubernetes.io/instance: {{ include "apiserver.referenceName" . }}
{{- end }}
{{/*
Reference Name (fileserver)
*/}}
{{- define "fileserver.referenceName" -}}
{{- include "clearml.name" . }}-fileserver
{{- end }}
{{/*
Selector labels (fileserver)
*/}}
{{- define "clearml.selectorLabelsFileServer" -}}
{{- define "fileserver.selectorLabels" -}}
app.kubernetes.io/name: {{ include "clearml.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}-fileserver
app.kubernetes.io/instance: {{ include "fileserver.referenceName" . }}
{{- end }}
{{/*
Reference Name (webserver)
*/}}
{{- define "webserver.referenceName" -}}
{{- include "clearml.name" . }}-webserver
{{- end }}
{{/*
Selector labels (webserver)
*/}}
{{- define "clearml.selectorLabelsWebServer" -}}
{{- define "webserver.selectorLabels" -}}
app.kubernetes.io/name: {{ include "clearml.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}-webserver
app.kubernetes.io/instance: {{ include "webserver.referenceName" . }}
{{- end }}
Selector labels (agentservices)
{{/*
Reference Name (apps)
*/}}
{{- define "clearml.selectorLabelsAgentServices" -}}
app.kubernetes.io/name: {{ include "clearml.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}-agentservices
{{- define "clearmlApplications.referenceName" -}}
{{- include "clearml.name" . }}-apps
{{- end }}
Selector labels (agent)
{{/*
Selector labels (apps)
*/}}
{{- define "clearml.selectorLabelsAgent" -}}
{{- define "clearmlApplications.selectorLabels" -}}
app.kubernetes.io/name: {{ include "clearml.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}-agent
app.kubernetes.io/instance: {{ include "clearmlApplications.referenceName" . }}
{{- end }}
{{/*
@ -97,53 +122,95 @@ Create the name of the service account to use
{{- end }}
{{/*
Create the name of the App service to use
*/}}
{{- define "clearml.serviceApp" -}}
{{- if .Values.ingress.enabled }}
{{- if .Values.ingress.app.tlsSecretName }}
{{- printf "%s%s" "https://" .Values.ingress.app.hostName }}
{{- else }}
{{- printf "%s%s" "http://" .Values.ingress.app.hostName }}
{{- end }}
{{- else }}
{{- printf "%s%s%s%s" "http://" (include "clearml.fullname" .) "-webserver:" (.Values.webserver.service.port | toString) }}
{{- end }}
{{- end }}
{{/*
Create the name of the Api service to use
*/}}
{{- define "clearml.serviceApi" -}}
{{- if .Values.ingress.enabled }}
{{- if .Values.ingress.api.tlsSecretName }}
{{- printf "%s%s" "https://" .Values.ingress.api.hostName }}
{{- else }}
{{- printf "%s%s" "http://" .Values.ingress.api.hostName }}
{{- end }}
{{- else }}
{{- printf "%s%s%s%s" "http://" (include "clearml.fullname" .) "-apiserver:" (.Values.apiserver.service.port | toString) }}
{{- end }}
{{- end }}
{{/*
Create the name of the Files service to use
*/}}
{{- define "clearml.serviceFiles" -}}
{{- if .Values.ingress.enabled }}
{{- if .Values.ingress.files.tlsSecretName }}
{{- printf "%s%s" "https://" .Values.ingress.files.hostName }}
{{- else }}
{{- printf "%s%s" "http://" .Values.ingress.files.hostName }}
{{- end }}
{{- else }}
{{- printf "%s%s%s%s" "http://" (include "clearml.fullname" .) "-fileserver:" (.Values.fileserver.service.port | toString) }}
{{- end }}
{{- end }}
{{/*
Return the proper Docker Image Registry Secret Names
Create secret to access docker registry
*/}}
{{- define "imagePullSecret" }}
{{- printf "{\"auths\": {\"%s\": {\"auth\": \"%s\"}}}" .Values.imageCredentials.registry (printf "%s:%s" .Values.imageCredentials.username .Values.imageCredentials.password | b64enc) | b64enc }}
{{- with .Values.imageCredentials }}
{{- printf "{\"auths\":{\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}}}" .registry .username .password .email (printf "%s:%s" .username .password | b64enc) | b64enc }}
{{- end }}
{{- end }}
{{/*
Create readiness probe auth token
*/}}
{{- define "readinessProbeAuth" }}
{{- printf "%s:%s" .Values.clearml.readinessprobeKey .Values.clearml.readinessprobeSecret | b64enc }}
{{- end }}
{{/*
Elasticsearch Service name
*/}}
{{- define "elasticsearch.servicename" -}}
{{- if .Values.elasticsearch.enabled }}
{{- .Values.elasticsearch.clusterName }}-master
{{- else }}
{{- .Values.externalServices.elasticsearchHost }}
{{- end }}
{{- end }}
{{/*
Elasticsearch Service port
*/}}
{{- define "elasticsearch.serviceport" -}}
{{- if .Values.elasticsearch.enabled }}
{{- .Values.elasticsearch.httpPort }}
{{- else }}
{{- .Values.externalServices.elasticsearchPort }}
{{- end }}
{{- end }}
{{/*
MongoDB Comnnection string
*/}}
{{- define "mongodb.connectionstring" -}}
{{- if .Values.mongodb.enabled }}
{{- if eq .Values.mongodb.architecture "standalone" }}
{{- printf "%s%s%s" "mongodb://" .Release.Name "-mongodb:27017" }}
{{- else }}
{{- $connectionString := "mongodb://" }}
{{- range $i,$e := until (.Values.mongodb.replicaCount | int) }}
{{- $connectionString = printf "%s%s%s%s%s%s%s%s%s" $connectionString $.Release.Name "-mongodb-" ( $i | toString ) "." $.Release.Name "-mongodb-headless." $.Release.Namespace ".svc.cluster.local," }}
{{- end }}
{{- printf "%s" ( trimSuffix "," $connectionString ) }}
{{- end }}
{{- else }}
{{- .Values.externalServices.mongodbConnectionString }}
{{- end }}
{{- end }}
{{/*
Redis Service name
*/}}
{{- define "redis.servicename" -}}
{{- if .Values.redis.enabled }}
{{- tpl .Values.redis.master.name . }}
{{- else }}
{{- .Values.externalServices.redisHost }}
{{- end }}
{{- end }}
{{/*
Redis Service port
*/}}
{{- define "redis.serviceport" -}}
{{- if .Values.redis.enabled }}
{{- .Values.redis.master.port }}
{{- else }}
{{- .Values.externalServices.redisPort }}
{{- end }}
{{- end }}
{{/*
clientConfiguration string compose
*/}}
{{- define "clearml.clientConfiguration" -}}
{{- $clientConfiguration := "" }}
{{- if and (.Values.clearml.clientConfigurationApiUrl) .Values.clearml.clientConfigurationFilesUrl }}
{{- $clientConfiguration = "{\"apiServer\":\"{{ .Values.clearml.clientConfigurationApiUrl }}\",\"filesServer\":\"{{ .Values.clearml.clientConfigurationFilesUrl }}\"}" }}
{{- else if .Values.clearml.clientConfigurationApiUrl }}
{{- $clientConfiguration = "{\"apiServer\":\"{{ .Values.clearml.clientConfigurationApiUrl }}\"}" }}
{{- else if .Values.clearml.clientConfigurationFilesUrl }}
{{- $clientConfiguration = "{\"filesServer\":\"{{ .Values.clearml.clientConfigurationFilesUrl }}\"}" }}
{{- end }}
{{- $clientConfiguration }}
{{- end }}

15
charts/clearml/templates/apiserver-configmap.yaml Normal file
View File

@ -0,0 +1,15 @@
{{- if .Values.apiserver.enabled }}
{{- if .Values.apiserver.additionalConfigs }}
apiVersion: v1
kind: ConfigMap
metadata:
name: "{{ include "apiserver.referenceName" . }}-configmap"
labels:
{{- include "clearml.labels" . | nindent 4 }}
data:
{{- range $key, $val := .Values.apiserver.additionalConfigs }}
{{ $key }}: |
{{- $val | nindent 4 }}
{{- end }}
{{- end }}
{{- end }}

221
charts/clearml/templates/apiserver-deployment.yaml Normal file
View File

@ -0,0 +1,221 @@
{{- if .Values.apiserver.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "apiserver.referenceName" . }}
labels:
{{- include "clearml.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.apiserver.replicaCount }}
selector:
matchLabels:
{{- include "apiserver.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.apiserver.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "apiserver.selectorLabels" . | nindent 8 }}
spec:
{{- if .Values.imageCredentials.enabled }}
imagePullSecrets:
{{- if .Values.imageCredentials.existingSecret }}
- name: .Values.imageCredentials.existingSecret
{{- else }}
- name: clearml-registry-key
{{- end }}
{{- end }}
{{- if .Values.apiserver.additionalConfigs }}
volumes:
- name: apiserver-config
configMap:
name: "{{ include "apiserver.referenceName" . }}-configmap"
{{- end }}
initContainers:
- name: init-apiserver
image: "{{ .Values.apiserver.image.repository }}:{{ .Values.apiserver.image.tag | default .Chart.AppVersion }}"
command:
- /bin/sh
- -c
- >
set -x;
while [ $(curl -sw '%{http_code}' "http://{{ include "elasticsearch.servicename" . }}:{{ include "elasticsearch.serviceport" . }}/_cluster/health" -o /dev/null) -ne 200 ] ; do
echo "waiting for elasticsearch" ;
sleep 5 ;
done
containers:
- name: clearml-apiserver
image: "{{ .Values.apiserver.image.repository }}:{{ .Values.apiserver.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.apiserver.image.pullPolicy }}
ports:
- name: http
containerPort: 8008
protocol: TCP
env:
- name: CLEARML_ELASTIC_SERVICE_HOST
value: {{ include "elasticsearch.servicename" . }}
- name: CLEARML_ELASTIC_SERVICE_PORT
value: "{{ include "elasticsearch.serviceport" . }}"
- name: CLEARML_MONGODB_SERVICE_CONNECTION_STRING
value: {{ include "mongodb.connectionstring" . | quote }}
- name: CLEARML_REDIS_SERVICE_HOST
value: {{ include "redis.servicename" . }}
- name: CLEARML_REDIS_SERVICE_PORT
value: "{{ include "redis.serviceport" . }}"
- name: CLEARML_CONFIG_PATH
value: /opt/clearml/config/default
- name: CLEARML__apiserver__default_company
value: "{{ .Values.clearml.defaultCompany }}"
{{- if not (eq .Values.clearml.cookieDomain "") }}
- name: CLEARML__APISERVER__AUTH__SESSION_AUTH_COOKIE_NAME
value: {{ .Values.clearml.cookieName }}
- name: CLEARML__APISERVER__AUTH__COOKIES__DOMAIN
value: ".{{ .Values.clearml.cookieDomain }}"
{{- end }}
- name: CLEARML__secure__credentials__apiserver__user_key
valueFrom:
secretKeyRef:
name: clearml-conf
key: apiserver_key
- name: CLEARML__secure__credentials__apiserver__user_secret
valueFrom:
secretKeyRef:
name: clearml-conf
key: apiserver_secret
- name: CLEARML__secure__credentials__fileserver__user_key
valueFrom:
secretKeyRef:
name: clearml-conf
key: fileserver_key
- name: CLEARML__secure__credentials__fileserver__user_secret
valueFrom:
secretKeyRef:
name: clearml-conf
key: fileserver_secret
- name: CLEARML__secure__applications__agents_credentials__apps_agent__user_key
valueFrom:
secretKeyRef:
name: clearml-conf
key: apps_agent_key
- name: CLEARML__secure__applications__agents_credentials__apps_agent__user_secret
valueFrom:
secretKeyRef:
name: clearml-conf
key: apps_agent_secret
- name: CLEARML__secure__auth__token_secret
valueFrom:
secretKeyRef:
name: clearml-conf
key: secure_auth_token_secret
{{- if .Values.apiserver.prepopulateEnabled }}
- name: CLEARML__APISERVER__PRE_POPULATE__ENABLED
value: "true"
- name: CLEARML__APISERVER__PRE_POPULATE__ZIP_FILES
value: "/opt/clearml/db-pre-populate"
{{- end }}
{{- if .Values.enterpriseFeatures.enabled }}
- name: CLEARML__apiserver__default_company
value: "{{ .Values.enterpriseFeatures.defaultCompanyGuid }}"
- name: APPLY_ES_MAPPINGS
value: "false"
- name: CLEARML__HOSTS__ELASTIC__LOGS__HOSTS
value: "[\"http://{{ include "elasticsearch.servicename" . }}:{{ include "elasticsearch.serviceport" . }}\"]"
- name: NUMBER_OF_GUNICORN_WORKERS
value: "{{ .Values.apiserver.processes.count }}"
- name: GUNICORN_TIMEOUT
value: "{{ .Values.apiserver.processes.timeout }}"
- name: GUNICORN_MAX_REQUESTS
value: "{{ .Values.apiserver.processes.maxRequests }}"
- name: GUNICORN_MAX_REQUESTS_JITTER
value: "{{ .Values.apiserver.processes.maxRequestsJitter }}"
- name: CLEARML_CONFIG_VERBOSE
value: "0"
- name: CLEARML__SERVICES__APPLICATIONS__TEMPLATES__FOLDER
value: "/opt/allegro/config/applications"
- name: CLEARML__apiserver__apilog__prefix
value: "fluentd."
- name: CLEARML__apiserver__apilog__index_name_prefix__default
value: "allegro.apiserver.api-logs."
- name: CLEARML__apiserver__apilog__adapter
value: "logging"
- name: CLEARML__apiserver__apilog__rotation__index_size
value: "225000"
- name: CLEARML__services__tasks__non_responsive_tasks_watchdog__enabled
value: "false"
- name: CLEARML__APISERVER__AUTH__COOKIES__MAX_AGE
value: "2678400"
- name: CLEARML__services__frames__scroll_state_expiration_hours
value: "6"
- name: CLEARML__services__organization__features__applications
value: "true"
- name: CLEARML__services__organization__features__app_management
value: "true"
- name: CLEARML__SERVICES___ELASTIC__MAPPINGS__EVENTS__NUMBER_OF_REPLICAS
value: {{ .Values.apiserver.indexReplicas | quote }}
- name: CLEARML__SERVICES___ELASTIC__MAPPINGS__EVENTS__NUMBER_OF_SHARDS
value: {{ .Values.apiserver.indexShards | quote }}
- name: CLEARML__APISERVER__LOG_CALLS
value: "false"
- name: CLEARML_ENV
value: "onprem_k8s"
{{- else }}
- name: CLEARML__SECURE__CREDENTIALS__TESTS__USER_KEY
valueFrom:
secretKeyRef:
name: "clearml-conf"
key: test_user_key
- name: CLEARML__SECURE__CREDENTIALS__TESTS__USER_SECRET
valueFrom:
secretKeyRef:
name: "clearml-conf"
key: test_user_secret
- name: CLEARML_ENV
value: "helm-cloud"
{{- end }}
{{- if .Values.apiserver.extraEnvs }}
{{ toYaml .Values.apiserver.extraEnvs | nindent 10 }}
{{- end }}
{{- if not .Values.enterpriseFeatures.enabled }}
args:
- apiserver
{{- end }}
livenessProbe:
initialDelaySeconds: 60
httpGet:
path: /debug.ping
port: 8008
readinessProbe:
initialDelaySeconds: 60
failureThreshold: 8
httpGet:
{{- if .Values.enterpriseFeatures.enabled }}
path: /server.health_check
{{- else }}
path: /debug.ping
{{- end }}
port: 8008
httpHeaders:
- name: Authorization
value: Basic {{ include "readinessProbeAuth" . }}
{{- if .Values.apiserver.additionalConfigs }}
volumeMounts:
- name: apiserver-config
mountPath: /opt/clearml/config/default
{{- end }}
resources:
{{- toYaml .Values.apiserver.resources | nindent 12 }}
{{- with .Values.apiserver.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.apiserver.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.apiserver.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}

26
charts/clearml/templates/ingress-api.yaml → charts/clearml/templates/apiserver-ingress.yaml
View File

@ -1,4 +1,5 @@
{{- if .Values.ingress.api.enabled -}}
{{- if .Values.apiserver.enabled }}
{{- if .Values.apiserver.ingress.enabled }}
{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1
{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
@ -8,38 +9,39 @@ apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ include "clearml.fullname" . }}-api
name: {{ include "apiserver.referenceName" . }}
labels:
{{- include "clearml.labels" . | nindent 4 }}
{{- $annotations := .Values.ingress.annotations }}
{{- if .Values.ingress.api.annotations }}
{{- $annotations = mergeOverwrite $annotations .Values.ingress.api.annotations }}
{{- $annotations := .Values.apiserver.ingress.annotations }}
{{- if .Values.apiserver.ingress.annotations }}
{{- $annotations = mergeOverwrite $annotations .Values.apiserver.ingress.annotations }}
{{- end }}
annotations:
{{- toYaml $annotations | nindent 4 }}
spec:
{{- if .Values.ingress.api.tlsSecretName }}
{{- if .Values.apiserver.ingress.tlsSecretName }}
tls:
- hosts:
- {{ .Values.ingress.api.hostName }}
secretName: {{ .Values.ingress.api.tlsSecretName }}
- {{ .Values.apiserver.ingress.hostName }}
secretName: {{ .Values.apiserver.ingress.tlsSecretName }}
{{- end }}
rules:
- host: {{ .Values.ingress.api.hostName }}
- host: {{ .Values.apiserver.ingress.hostName }}
http:
paths:
- path: {{ .Values.ingress.api.path }}
- path: {{ .Values.apiserver.ingress.path }}
{{ if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion }}
pathType: Prefix
backend:
service:
name: {{ include "clearml.fullname" . }}-apiserver
name: {{ include "apiserver.referenceName" . }}
port:
number: {{ .Values.apiserver.service.port }}
{{ else }}
backend:
serviceName: {{ include "clearml.fullname" . }}-apiserver
serviceName: {{ include "apiserver.referenceName" . }}
servicePort: {{ .Values.apiserver.service.port }}
{{ end }}
{{- end }}
{{- end }}

10
charts/clearml/templates/service-apiserver.yaml → charts/clearml/templates/apiserver-service.yaml
View File

@ -1,7 +1,8 @@
{{- if .Values.apiserver.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ include "clearml.fullname" . }}-apiserver
name: {{ include "apiserver.referenceName" . }}
labels:
{{- include "clearml.labels" . | nindent 4 }}
spec:
@ -9,9 +10,10 @@ spec:
ports:
- port: {{ .Values.apiserver.service.port }}
targetPort: {{ .Values.apiserver.service.port }}
{{- if eq .Values.apiserver.service.type "NodePort" }}
{{- if eq .Values.apiserver.service.type "NodePort" }}
nodePort: {{ .Values.apiserver.service.nodePort }}
{{- end }}
{{- end }}
protocol: TCP
selector:
{{- include "clearml.selectorLabelsApiServer" . | nindent 4 }}
{{- include "apiserver.selectorLabels" . | nindent 4 }}
{{- end }}

120
charts/clearml/templates/apps-deployment.yaml Normal file
View File

@ -0,0 +1,120 @@
{{- if .Values.enterpriseFeatures.enabled }}
{{- if .Values.enterpriseFeatures.clearmlApplications.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "clearmlApplications.referenceName" . }}
labels:
{{- include "clearml.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.enterpriseFeatures.clearmlApplications.replicaCount }}
selector:
matchLabels:
{{- include "clearmlApplications.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.enterpriseFeatures.clearmlApplications.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "clearmlApplications.selectorLabels" . | nindent 8 }}
spec:
{{- if .Values.imageCredentials.enabled }}
imagePullSecrets:
{{- if .Values.imageCredentials.existingSecret }}
- name: .Values.imageCredentials.existingSecret
{{- else }}
- name: clearml-registry-key
{{- end }}
{{- end }}
{{- if .Values.enterpriseFeatures.clearmlApplications.additionalConfigs }}
volumes:
- name: apps-config
configMap:
name: "{{ include "clearmlApplications.referenceName" . }}-configmap"
{{- end }}
serviceAccountName: "clearml-apps-sa"
initContainers:
- name: init-apps
image: "{{ .Values.enterpriseFeatures.clearmlApplications.image.repository }}:{{ .Values.enterpriseFeatures.clearmlApplications.image.tag | default .Chart.AppVersion }}"
command:
- /bin/sh
- -c
- >
set -x;
while [ $(curl -sw '%{http_code}' "http://{{ include "apiserver.referenceName" . }}:{{ .Values.apiserver.service.port }}/debug.ping" -o /dev/null) -ne 200 ] ; do
echo "waiting for apiserver" ;
sleep 5 ;
done
containers:
- name: clearml-apps
image: "{{ .Values.enterpriseFeatures.clearmlApplications.image.repository }}:{{ .Values.enterpriseFeatures.clearmlApplications.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.enterpriseFeatures.clearmlApplications.image.pullPolicy }}
ports:
- name: http
containerPort: 8008
protocol: TCP
env:
- name: CLEARML_API_HOST
value: "http://{{ include "apiserver.referenceName" . }}:{{ .Values.apiserver.service.port }}"
- name: CLEARML_FILES_HOST
value: "http://{{ include "fileserver.referenceName" . }}:{{ .Values.fileserver.service.port }}"
- name: CLEARML_WEB_HOST
value: "http://{{ include "webserver.referenceName" . }}:{{ .Values.webserver.service.port }}"
- name: CLEARML_AGENT_DEFAULT_BASE_DOCKER
value: "{{ .Values.enterpriseFeatures.clearmlApplications.basePodImage.repository }}:{{ .Values.enterpriseFeatures.clearmlApplications.basePodImage.tag }}"
- name: CLEARML_WORKER_ID
value: "apps-agent-1"
- name: CLEARML_NO_DEFAULT_SERVER
value: "true"
- name: CLEARML_AGENT_DAEMON_OPTIONS
value: "--foreground --create-queue --use-owner-token --child-report-tags application --services-mode=5"
- name: K8S_GLUE_QUEUE
value: "apps_queue"
- name: CLEARML_AGENT_DISABLE_SSH_MOUNT
value: "1"
- name: CLEARML_API_ACCESS_KEY
valueFrom:
secretKeyRef:
name: clearml-conf
key: apps_agent_key
- name: CLEARML_API_SECRET_KEY
valueFrom:
secretKeyRef:
name: clearml-conf
key: apps_agent_secret
- name: CLEARML_AGENT_GIT_USER
valueFrom:
secretKeyRef:
name: clearml-conf
key: apps_git_agent_user
- name: CLEARML_AGENT_GIT_PASS
valueFrom:
secretKeyRef:
name: clearml-conf
key: apps_git_agent_pass
{{- if .Values.enterpriseFeatures.clearmlApplications.extraEnvs }}
{{ toYaml .Values.enterpriseFeatures.clearmlApplications.extraEnvs | nindent 10 }}
{{- end }}
{{- if .Values.enterpriseFeatures.clearmlApplications.additionalConfigs }}
volumeMounts:
- name: apps-config
mountPath: /opt/clearml/config/default
{{- end }}
resources:
{{- toYaml .Values.enterpriseFeatures.clearmlApplications.resources | nindent 12 }}
{{- with .Values.enterpriseFeatures.clearmlApplications.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.enterpriseFeatures.clearmlApplications.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.enterpriseFeatures.clearmlApplications.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
{{- end }}

58
charts/clearml/templates/apps-rbac.yaml Normal file
View File

@ -0,0 +1,58 @@
{{- if .Values.enterpriseFeatures.enabled }}
{{- if .Values.enterpriseFeatures.clearmlApplications.enabled }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: "clearml-apps-sa"
namespace: {{ .Release.Namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "clearmlApplications.referenceName" . }}-kpa
rules:
- apiGroups:
- ""
resources:
- pods
verbs: ["get", "list", "watch", "create", "patch", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "clearmlApplications.referenceName" . }}-kpa
subjects:
- kind: ServiceAccount
name: "clearml-apps-sa"
namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ include "clearmlApplications.referenceName" . }}-kpa
{{- else }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ include "clearmlApplications.referenceName" . }}-kpa
rules:
- apiGroups:
- ""
resources:
- pods
verbs: ["get", "list", "watch", "create", "patch", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ include "clearmlApplications.referenceName" . }}-kpa
subjects:
- kind: ServiceAccount
name: "clearml-apps-sa"
namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ include "clearmlApplications.referenceName" . }}-kpa
{{- end }}
{{- end }}

28
charts/clearml/templates/clearml-secrets.yaml Normal file
View File

@ -0,0 +1,28 @@
apiVersion: v1
kind: Secret
metadata:
name: clearml-conf
data:
apiserver_key: {{ .Values.clearml.apiserverKey | b64enc }}
apiserver_secret: {{ .Values.clearml.apiserverSecret | b64enc }}
fileserver_key: {{ .Values.clearml.fileserverKey | b64enc }}
fileserver_secret: {{ .Values.clearml.fileserverSecret | b64enc }}
apps_agent_key: {{ .Values.enterpriseFeatures.clearmlApplications.agentKey | b64enc }}
apps_agent_secret: {{ .Values.enterpriseFeatures.clearmlApplications.agentSecret | b64enc }}
secure_auth_token_secret: {{ .Values.clearml.secureAuthTokenSecret | b64enc }}
apps_git_agent_user: {{ .Values.enterpriseFeatures.clearmlApplications.gitAgentUser | b64enc }}
apps_git_agent_pass: {{ .Values.enterpriseFeatures.clearmlApplications.gitAgentPass | b64enc }}
test_user_key: {{ .Values.clearml.testUserKey | b64enc }}
test_user_secret: {{ .Values.clearml.testUserSecret | b64enc }}
---
{{- if .Values.imageCredentials.enabled }}
{{- if not .Values.imageCredentials.existingSecret }}
apiVersion: v1
kind: Secret
metadata:
name: clearml-registry-key
type: kubernetes.io/dockerconfigjson
data:
.dockerconfigjson: {{ template "imagePullSecret" . }}
{{- end }}
{{- end }}

13
charts/clearml/templates/configmap-apiserver.yaml
View File

@ -1,13 +0,0 @@
{{- if .Values.apiserver.configuration.additionalConfigs -}}
apiVersion: v1
kind: ConfigMap
metadata:
name: "{{ include "clearml.fullname" . }}-apiserver-configmap"
labels:
{{- include "clearml.labels" . | nindent 4 }}
data:
{{- range $key, $val := .Values.apiserver.configuration.additionalConfigs }}
{{ $key }}: |
{{- $val | nindent 4 }}
{{- end }}
{{- end -}}

13
charts/clearml/templates/configmap-webserver.yaml
View File

@ -1,13 +0,0 @@
{{- if .Values.webserver.additionalConfigs -}}
apiVersion: v1
kind: ConfigMap
metadata:
name: "{{ include "clearml.fullname" . }}-webserver-configmap"
labels:
{{- include "clearml.labels" . | nindent 4 }}
data:
{{- range $key, $val := .Values.webserver.additionalConfigs }}
{{ $key }}: |
{{- $val | nindent 4 }}
{{- end }}
{{- end -}}

165
charts/clearml/templates/deployment-apiserver.yaml
View File

@ -1,165 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "clearml.fullname" . }}-apiserver
labels:
{{- include "clearml.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.apiserver.replicaCount }}
selector:
matchLabels:
{{- include "clearml.selectorLabelsApiServer" . | nindent 6 }}
template:
metadata:
annotations:
checksum/secret: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }}
{{- with .Values.apiserver.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "clearml.selectorLabelsApiServer" . | nindent 8 }}
spec:
{{- if .Values.imageCredentials.enabled }}
imagePullSecrets:
{{- if .Values.imageCredentials.existingSecret }}
- name: {{ .Values.imageCredentials.existingSecret }}
{{- else }}
- name: clearml-agent-registry-key
{{- end }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.apiserver.image.repository }}:{{ .Values.apiserver.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.apiserver.image.pullPolicy }}
ports:
- name: http
containerPort: 8008
protocol: TCP
env:
- name: CLEARML_ELASTIC_SERVICE_HOST
{{- if .Values.elasticsearch.enabled }}
value: "{{ .Values.elasticsearch.clusterName }}-master"
{{- else }}
value: "{{ .Values.externalServices.elasticsearchHost }}"
{{- end }}
- name: CLEARML_ELASTIC_SERVICE_PORT
{{- if .Values.elasticsearch.enabled }}
value: "{{ .Values.elasticsearch.httpPort }}"
{{- else }}
value: "{{ .Values.externalServices.elasticsearchPort }}"
{{- end }}
- name: CLEARML_MONGODB_SERVICE_HOST
{{- if .Values.mongodb.enabled }}
value: "{{ tpl .Values.mongodb.service.name . }}"
{{- else }}
value: "{{ .Values.externalServices.mongodbHost }}"
{{- end }}
- name: CLEARML_MONGODB_SERVICE_PORT
{{- if .Values.mongodb.enabled }}
value: "{{ .Values.mongodb.service.port }}"
{{- else }}
value: "{{ .Values.externalServices.mongodbPort }}"
{{- end }}
- name: CLEARML_REDIS_SERVICE_HOST
{{- if .Values.redis.enabled }}
value: "{{ tpl .Values.redis.master.name . }}"
{{- else }}
value: "{{ .Values.externalServices.redisHost }}"
{{- end }}
- name: CLEARML_REDIS_SERVICE_PORT
{{- if .Values.redis.enabled }}
value: "{{ .Values.redis.master.port }}"
{{- else }}
value: "{{ .Values.externalServices.redisPort }}"
{{- end }}
- name: CLEARML__APISERVER__PRE_POPULATE__ENABLED
value: "{{ .Values.apiserver.prepopulateEnabled }}"
- name: CLEARML__APISERVER__PRE_POPULATE__ZIP_FILES
value: "{{ .Values.apiserver.prepopulateZipFiles }}"
- name: CLEARML_SERVER_DEPLOYMENT_TYPE
value: "helm-cloud"
- name: CLEARML__APISERVER__AUTH__COOKIES__MAX_AGE
value: "{{ .Values.apiserver.authCookiesMaxAge }}"
- name: CLEARML_CONFIG_DIR
value: /opt/clearml/config
- name: CLEARML__APISERVER__DEFAULT_COMPANY
value: {{ .Values.clearml.defaultCompany }}
- name: CLEARML__SECURE__HTTP__SESSION_SECRET__APISERVER
valueFrom:
secretKeyRef:
name: {{ default "clearml-conf" .Values.secret.existingSecret }}
key: http_session
- name: CLEARML__SECURE__AUTH__TOKEN_SECRET
valueFrom:
secretKeyRef:
name: {{ default "clearml-conf" .Values.secret.existingSecret }}
key: auth_token
- name: CLEARML__SECURE__CREDENTIALS__APISERVER__USER_KEY
valueFrom:
secretKeyRef:
name: {{ default "clearml-conf" .Values.secret.existingSecret }}
key: apiserver_key
- name: CLEARML__SECURE__CREDENTIALS__APISERVER__USER_SECRET
valueFrom:
secretKeyRef:
name: {{ default "clearml-conf" .Values.secret.existingSecret }}
key: apiserver_secret
- name: CLEARML__SECURE__CREDENTIALS__TESTS__USER_KEY
valueFrom:
secretKeyRef:
name: {{ default "clearml-conf" .Values.secret.existingSecret }}
key: tests_user_key
- name: CLEARML__SECURE__CREDENTIALS__TESTS__USER_SECRET
valueFrom:
secretKeyRef:
name: {{ default "clearml-conf" .Values.secret.existingSecret }}
key: tests_user_secret
{{- if .Values.apiserver.extraEnvs }}
{{ toYaml .Values.apiserver.extraEnvs | nindent 10 }}
{{- end }}
args:
- apiserver
livenessProbe:
initialDelaySeconds: {{ .Values.apiserver.livenessDelay }}
httpGet:
path: /debug.ping
port: 8008
readinessProbe:
initialDelaySeconds: {{ .Values.apiserver.readinessDelay }}
failureThreshold: 8
httpGet:
path: /debug.ping
port: 8008
{{- if or .Values.apiserver.configuration.additionalConfigs .Values.apiserver.configuration.configRefName .Values.apiserver.configuration.secretRefName }}
volumeMounts:
- name: apiserver-config
mountPath: /opt/clearml/config
{{- end }}
resources:
{{- toYaml .Values.apiserver.resources | nindent 12 }}
{{- if or .Values.apiserver.configuration.additionalConfigs .Values.apiserver.configuration.configRefName .Values.apiserver.configuration.secretRefName }}
volumes:
- name: apiserver-config
{{- if or .Values.apiserver.configuration.configRefName }}
configMap:
name: {{ .Values.apiserver.configuration.configRefName }}
{{- else if or .Values.apiserver.configuration.secretRefName }}
secret:
secretName: {{ .Values.apiserver.configuration.secretRefName }}
{{- else if or .Values.apiserver.configuration.additionalConfigs }}
configMap:
name: "{{ include "clearml.fullname" . }}-apiserver-configmap"
{{- end }}
{{- end }}
{{- with .Values.apiserver.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.apiserver.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.apiserver.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}

83
charts/clearml/templates/deployment-webserver.yaml
View File

@ -1,83 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "clearml.fullname" . }}-webserver
labels:
{{- include "clearml.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.webserver.replicaCount }}
selector:
matchLabels:
{{- include "clearml.selectorLabelsWebServer" . | nindent 6 }}
template:
metadata:
{{- with .Values.webserver.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "clearml.selectorLabelsWebServer" . | nindent 8 }}
spec:
{{- if .Values.imageCredentials.enabled }}
imagePullSecrets:
{{- if .Values.imageCredentials.existingSecret }}
- name: {{ .Values.imageCredentials.existingSecret }}
{{- else }}
- name: clearml-agent-registry-key
{{- end }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.webserver.image.repository }}:{{ .Values.webserver.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.webserver.image.pullPolicy }}
ports:
- name: http
containerPort: 80
protocol: TCP
livenessProbe:
exec:
command:
- curl
- -X OPTIONS
- http://0.0.0.0:80/
readinessProbe:
exec:
command:
- curl
- -X OPTIONS
- http://0.0.0.0:80/
{{- if .Values.webserver.additionalConfigs }}
volumeMounts:
- name: webserver-config
mountPath: /opt/clearml/config
{{- end }}
env:
- name: NGINX_APISERVER_ADDRESS
value: "http://{{ include "clearml.fullname" . }}-apiserver:{{ .Values.apiserver.service.port }}"
- name: NGINX_FILESERVER_ADDRESS
value: "http://{{ include "clearml.fullname" . }}-fileserver:{{ .Values.fileserver.service.port }}"
{{- if .Values.webserver.extraEnvs }}
{{ toYaml .Values.webserver.extraEnvs | nindent 10 }}
{{- end }}
args:
- webserver
resources:
{{- toYaml .Values.webserver.resources | nindent 12 }}
{{- if .Values.webserver.additionalConfigs }}
volumes:
- name: webserver-config
configMap:
name: "{{ include "clearml.fullname" . }}-webserver-configmap"
{{- end }}
{{- with .Values.webserver.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.webserver.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.webserver.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}

58
charts/clearml/templates/deployment-fileserver.yaml → charts/clearml/templates/fileserver-deployment.yaml
View File

@ -1,14 +1,15 @@
{{- if .Values.fileserver.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "clearml.fullname" . }}-fileserver
name: {{ include "fileserver.referenceName" . }}
labels:
{{- include "clearml.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.fileserver.replicaCount }}
selector:
matchLabels:
{{- include "clearml.selectorLabelsFileServer" . | nindent 6 }}
{{- include "fileserver.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.fileserver.podAnnotations }}
@ -16,22 +17,34 @@ spec:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "clearml.selectorLabelsFileServer" . | nindent 8 }}
{{- include "fileserver.selectorLabels" . | nindent 8 }}
spec:
volumes:
- name: fileserver-data
persistentVolumeClaim:
claimName: {{ include "clearml.fullname" . }}-fileserver-data
{{- if .Values.imageCredentials.enabled }}
imagePullSecrets:
{{- if .Values.imageCredentials.existingSecret }}
- name: {{ .Values.imageCredentials.existingSecret }}
- name: .Values.imageCredentials.existingSecret
{{- else }}
- name: clearml-agent-registry-key
- name: clearml-registry-key
{{- end }}
{{- end }}
volumes:
- name: fileserver-data
persistentVolumeClaim:
claimName: {{ include "fileserver.referenceName" . }}-data
initContainers:
- name: init-fileserver
image: "{{ .Values.fileserver.image.repository }}:{{ .Values.fileserver.image.tag | default .Chart.AppVersion }}"
command:
- /bin/sh
- -c
- >
set -x;
while [ $(curl -sw '%{http_code}' "http://{{ include "apiserver.referenceName" . }}:{{ .Values.apiserver.service.port }}/debug.ping" -o /dev/null) -ne 200 ] ; do
echo "waiting for apiserver" ;
sleep 5 ;
done
containers:
- name: {{ .Chart.Name }}
- name: clearml-fileserver
image: "{{ .Values.fileserver.image.repository }}:{{ .Values.fileserver.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.fileserver.image.pullPolicy }}
ports:
@ -39,13 +52,33 @@ spec:
containerPort: 8081
protocol: TCP
env:
- name: CLEARML_CONFIG_DIR
value: /opt/clearml/config
- name: CLEARML__HOSTS__API_SERVER
value: "http://{{ include "apiserver.referenceName" . }}:{{ .Values.apiserver.service.port }}"
- name: CLEARML_REDIS_SERVICE_HOST
value: {{ include "redis.servicename" . }}
- name: CLEARML_REDIS_SERVICE_PORT
value: "{{ include "redis.serviceport" . }}"
{{- if not (eq .Values.clearml.cookieDomain "") }}
- name: CLEARML__FILESERVER__AUTH__COOKIE_NAMES
value: "[ {{ .Values.clearml.cookieName }} ]"
{{- end }}
- name: USER_KEY
valueFrom:
secretKeyRef:
name: clearml-conf
key: fileserver_key
- name: USER_SECRET
valueFrom:
secretKeyRef:
name: clearml-conf
key: fileserver_secret
{{- if .Values.fileserver.extraEnvs }}
{{ toYaml .Values.fileserver.extraEnvs | nindent 10 }}
{{- end }}
{{- if not .Values.enterpriseFeatures.enabled }}
args:
- fileserver
{{- end }}
livenessProbe:
exec:
command:
@ -75,3 +108,4 @@ spec:
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}

26
charts/clearml/templates/ingress-files.yaml → charts/clearml/templates/fileserver-ingress.yaml
View File

@ -1,4 +1,5 @@
{{- if .Values.ingress.files.enabled -}}
{{- if .Values.fileserver.enabled }}
{{- if .Values.fileserver.ingress.enabled }}
{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1
{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
@ -8,37 +9,38 @@ apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ include "clearml.fullname" . }}-files
name: {{ include "fileserver.referenceName" . }}
labels:
{{- include "clearml.labels" . | nindent 4 }}
{{- $annotations := .Values.ingress.annotations }}
{{- if .Values.ingress.files.annotations }}
{{- $annotations = mergeOverwrite $annotations .Values.ingress.files.annotations }}
{{- $annotations := .Values.fileserver.ingress.annotations }}
{{- if .Values.fileserver.ingress.annotations }}
{{- $annotations = mergeOverwrite $annotations .Values.fileserver.ingress.annotations }}
{{- end }}
annotations:
{{- toYaml $annotations | nindent 4 }}
spec:
{{- if .Values.ingress.files.tlsSecretName }}
{{- if .Values.fileserver.ingress.tlsSecretName }}
tls:
- hosts:
- {{ .Values.ingress.files.hostName }}
secretName: {{ .Values.ingress.files.tlsSecretName }}
- {{ .Values.fileserver.ingress.hostName }}
secretName: {{ .Values.fileserver.ingress.tlsSecretName }}
{{- end }}
rules:
- host: {{ .Values.ingress.files.hostName }}
- host: {{ .Values.fileserver.ingress.hostName }}
http:
paths:
- path: {{ .Values.ingress.files.path }}
- path: {{ .Values.fileserver.ingress.path }}
{{ if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion }}
pathType: Prefix
backend:
service:
name: {{ include "clearml.fullname" . }}-fileserver
name: {{ include "fileserver.referenceName" . }}
port:
number: {{ .Values.fileserver.service.port }}
{{ else }}
backend:
serviceName: {{ include "clearml.fullname" . }}-fileserver
serviceName: {{ include "fileserver.referenceName" . }}
servicePort: {{ .Values.fileserver.service.port }}
{{ end }}
{{- end }}
{{- end }}

9
charts/clearml/templates/pvc-fileserver.yaml → charts/clearml/templates/fileserver-pvc.yaml
View File

@ -1,16 +1,17 @@
{{- if .Values.fileserver.enabled }}
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ include "clearml.fullname" . }}-fileserver-data
name: {{ include "fileserver.referenceName" . }}-data
labels:
{{- include "clearml.labels" . | nindent 4 }}
spec:
accessModes:
- ReadWriteOnce
- {{ .Values.fileserver.storage.data.accessMode }}
resources:
requests:
storage: {{ .Values.fileserver.storage.data.size | quote }}
{{- if .Values.fileserver.storage.data.class }}
{{- if .Values.fileserver.storage.data.class -}}
storageClassName: {{ .Values.fileserver.storage.data.class | quote }}
{{- end -}}
{{- end }}

12
charts/clearml/templates/service-fileserver.yaml → charts/clearml/templates/fileserver-service.yaml
View File

@ -1,17 +1,19 @@
{{- if .Values.fileserver.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ include "clearml.fullname" . }}-fileserver
name: {{ include "fileserver.referenceName" . }}
labels:
{{- include "clearml.labels" . | nindent 4 }}
spec:
type: {{ .Values.fileserver.service.type }}
ports:
- port: {{ .Values.fileserver.service.port }}
targetPort: {{ .Values.fileserver.service.port }}
{{- if eq .Values.fileserver.service.type "NodePort" }}
targetPort: 8081
{{- if eq .Values.fileserver.service.type "NodePort" }}
nodePort: {{ .Values.fileserver.service.nodePort }}
{{- end }}
{{- end }}
protocol: TCP
selector:
{{- include "clearml.selectorLabelsFileServer" . | nindent 4 }}
{{- include "fileserver.selectorLabels" . | nindent 4 }}
{{- end }}

9
charts/clearml/templates/imagePullSecret.yaml
View File

@ -1,9 +0,0 @@
{{- if .Values.imageCredentials.enabled -}}
apiVersion: v1
kind: Secret
metadata:
name: clearml-agent-registry-key
type: kubernetes.io/dockerconfigjson
data:
.dockerconfigjson: {{ template "imagePullSecret" . }}
{{- end }}

13
charts/clearml/templates/secrets.yaml
View File

@ -1,13 +0,0 @@
{{- if not .Values.secret.existingSecret }}
apiVersion: v1
kind: Secret
metadata:
name: clearml-conf
stringData:
apiserver_key: {{ .Values.secret.credentials.apiserver.accessKey }}
apiserver_secret: {{ .Values.secret.credentials.apiserver.secretKey }}
http_session: {{ .Values.secret.httpSession }}
auth_token: {{ .Values.secret.authToken }}
tests_user_key: {{ .Values.secret.credentials.tests.accessKey }}
tests_user_secret: {{ .Values.secret.credentials.tests.secretKey }}
{{- end }}

17
charts/clearml/templates/service-webserver.yaml
View File

@ -1,17 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "clearml.fullname" . }}-webserver
labels:
{{- include "clearml.labels" . | nindent 4 }}
spec:
type: {{ .Values.webserver.service.type }}
ports:
- port: {{ .Values.webserver.service.port }}
targetPort: {{ .Values.webserver.service.port }}
{{- if eq .Values.webserver.service.type "NodePort" }}
nodePort: {{ .Values.webserver.service.nodePort }}
{{- end }}
protocol: TCP
selector:
{{- include "clearml.selectorLabelsWebServer" . | nindent 4 }}

31
charts/clearml/templates/webserver-configmap.yaml Normal file
View File

@ -0,0 +1,31 @@
{{- if .Values.webserver.enabled }}
apiVersion: v1
kind: ConfigMap
metadata:
name: "{{ include "webserver.referenceName" . }}-configmap"
labels:
{{- include "clearml.labels" . | nindent 4 }}
data:
{{- if .Values.enterpriseFeatures.enabled }}
configuration.json: |
{
"gettingStartedContext": {
"install":"pip install -U --extra-index-url {{ .Values.enterpriseFeatures.extraIndexUrl }} allegroai",
"configure": "allegroai-init",
"packageName": "allegroai",
"agentName": "allegroai"
},
"docsLink": "https://clear.ml/docs/",
"applicationsBackground": "ui-assets/apps-message.svg"
{{- if and .Values.webserver.overrideReferenceApiUrl .Values.enterpriseFeatures.overrideReferenceFileUrl }}
,
"fileBaseUrl": "{{ .Values.enterpriseFeatures.overrideReferenceFileUrl }}",
"apiBaseUrl": "{{ .Values.enterpriseFeatures.overrideReferenceApiUrl }}"
{{- end }}
}
{{- end }}
{{- range $key, $val := .Values.webserver.additionalConfigs }}
{{ $key }}: |
{{- $val | nindent 4 }}
{{- end }}
{{- end -}}

156
charts/clearml/templates/webserver-deployment.yaml Normal file
View File

@ -0,0 +1,156 @@
{{- if .Values.webserver.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "webserver.referenceName" . }}
labels:
{{- include "clearml.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.webserver.replicaCount }}
selector:
matchLabels:
{{- include "webserver.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.webserver.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "webserver.selectorLabels" . | nindent 8 }}
spec:
{{- if .Values.imageCredentials.enabled }}
imagePullSecrets:
{{- if .Values.imageCredentials.existingSecret }}
- name: .Values.imageCredentials.existingSecret
{{- else }}
- name: clearml-registry-key
{{- end }}
{{- end }}
volumes:
- name: webserver-config
configMap:
name: "{{ include "webserver.referenceName" . }}-configmap"
{{- if .Values.enterpriseFeatures.airGappedDocumentation.enabled }}
- name: documentation
emptyDir: {}
{{- end }}
initContainers:
{{- if .Values.enterpriseFeatures.airGappedDocumentation.enabled }}
- name: init-airgap-docs
image: "{{ .Values.enterpriseFeatures.airGappedDocumentation.image.repository }}:{{ .Values.enterpriseFeatures.airGappedDocumentation.image.tag | default .Chart.AppVersion }}"
command:
- /bin/sh
- -c
- cp -a /docs_site/* /usr/share/nginx/html/clearml
volumeMounts:
- name: webserver-config
mountPath: /mnt/external_files/configs
{{- if .Values.enterpriseFeatures.airGappedDocumentation.enabled }}
- mountPath: /usr/share/nginx/html/clearml
name: documentation
{{- end }}
{{- end }}
- name: init-webserver
image: "{{ .Values.webserver.image.repository }}:{{ .Values.webserver.image.tag | default .Chart.AppVersion }}"
command:
- /bin/sh
- -c
- >
set -x;
while [ $(curl -sw '%{http_code}' "http://{{ include "apiserver.referenceName" . }}:{{ .Values.apiserver.service.port }}/debug.ping" -o /dev/null) -ne 200 ] ; do
echo "waiting for apiserver" ;
sleep 5 ;
done
containers:
- name: clearml-webserver
image: "{{ .Values.webserver.image.repository }}:{{ .Values.webserver.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.webserver.image.pullPolicy }}
ports:
- name: http
{{- if .Values.enterpriseFeatures.enabled }}
containerPort: 8080
{{- else }}
containerPort: 80
{{- end }}
protocol: TCP
livenessProbe:
exec:
command:
- curl
- -X OPTIONS
{{- if .Values.enterpriseFeatures.enabled }}
- http://localhost:8080/
{{- else }}
- http://localhost:80/
{{- end }}
readinessProbe:
exec:
command:
- curl
- -X OPTIONS
{{- if .Values.enterpriseFeatures.enabled }}
- http://localhost:8080/
{{- else }}
- http://localhost:80/
{{- end }}
env:
- name: NGINX_APISERVER_ADDRESS
value: "http://{{ include "apiserver.referenceName" . }}:{{ .Values.apiserver.service.port }}"
- name: NGINX_FILESERVER_ADDRESS
value: "http://{{ include "fileserver.referenceName" . }}:{{ .Values.fileserver.service.port }}"
{{- if .Values.enterpriseFeatures.enabled }}
{{- if .Values.enterpriseFeatures.airGappedDocumentation.enabled }}
- name: WEBSERVER__docsLink
value: "\"clearml/docs/\""
{{- end }}
- name: COMPANY_ID
value: "{{ .Values.clearml.defaultCompany }}"
- name: WEBSERVER__appsYouTubeIntroLink
value: "\"https://www.youtube.com/embed/HACL60h1Z54\""
- name: WEBSERVER__appsYouTubeIntroVideoId
value: "\"HACL60h1Z54\""
- name: USER_KEY
valueFrom:
secretKeyRef:
name: clearml-conf
key: apiserver_key
- name: USER_SECRET
valueFrom:
secretKeyRef:
name: clearml-conf
key: apiserver_secret
{{- end }}
{{- if include "clearml.clientConfiguration" . }}
- name: WEBSERVER__displayedServerUrls
value: {{ include "clearml.clientConfiguration" . | quote }}
{{- end }}
{{- if .Values.webserver.extraEnvs }}
{{ toYaml .Values.webserver.extraEnvs | nindent 10 }}
{{- end }}
{{- if not .Values.enterpriseFeatures.enabled }}
args:
- webserver
{{- end }}
volumeMounts:
- name: webserver-config
mountPath: /mnt/external_files/configs
{{- if .Values.enterpriseFeatures.airGappedDocumentation.enabled }}
- mountPath: /usr/share/nginx/html/clearml
name: documentation
{{- end }}
resources:
{{- toYaml .Values.webserver.resources | nindent 12 }}
{{- with .Values.webserver.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.webserver.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.webserver.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}

26
charts/clearml/templates/ingress-app.yaml → charts/clearml/templates/webserver-ingress.yaml
View File

@ -1,4 +1,5 @@
{{- if .Values.ingress.app.enabled -}}
{{- if .Values.webserver.enabled }}
{{- if .Values.webserver.ingress.enabled }}
{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1
{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
@ -8,37 +9,38 @@ apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ include "clearml.fullname" . }}-app
name: {{ include "webserver.referenceName" . }}
labels:
{{- include "clearml.labels" . | nindent 4 }}
{{- $annotations := .Values.ingress.annotations }}
{{- if .Values.ingress.app.annotations }}
{{- $annotations = mergeOverwrite $annotations .Values.ingress.app.annotations }}
{{- $annotations := .Values.webserver.ingress.annotations }}
{{- if .Values.webserver.ingress.annotations }}
{{- $annotations = mergeOverwrite $annotations .Values.webserver.ingress.annotations }}
{{- end }}
annotations:
{{- toYaml $annotations | nindent 4 }}
spec:
{{- if .Values.ingress.app.tlsSecretName }}
{{- if .Values.webserver.ingress.tlsSecretName }}
tls:
- hosts:
- {{ .Values.ingress.app.hostName }}
secretName: {{ .Values.ingress.app.tlsSecretName }}
- {{ .Values.webserver.ingress.hostName }}
secretName: {{ .Values.webserver.ingress.tlsSecretName }}
{{- end }}
rules:
- host: {{ .Values.ingress.app.hostName }}
- host: {{ .Values.webserver.ingress.hostName }}
http:
paths:
- path: {{ .Values.ingress.app.path }}
- path: {{ .Values.webserver.ingress.path }}
{{ if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion }}
pathType: Prefix
backend:
service:
name: {{ include "clearml.fullname" . }}-webserver
name: {{ include "webserver.referenceName" . }}
port:
number: {{ .Values.webserver.service.port }}
{{ else }}
backend:
serviceName: {{ include "clearml.fullname" . }}-webserver
serviceName: {{ include "webserver.referenceName" . }}
servicePort: {{ .Values.webserver.service.port }}
{{ end }}
{{- end }}
{{- end }}

23
charts/clearml/templates/webserver-service.yaml Normal file
View File

@ -0,0 +1,23 @@
{{- if .Values.webserver.enabled -}}
apiVersion: v1
kind: Service
metadata:
name: {{ include "webserver.referenceName" . }}
labels:
{{- include "clearml.labels" . | nindent 4 }}
spec:
type: {{ .Values.webserver.service.type }}
ports:
- port: {{ .Values.webserver.service.port }}
{{- if .Values.enterpriseFeatures.enabled }}
targetPort: 8080
{{- else }}
targetPort: 80
{{- end }}
{{- if eq .Values.webserver.service.type "NodePort" }}
nodePort: {{ .Values.webserver.service.nodePort }}
{{- end }}
protocol: TCP
selector:
{{- include "webserver.selectorLabels" . | nindent 4 }}
{{- end }}

29
charts/clearml/values-production.yaml Executable file
View File

@ -0,0 +1,29 @@
apiserver:
service:
type: ClusterIP
ingress:
enabled: true
hostName: "api.clearml.127-0-0-1.nip.io"
fileserver:
service:
type: ClusterIP
ingress:
enabled: true
hostName: "files.clearml.127-0-0-1.nip.io"
webserver:
service:
type: ClusterIP
ingress:
enabled: true
hostName: "app.clearml.127-0-0-1.nip.io"
mongodb:
enabled: true
architecture: replicaset
replicaCount: 3
arbiter:
enabled: false
pdb:
create: true
podAntiAffinityPreset: soft
elasticsearch:
replicas: 3

470
charts/clearml/values.yaml Executable file → Normal file
View File

@ -1,4 +1,4 @@
# -- Private image registry configuration
# -- Container registry configuration
imageCredentials:
# -- Use private authentication mode
enabled: false
@ -15,230 +15,256 @@ imageCredentials:
# -- ClearMl generic configurations
clearml:
# -- Name fo the UI cookie
cookieName: "clearml-token-k8s"
# -- Cookie domain to be left empty if not exposed with an ingress
cookieDomain: ""
# -- Company name
defaultCompany: "d1bd92a3b039400cbafc60a7a5b1e52b"
ingress:
name: clearml-server-ingress
annotations: {}
app:
enabled: false
hostName: "app.clearml.127-0-0-1.nip.io"
tlsSecretName: ""
annotations: {}
path: "/"
api:
enabled: false
hostName: "api.clearml.127-0-0-1.nip.io"
tlsSecretName: ""
annotations: {}
path: "/"
files:
enabled: false
hostName: "files.clearml.127-0-0-1.nip.io"
tlsSecretName: ""
annotations: {}
path: "/"
secret:
# -- If this is set, chart will not generate a secret but will use what is defined here
existingSecret: ""
# -- Set for http_session field
httpSession: "9Tw20RbhJ1bLBiHEOWXvhplKGUbTgLzAtwFN2oLQvWwS0uRpD5"
# -- Set for auth_token field
authToken: "1SCf0ov3Nm544Td2oZ0gXSrsNx5XhMWdVlKz1tOgcx158bD5RV"
credentials:
apiserver:
# -- Set for apiserver_key field
accessKey: "5442F3443MJMORWZA3ZH"
# -- Set for apiserver_secret field
secretKey: "BxapIRo9ZINi8x25CRxz8Wdmr2pQjzuWVB4PNASZqCtTyWgWVQ"
tests:
# -- Set for tests_user_key field
accessKey: "ENP39EQM4SLACGD5FXB7"
# -- Set for tests_user_secret field
secretKey: "lPcm0imbcBZ8mwgO7tpadutiS3gnJD05x9j7afwXPS35IKbpiQ"
# -- Api Server basic auth key
apiserverKey: GGS9F4M6XB2DXJ5AFT9F
# -- Api Server basic auth secret
apiserverSecret: 2oGujVFhPfaozhpuz2GzQfA5OyxmMsR3WVJpsCR5hrgHFs20PO
# -- File Server basic auth key
fileserverKey: XXCRJ123CEE2KSQ068WO
# -- File Server basic auth secret
fileserverSecret: YIy8EVAC7QCT4FtgitxAQGyW7xRHDZ4jpYlTE7HKiscpORl1hG
# -- Readiness probe basic auth key
readinessprobeKey: GK4PRTVT3706T25K6BA1
# -- Readiness probe basic auth secret
readinessprobeSecret: ymLh1ok5k5xNUQfS944Xdx9xjf0wueokqKM2dMZfHuH9ayItG2
# -- Secure Auth secret
secureAuthTokenSecret: ymLh1ok5k5xNUQfS944Xdx9xjf0wueokqKM2dMZfHuH9ayItG2
# -- Test Server basic auth key
testUserKey: "ENP39EQM4SLACGD5FXB7"
# -- Test File Server basic auth secret
testUserSecret: "lPcm0imbcBZ8mwgO7tpadutiS3gnJD05x9j7afwXPS35IKbpiQ"
# -- Override the API Urls displayed when showing an example of the SDK's clearml.conf configuration
clientConfigurationApiUrl: ""
# -- Override the Files Urls displayed when showing an example of the SDK's clearml.conf configuration
clientConfigurationFilesUrl: ""
# -- Api Server configurations
apiserver:
prepopulateEnabled: "true"
prepopulateZipFiles: "/opt/clearml/db-pre-populate"
prepopulateArtifactsPath: "/mnt/fileserver"
configDir: /opt/clearml/config
# -- Amount of seconds the authorization cookie will last in user browser
authCookiesMaxAge: 864000
# -- Enable/Disable component deployment
enabled: true
# -- Enable/Disable example data load
prepopulateEnabled: true
# -- Api Server image configuration
image:
repository: "allegroai/clearml"
pullPolicy: IfNotPresent
tag: "1.9.1-312"
# -- Api Server internal service configuration
service:
# -- This will set to service's spec.type field
type: NodePort
port: 8008
# -- If service.type set to NodePort, this will be set to service's nodePort field.
# If service.type is set to others, this field will be ignored
nodePort: 30008
livenessDelay: 60
readinessDelay: 60
# -- Api Server number of pods
replicaCount: 1
# -- Ingress configuration for Api Server component
ingress:
# -- Enable/Disable ingress
enabled: false
# -- Ingress hostname domain
hostName: "api.clearml.127-0-0-1.nip.io"
# -- Reference to secret containing TLS certificate. If set, it enables HTTPS on ingress rule.
tlsSecretName: ""
# -- Ingress annotations
annotations: {}
# -- Ingress root path url
path: "/"
# -- Api Server internal processes configuration
processes:
# -- Api Server internal listing processes
count: 8
# -- Api timeout (ms)
timeout: 24000
# -- Api Server maximum number of concurrent requests
maxRequests: 1000
# -- Api Server max jitter on api request
maxRequestsJitter: 300
# -- Api Server extra envrinoment variables
extraEnvs: []
# -- Number of additional replicas in Elasticsearch indexes
indexReplicas: 0
# -- Number of shards in Elasticsearch indexes
indexShards: 1
# -- specific annotation for Api Server pods
podAnnotations: {}
# -- Api Server resources per pod; these are minimal requirements, it's suggested to increase
# these values in production environments
resources:
requests:
cpu: 100m
memory: 256Mi
limits:
cpu: 2000m
memory: 1Gi
# -- Api Server nodeselector
nodeSelector: {}
# -- Api Server tolerations setup
tolerations: []
# -- Api Server affinity setup
affinity: {}
# -- files declared in this parameter will be mounted and read by apiserver (examples in values.yaml)
additionalConfigs: {}
# services.conf: |
# tasks {
# non_responsive_tasks_watchdog {
# # In-progress tasks that haven't been updated for at least 'value' seconds will be stopped by the watchdog
# threshold_sec: 21000
# # Watchdog will sleep for this number of seconds after each cycle
# watch_interval_sec: 900
# }
# }
# apiserver.conf: |
# auth {
# fixed_users {
# enabled: true
# pass_hashed: false
# users: [
# {
# username: "jane"
# password: "12345678"
# name: "Jane Doe"
# },
# {
# username: "john"
# password: "12345678"
# name: "John Doe"
# },
# ]
# }
# }
# -- File Server configurations
fileserver:
# -- Enable/Disable component deployment
enabled: true
# -- File Server image configuration
image:
repository: "allegroai/clearml"
pullPolicy: IfNotPresent
tag: "1.8.0"
extraEnvs: []
podAnnotations: {}
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
nodeSelector: {}
tolerations: []
affinity: {}
# -- additional configurations that can be used by api server; check examples in values.yaml file
configuration:
configRefName: ""
secretRefName: ""
additionalConfigs: {}
# services.conf: |
# tasks {
# non_responsive_tasks_watchdog {
# # In-progress tasks that haven't been updated for at least 'value' seconds will be stopped by the watchdog
# threshold_sec: 21000
# # Watchdog will sleep for this number of seconds after each cycle
# watch_interval_sec: 900
# }
# }
# apiserver.conf: |
# auth {
# fixed_users {
# enabled: true
# pass_hashed: false
# users: [
# {
# username: "jane"
# password: "12345678"
# name: "Jane Doe"
# },
# {
# username: "john"
# password: "12345678"
# name: "John Doe"
# },
# ]
# }
# }
fileserver:
tag: "1.9.1-312"
# -- File Server internal service configuration
service:
# -- This will set to service's spec.type field
type: NodePort
port: 8081
# -- If service.type set to NodePort, this will be set to service's nodePort field.
# If service.type is set to others, this field will be ignored
nodePort: 30081
# -- File Server number of pods
replicaCount: 1
# -- Ingress configuration for File Server component
ingress:
# -- Enable/Disable ingress
enabled: false
# -- Ingress hostname domain
hostName: "files.clearml.127-0-0-1.nip.io"
# -- Reference to secret containing TLS certificate. If set, it enables HTTPS on ingress rule.
tlsSecretName: ""
# -- Ingress annotations
annotations: {}
# -- Ingress root path url
path: "/"
# -- File Server extra envrinoment variables
extraEnvs: []
# -- specific annotation for File Server pods
podAnnotations: {}
# -- File Server resources per pod; these are minimal requirements, it's suggested to increase
# these values in production environments
resources:
requests:
cpu: 100m
memory: 256Mi
limits:
cpu: 2000m
memory: 1Gi
# -- File Server nodeselector
nodeSelector: {}
# -- File Server tolerations setup
tolerations: []
# -- File Server affinity setup
affinity: {}
# -- File server persistence settings
storage:
data:
# -- Storage class (use default if empty)
class: ""
# -- Access mode (must be ReadWriteMany if fileserver replica > 1)
accessMode: ReadWriteOnce
size: 50Gi
# -- Web Server configurations
webserver:
# -- Enable/Disable component deployment
enabled: true
# -- Web Server image configuration
image:
repository: "allegroai/clearml"
pullPolicy: IfNotPresent
tag: "1.8.0"
extraEnvs: []
podAnnotations: {}
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
nodeSelector: {}
tolerations: []
affinity: {}
storage:
data:
class: ""
size: 50Gi
webserver:
extraEnvs: []
tag: "1.9.1-312"
# -- Web Server internal service configuration
service:
# -- This will set to service's spec.type field
type: NodePort
port: 80
port: 8080
# -- If service.type set to NodePort, this will be set to service's nodePort field.
# If service.type is set to others, this field will be ignored
nodePort: 30080
# -- Web Server number of pods
replicaCount: 1
image:
repository: "allegroai/clearml"
pullPolicy: IfNotPresent
tag: "1.8.0"
# -- Ingress configuration for Web Server component
ingress:
# -- Enable/Disable ingress
enabled: false
# -- Ingress hostname domain
hostName: "app.clearml.127-0-0-1.nip.io"
# -- Reference to secret containing TLS certificate. If set, it enables HTTPS on ingress rule.
tlsSecretName: ""
# -- Ingress annotations
annotations: {}
# -- Ingress root path url
path: "/"
# -- Web Server extra envrinoment variables
extraEnvs: []
# -- specific annotation for Web Server pods
podAnnotations: {}
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# -- Web Server resources per pod; these are minimal requirements, it's suggested to increase
# these values in production environments
resources:
requests:
cpu: 100m
memory: 256Mi
limits:
cpu: 2000m
memory: 1Gi
# -- Web Server nodeselector
nodeSelector: {}
# -- Web Server tolerations setup
tolerations: []
# -- Web Server affinity setup
affinity: {}
# -- Additional specific webserver configurations
additionalConfigs: {}
# -- Definition of external services to use if not enabled as dependency charts here
externalServices:
# -- Existing ElasticSearch Hostname to use if elasticsearch.enabled is false
elasticsearchHost: ""
# -- Existing ElasticSearch Port to use if elasticsearch.enabled is false
elasticsearchPort: 9200
# -- Existing MongoDB Hostname to use if mongodb.enabled is false
mongodbHost: ""
# -- Existing MongoDB Port to use if mongodb.enabled is false
mongodbPort: 27017
# -- Existing MongoDB connection string to use if mongodb.enabled is false
mongodbConnectionString: ""
# -- Existing Redis Hostname to use if redis.enabled is false
redisHost: ""
# -- Existing Redis Port to use if redis.enabled is false
redisPort: 6379
redis: # configuration from https://github.com/bitnami/charts/blob/master/bitnami/redis/values.yaml
# -- Configuration from https://github.com/bitnami/charts/blob/master/bitnami/redis/values.yaml
redis:
enabled: true
usePassword: false
databaseNumber: 0
@ -250,10 +276,13 @@ redis: # configuration from https://github.com/bitnami/charts/blob/master/bitna
accessModes:
- ReadWriteOnce
size: 5Gi
## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner
storageClass: null
cluster:
enabled: false
mongodb: # configuration from https://github.com/bitnami/charts/blob/master/bitnami/mongodb/values.yaml
# -- Configuration from https://github.com/bitnami/charts/blob/master/bitnami/mongodb/values.yaml
mongodb:
enabled: true
architecture: standalone
auth:
@ -264,13 +293,11 @@ mongodb: # configuration from https://github.com/bitnami/charts/blob/master/bit
accessModes:
- ReadWriteOnce
size: 50Gi
service:
name: "{{ .Release.Name }}-mongodb"
type: ClusterIP
port: 27017
portName: mongo-service
## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner
storageClass: null
elasticsearch: # configuration from https://github.com/elastic/helm-charts/blob/7.16/elasticsearch/values.yaml
# -- Configuration from https://github.com/elastic/helm-charts/blob/7.16/elasticsearch/values.yaml
elasticsearch:
enabled: true
httpPort: 9200
roles:
@ -306,16 +333,85 @@ elasticsearch: # configuration from https://github.com/elastic/helm-charts/blob
value: "false"
resources:
requests:
memory: "4Gi"
cpu: 100m
memory: 2Gi
limits:
memory: "4Gi"
cpu: 2000m
memory: 4Gi
persistence:
enabled: true
volumeClaimTemplate:
accessModes: ["ReadWriteOnce"]
## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner
storageClassName: null
resources:
requests:
storage: 50Gi
esConfig:
elasticsearch.yml: |
xpack.security.enabled: false
# -- Enterprise features (work only with an Enterprise license)
enterpriseFeatures:
# -- Enable/Disable Enterprise features
enabled: false
# -- Company ID
defaultCompanyGuid: "d1bd92a3b039400cbafc60a7a5b1e52b"
# -- Air gapped documentation configurations
airGappedDocumentation:
# -- Enable/Disable air gapped documentation deployment
enabled: false
# -- Air gapped documentation image configuration
image:
repository: ""
tag: ""
# -- set this value AND overrideReferenceFileUrl if external endpoint exposure is in place (like a LoadBalancer)
# example: "https://api.clearml.local"
overrideReferenceApiUrl: ""
# -- set this value AND overrideReferenceAPIUrl if external endpoint exposure is in place (like a LoadBalancer)
# example: "https://files.clearml.local"
overrideReferenceFileUrl: ""
# -- extra index URL for Enterprise packages
extraIndexUrl: ""
# -- APPS configurations
clearmlApplications:
# -- Apps Server basic auth key
agentKey: GK4PRTVT3706T25K6BA1
# -- Apps Server basic auth secret
agentSecret: ymLh1ok5k5xNUQfS944Xdx9xjf0wueokqKM2dMZfHuH9ayItG2
# -- Apps Server Git user
gitAgentUser: "git_user"
# -- Apps Server Git password
gitAgentPass: "git_password"
# -- Enable/Disable component deployment
enabled: true
# -- APPS image configuration
image:
repository: ""
pullPolicy: IfNotPresent
tag: ""
# -- APPS base spawning pods image
basePodImage:
repository: ""
tag: ""
# -- APPS number of pods
replicaCount: 1
# -- APPS extra envrinoment variables
extraEnvs: []
# -- specific annotation for APPS pods
podAnnotations: {}
# -- APPS resources per pod; these are minimal requirements, it's suggested to increase
# these values in production environments
resources:
requests:
cpu: 100m
memory: 256Mi
limits:
cpu: 2000m
memory: 1Gi
# -- APPS nodeselector
nodeSelector: {}
# -- APPS tolerations setup
tolerations: []
# -- APPS affinity setup
affinity: {}

13
platform-specific-configs/tanzu/rolebinding.yaml Normal file
View File

@ -0,0 +1,13 @@
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: clearml-tanzu-rolebinding
namespace: clearml
roleRef:
kind: ClusterRole
name: psp:vmware-system-privileged
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: Group
apiGroup: rbac.authorization.k8s.io
name: system:serviceaccounts