Add agent pod securitycontext (#143)

* Added: securityContext for agent

* Changed: bump up version

* Added: support for k8s 1.26

.github/workflows/ci.yaml

@@ -2,6 +2,7 @@ name: Lint and Test Charts
 
 on:
   pull_request:
+    types: [opened, synchronize, edited, reopened]
     paths:
       - 'charts/**'
 
@@ -21,19 +22,18 @@ jobs:
     strategy:
       matrix:
         k8s:
-          - v1.22.7
-          - v1.23.6
-          - v1.24.0
+          - v1.24.7
+          - v1.25.3
+          - v1.26.0
     steps:
       - name: Checkout
         uses: actions/checkout@v1
       - name: Create kind ${{ matrix.k8s }} cluster
-        uses: helm/kind-action@v1.2.0
+        uses: helm/kind-action@v1.5.0
         with:
-          version: v0.13.0
           node_image: kindest/node:${{ matrix.k8s }}
       - name: Set up chart-testing
-        uses: helm/chart-testing-action@v2.2.1
+        uses: helm/chart-testing-action@v2.3.1
       - name: Run chart-testing (list-changed)
         id: list-changed
         run: |
@@ -42,11 +42,6 @@ jobs:
             echo "::set-output name=changed::true"
             echo "::set-output name=changed_charts::\"${changed//$'\n'/,}\""
           fi
-      - name: Inject secrets
-        run: |
-          find ./charts/*/ci/*.yaml -type f -exec sed -i "s/AGENTK8SGLUEKEY/${{ secrets.agentk8sglueKey }}/g" {} \;
-          find ./charts/*/ci/*.yaml -type f -exec sed -i "s/AGENTK8SGLUESECRET/${{ secrets.agentk8sglueSecret }}/g" {} \;
-        if: steps.list-changed.outputs.changed == 'true'      
       - name: Run chart-testing (lint and install)
         run: ct lint-and-install --chart-dirs=charts --target-branch=main --helm-extra-args="--timeout=15m" --charts=${{steps.list-changed.outputs.changed_charts}} --debug=true
         if: steps.list-changed.outputs.changed == 'true'

.github/workflows/release.yaml

@@ -22,7 +22,7 @@ jobs:
           git config user.name "$GITHUB_ACTOR"
           git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
       - name: Run chart-releaser
-        uses: helm/chart-releaser-action@v1.2.1
+        uses: helm/chart-releaser-action@v1.5.0
         env:
           CR_TOKEN: '${{ secrets.CR_TOKEN }}'
         with:

charts/clearml-agent/Chart.yaml

@@ -1,10 +1,10 @@
 apiVersion: v2
 name: clearml-agent
-description: MLOps platform
+description: MLOps platform Task running agent
 type: application
-version: "1.3.0"
+version: "3.2.0"
 appVersion: "1.24"
-kubeVersion: ">= 1.19.0-0 < 1.25.0-0"
+kubeVersion: ">= 1.21.0-0 < 1.27.0-0"
 home: https://clear.ml
 icon: https://raw.githubusercontent.com/allegroai/clearml/master/docs/clearml-logo.svg
 sources:
@@ -17,3 +17,10 @@ keywords:
   - clearml
   - "machine learning"
   - mlops
+  - "task agent"
+annotations:
+  artifacthub.io/changes: |
+    - kind: added
+      description: securityContext parameter for agent pod
+    - kind: added
+      description: support for kubernetes 1.26

charts/clearml-agent/README.md

@@ -1,8 +1,8 @@
-# clearml-agent
+# ClearML Kubernetes Agent
 
-![Version: 1.3.0](https://img.shields.io/badge/Version-1.3.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.24](https://img.shields.io/badge/AppVersion-1.24-informational?style=flat-square)
+![Version: 3.2.0](https://img.shields.io/badge/Version-3.2.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.24](https://img.shields.io/badge/AppVersion-1.24-informational?style=flat-square)
 
-MLOps platform
+MLOps platform Task running agent
 
 **Homepage:** <https://clear.ml>
 
@@ -12,6 +12,11 @@ MLOps platform
 | ---- | ------ | --- |
 | valeriano-manassero |  | <https://github.com/valeriano-manassero> |
 
+## Introduction
+
+The **clearml-agent** is the Kubernetes agent for for [ClearML](https://github.com/allegroai/clearml).
+It allows you to schedule distributed experiments on a Kubernetes cluster.
+
 ## Source Code
 
 * <https://github.com/allegroai/clearml-helm-charts>
@@ -19,30 +24,45 @@ MLOps platform
 
 ## Requirements
 
-Kubernetes: `>= 1.19.0-0 < 1.25.0-0`
+Kubernetes: `>= 1.21.0-0 < 1.27.0-0`
 
 ## Values
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| agentk8sglue | object | `{"apiServerUrlReference":"https://api.clear.ml","clearmlcheckCertificate":true,"defaultContainerImage":"ubuntu:18.04","extraEnvs":[],"fileServerUrlReference":"https://files.clear.ml","id":"k8s-agent","image":{"repository":"allegroai/clearml-agent-k8s-base","tag":"1.24-18"},"maxPods":10,"podTemplate":{"env":[],"nodeSelector":{},"resources":{},"tolerations":[],"volumes":[]},"queue":"default","replicaCount":1,"serviceAccountName":"default","webServerUrlReference":"https://app.clear.ml"}` | This agent will spawn queued experiments in new pods, a good use case is to combine this with GPU autoscaling nodes. https://github.com/allegroai/clearml-agent/tree/master/docker/k8s-glue |
+| agentk8sglue | object | `{"annotations":{},"apiServerUrlReference":"https://api.clear.ml","basePodTemplate":{"annotations":{},"env":[],"fileMounts":[],"hostAliases":{},"initContainers":[],"labels":{},"nodeSelector":{},"resources":{},"schedulerName":"","securityContext":{},"tolerations":[],"volumeMounts":[],"volumes":[]},"clearmlcheckCertificate":true,"containerCustomBashScript":"","customBashScript":"","debugMode":false,"defaultContainerImage":"ubuntu:18.04","extraEnvs":[],"fileMounts":[],"fileServerUrlReference":"https://files.clear.ml","image":{"repository":"allegroai/clearml-agent-k8s-base","tag":"1.24-21"},"labels":{},"nodeSelector":{},"queue":"default","replicaCount":1,"securityContext":{},"serviceExistingAccountName":"","volumeMounts":[],"volumes":[],"webServerUrlReference":"https://app.clear.ml"}` | This agent will spawn queued experiments in new pods, a good use case is to combine this with GPU autoscaling nodes. https://github.com/allegroai/clearml-agent/tree/master/docker/k8s-glue |
+| agentk8sglue.annotations | object | `{}` | annotations setup for Agent pod (example in values.yaml comments) |
 | agentk8sglue.apiServerUrlReference | string | `"https://api.clear.ml"` | Reference to Api server url |
+| agentk8sglue.basePodTemplate | object | `{"annotations":{},"env":[],"fileMounts":[],"hostAliases":{},"initContainers":[],"labels":{},"nodeSelector":{},"resources":{},"schedulerName":"","securityContext":{},"tolerations":[],"volumeMounts":[],"volumes":[]}` | base template for pods spawned to consume ClearML Task |
+| agentk8sglue.basePodTemplate.annotations | object | `{}` | annotations setup for pods spawned to consume ClearML Task (example in values.yaml comments) |
+| agentk8sglue.basePodTemplate.env | list | `[]` | environment variables for pods spawned to consume ClearML Task (example in values.yaml comments) |
+| agentk8sglue.basePodTemplate.fileMounts | list | `[]` | file definition for pods spawned to consume ClearML Task (example in values.yaml comments) |
+| agentk8sglue.basePodTemplate.hostAliases | object | `{}` | hostAliases setup for pods spawned to consume ClearML Task (example in values.yaml comments) |
+| agentk8sglue.basePodTemplate.initContainers | list | `[]` | initContainers definition for pods spawned to consume ClearML Task (example in values.yaml comments) |
+| agentk8sglue.basePodTemplate.labels | object | `{}` | labels setup for pods spawned to consume ClearML Task (example in values.yaml comments) |
+| agentk8sglue.basePodTemplate.nodeSelector | object | `{}` | nodeSelector setup for pods spawned to consume ClearML Task (example in values.yaml comments) |
+| agentk8sglue.basePodTemplate.resources | object | `{}` | resources declaration for pods spawned to consume ClearML Task (example in values.yaml comments) |
+| agentk8sglue.basePodTemplate.schedulerName | string | `""` | schedulerName setup for pods spawned to consume ClearML Task |
+| agentk8sglue.basePodTemplate.securityContext | object | `{}` | securityContext setup for pods spawned to consume ClearML Task (example in values.yaml comments) |
+| agentk8sglue.basePodTemplate.tolerations | list | `[]` | tolerations setup for pods spawned to consume ClearML Task (example in values.yaml comments) |
+| agentk8sglue.basePodTemplate.volumeMounts | list | `[]` | volume mounts definition for pods spawned to consume ClearML Task (example in values.yaml comments) |
+| agentk8sglue.basePodTemplate.volumes | list | `[]` | volumes definition for pods spawned to consume ClearML Task (example in values.yaml comments) |
 | agentk8sglue.clearmlcheckCertificate | bool | `true` | Check certificates validity for evefry UrlReference below. |
+| agentk8sglue.containerCustomBashScript | string | `""` | Custom Bash script for the Task Pods ran by Glue Agent |
+| agentk8sglue.debugMode | bool | `false` | Enable Debugging logs for Agent pod |
 | agentk8sglue.defaultContainerImage | string | `"ubuntu:18.04"` | default container image for ClearML Task pod |
-| agentk8sglue.extraEnvs | list | `[]` | Environment variables to be exposed in the agentk8sglue pods |
+| agentk8sglue.extraEnvs | list | `[]` | Extra Environment variables for Glue Agent |
+| agentk8sglue.fileMounts | list | `[]` | file definition for Glue Agent (example in values.yaml comments) |
 | agentk8sglue.fileServerUrlReference | string | `"https://files.clear.ml"` | Reference to File server url |
-| agentk8sglue.id | string | `"k8s-agent"` | ClearML worker ID (must be unique across the entire ClearMLenvironment) |
-| agentk8sglue.image | object | `{"repository":"allegroai/clearml-agent-k8s-base","tag":"1.24-18"}` | Glue Agent image configuration |
-| agentk8sglue.maxPods | int | `10` | maximum concurrent consume ClearML Task pod |
-| agentk8sglue.podTemplate | object | `{"env":[],"nodeSelector":{},"resources":{},"tolerations":[],"volumes":[]}` | template for pods spawned to consume ClearML Task |
-| agentk8sglue.podTemplate.env | list | `[]` | environment variables for pods spawned to consume ClearML Task (example in values.yaml comments) |
-| agentk8sglue.podTemplate.nodeSelector | object | `{}` | nodeSelector setup for pods spawned to consume ClearML Task (example in values.yaml comments) |
-| agentk8sglue.podTemplate.resources | object | `{}` | resources declaration for pods spawned to consume ClearML Task (example in values.yaml comments) |
-| agentk8sglue.podTemplate.tolerations | list | `[]` | tolerations setup for pods spawned to consume ClearML Task (example in values.yaml comments) |
-| agentk8sglue.podTemplate.volumes | list | `[]` | volumes definition for pods spawned to consume ClearML Task (example in values.yaml comments) |
+| agentk8sglue.image | object | `{"repository":"allegroai/clearml-agent-k8s-base","tag":"1.24-21"}` | Glue Agent image configuration |
+| agentk8sglue.labels | object | `{}` | labels setup for Agent pod (example in values.yaml comments) |
+| agentk8sglue.nodeSelector | object | `{}` | nodeSelector setup for Agent pod (example in values.yaml comments) |
 | agentk8sglue.queue | string | `"default"` | ClearML queue this agent will consume |
 | agentk8sglue.replicaCount | int | `1` | Glue Agent number of pods |
-| agentk8sglue.serviceAccountName | string | `"default"` | serviceAccountName for pods spawned to consume ClearML Task |
+| agentk8sglue.securityContext | object | `{}` | Web Server pod security context |
+| agentk8sglue.serviceExistingAccountName | string | `""` | if set, don't create a serviceAccountName but use defined existing one |
+| agentk8sglue.volumeMounts | list | `[]` | volume mounts definition for Glue Agent (example in values.yaml comments) |
+| agentk8sglue.volumes | list | `[]` | volumes definition for Glue Agent (example in values.yaml comments) |
 | agentk8sglue.webServerUrlReference | string | `"https://app.clear.ml"` | Reference to Web server url |
 | clearml | object | `{"agentk8sglueKey":"ACCESSKEY","agentk8sglueSecret":"SECRETKEY","clearmlConfig":"sdk {\n}","existingAgentk8sglueSecret":"","existingClearmlConfigSecret":""}` | ClearMl generic configurations |
 | clearml.agentk8sglueKey | string | `"ACCESSKEY"` | Agent k8s Glue basic auth key |
@@ -50,6 +70,18 @@ Kubernetes: `>= 1.19.0-0 < 1.25.0-0`
 | clearml.clearmlConfig | string | `"sdk {\n}"` | ClearML configuration file |
 | clearml.existingAgentk8sglueSecret | string | `""` | If this is set, chart will not generate a secret but will use what is defined here |
 | clearml.existingClearmlConfigSecret | string | `""` | If this is set, chart will not generate a secret but will use what is defined here |
+| enterpriseFeatures | object | `{"agentImageTagOverride":"1.24-57","applyVaultEnvVars":true,"enabled":false,"maxPods":10,"monitoredResources":{"maxResources":0,"maxResourcesFieldName":"resources|limits|nvidia.com/gpu","minResourcesFieldName":"resources|limits|nvidia.com/gpu"},"queues":null,"serviceAccountClusterAccess":false,"useOwnerToken":true}` | Enterprise features (work only with an Enterprise license) |
+| enterpriseFeatures.agentImageTagOverride | string | `"1.24-57"` | Image tag override for enterprise version |
+| enterpriseFeatures.applyVaultEnvVars | bool | `true` | push env vars from Clear.ML Vault to task pods |
+| enterpriseFeatures.enabled | bool | `false` | Enable/Disable Enterprise features |
+| enterpriseFeatures.maxPods | int | `10` | maximum concurrent consume ClearML Task pod |
+| enterpriseFeatures.monitoredResources | object | `{"maxResources":0,"maxResourcesFieldName":"resources|limits|nvidia.com/gpu","minResourcesFieldName":"resources|limits|nvidia.com/gpu"}` | GPU resource general counters |
+| enterpriseFeatures.monitoredResources.maxResources | int | `0` | Maximum resources counter |
+| enterpriseFeatures.monitoredResources.maxResourcesFieldName | string | `"resources|limits|nvidia.com/gpu"` | Field name used by Agent to count maximum resources |
+| enterpriseFeatures.monitoredResources.minResourcesFieldName | string | `"resources|limits|nvidia.com/gpu"` | Field name used by Agent to count minimum resources |
+| enterpriseFeatures.queues | string | `nil` | ClearML queues and related template OVERRIDES used this agent will consume |
+| enterpriseFeatures.serviceAccountClusterAccess | bool | `false` | service account access every namespace flag |
+| enterpriseFeatures.useOwnerToken | bool | `true` | Agent must use owner Token |
 | imageCredentials | object | `{"email":"someone@host.com","enabled":false,"existingSecret":"","password":"pwd","registry":"docker.io","username":"someone"}` | Private image registry configuration |
 | imageCredentials.email | string | `"someone@host.com"` | Email |
 | imageCredentials.enabled | bool | `false` | Use private authentication mode |
@@ -57,6 +89,36 @@ Kubernetes: `>= 1.19.0-0 < 1.25.0-0`
 | imageCredentials.password | string | `"pwd"` | Registry password |
 | imageCredentials.registry | string | `"docker.io"` | Registry name |
 | imageCredentials.username | string | `"someone"` | Registry username |
+| sessions | object | `{"dynamicSvcs":false,"externalIP":"0.0.0.0","maxServices":20,"portModeEnabled":false,"setInteractiveQueuesTag":true,"startingPort":30000,"svcAnnotations":{},"svcType":"NodePort"}` | Sessions internal service configuration |
+| sessions.dynamicSvcs | bool | `false` | Enable/Disable dynamic svc for sessions pods |
+| sessions.externalIP | string | `"0.0.0.0"` | External IP sessions clients can connect to |
+| sessions.maxServices | int | `20` | maximum number of NodePorts exposed |
+| sessions.portModeEnabled | bool | `false` | Enable/Disable sessions portmode WARNING: only one Agent deployment can have this set to true |
+| sessions.setInteractiveQueuesTag | bool | `true` | set interactive queue tags |
+| sessions.startingPort | int | `30000` | starting range of exposed NodePorts |
+| sessions.svcAnnotations | object | `{}` | specific annotations for session services |
+| sessions.svcType | string | `"NodePort"` | service type ("NodePort" or "ClusterIP" or "LoadBalancer") |
 
-----------------------------------------------
-Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)
+# Upgrading Chart
+
+### From v1.x to v2.x
+
+Chart 1.x was under the assumption that all mounted volumes would be PVC's. Version > 2.x allows for more flexibility and will inject the yaml from podTemplate.volumes and podtemplate.volumeMounts directly.
+
+v1.x
+```
+    volumes:
+     - name: "yourvolume"
+       path: "/yourpath"
+```
+
+v2.x
+```
+    volumes:
+     - name: "yourvolume"
+       persistentVolumeClaim:
+         claimName: "yourvolume"
+    volumeMounts:
+     - name: "yourvolume"
+       mountPath: "/yourpath"
+```

charts/clearml-agent/README.md.gotmpl

@@ -0,0 +1,45 @@
+# ClearML Kubernetes Agent
+{{ template "chart.deprecationWarning" . }}
+
+{{ template "chart.badgesSection" . }}
+
+{{ template "chart.description" . }}
+
+{{ template "chart.homepageLine" . }}
+
+{{ template "chart.maintainersSection" . }}
+
+## Introduction
+
+The **clearml-agent** is the Kubernetes agent for for [ClearML](https://github.com/allegroai/clearml).
+It allows you to schedule distributed experiments on a Kubernetes cluster.
+
+{{ template "chart.sourcesSection" . }}
+
+{{ template "chart.requirementsSection" . }}
+
+{{ template "chart.valuesSection" . }}
+
+# Upgrading Chart
+
+### From v1.x to v2.x 
+
+Chart 1.x was under the assumption that all mounted volumes would be PVC's. Version > 2.x allows for more flexibility and will inject the yaml from podTemplate.volumes and podtemplate.volumeMounts directly.
+
+v1.x
+```
+    volumes:
+     - name: "yourvolume"
+       path: "/yourpath"
+```
+
+v2.x
+```
+    volumes:
+     - name: "yourvolume"
+       persistentVolumeClaim:
+         claimName: "yourvolume"
+    volumeMounts:
+     - name: "yourvolume"
+       mountPath: "/yourpath"
+```

charts/clearml-agent/templates/_helpers.tpl

@@ -2,32 +2,14 @@
 Expand the name of the chart.
 */}}
 {{- define "clearml.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "clearml.fullname" -}}
-{{- if .Values.fullnameOverride }}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- $name := default .Chart.Name .Values.nameOverride }}
-{{- if contains $name .Release.Name }}
-{{- .Release.Name | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
-{{- end }}
-{{- end }}
+{{- .Release.Name | trunc 59 | trimSuffix "-" }}
 {{- end }}
 
 {{/*
 Create chart name and version as used by the chart label.
 */}}
 {{- define "clearml.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 59 | trimSuffix "-" }}
 {{- end }}
 
 {{/*
@@ -40,6 +22,18 @@ helm.sh/chart: {{ include "clearml.chart" . }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- if $.Values.agentk8sglue.labels }}
+{{ toYaml $.Values.agentk8sglue.labels }}
+{{- end }}
+{{- end }}
+
+{{/*
+Common annotations
+*/}}
+{{- define "clearml.annotations" -}}
+{{- if $.Values.agentk8sglue.annotations }}
+{{ toYaml $.Values.agentk8sglue.annotations }}
+{{- end }}
 {{- end }}
 
 {{/*
@@ -50,29 +44,22 @@ app.kubernetes.io/name: {{ include "clearml.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
 
-{{/*
-Reference Name (agentk8sglue)
-*/}}
-{{- define "agentk8sglue.referenceName" -}}
-{{- include "clearml.fullname" . }}-agentk8sglue
-{{- end }}
-
 {{/*
 Selector labels (agentk8sglue)
 */}}
 {{- define "agentk8sglue.selectorLabels" -}}
 app.kubernetes.io/name: {{ include "clearml.name" . }}
-app.kubernetes.io/instance: {{ include "agentk8sglue.referenceName" . }}
+app.kubernetes.io/instance: {{ include "clearml.name" . }}
 {{- end }}
 
 {{/*
 Create the name of the service account to use
 */}}
 {{- define "clearml.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
-{{- default (include "clearml.fullname" .) .Values.serviceAccount.name }}
+{{- if .Values.agentk8sglue.serviceExistingAccountName }}
+{{- .Values.agentk8sglue.serviceExistingAccountName }}
 {{- else }}
-{{- default "default" .Values.serviceAccount.name }}
+{{- include "clearml.name" . }}-sa
 {{- end }}
 {{- end }}
 
@@ -84,3 +71,15 @@ Create secret to access docker registry
 {{- printf "{\"auths\":{\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}}}" .registry .username .password .email (printf "%s:%s" .username .password | b64enc) | b64enc }}
 {{- end }}
 {{- end }}
+
+
+{{/*
+Create a string composed by queue names
+*/}}
+{{- define "agentk8sglue.queues" -}}
+{{- $list := list }}
+{{- range $key, $value := .Values.enterpriseFeatures.queues }}
+{{- $list = append $list (printf "%s" $key) }}
+{{- end }}
+{{- join " " $list }}
+{{- end }}

charts/clearml-agent/templates/agentk8sglue-configmap.yaml

@@ -1,37 +1,218 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: {{ include "agentk8sglue.referenceName" . }}-k8sagent-pod-template
+  name: {{ include "clearml.name" . }}-pt
 data:
+{{- if .Values.enterpriseFeatures.enabled }}
+  template.yaml: |
+    {{- range $key, $value := $.Values.enterpriseFeatures.queues }}
+    {{ $key }}:
+      apiVersion: v1
+      metadata:
+        namespace: {{ $.Release.Namespace }}
+        {{- if $value.templateOverrides.labels }}
+        labels:
+        {{- toYaml $value.templateOverrides.labels | nindent 10 }}
+        {{- else if $.Values.agentk8sglue.basePodTemplate.labels }}
+        labels:
+        {{- toYaml $.Values.agentk8sglue.basePodTemplate.labels | nindent 10 }}
+        {{- end}}
+        {{- if $value.templateOverrides.annotations }}
+        annotations:
+        {{- toYaml $value.templateOverrides.annotations | nindent 10 }}
+        {{- else if $.Values.agentk8sglue.basePodTemplate.annotations }}
+        annotations:
+        {{- toYaml $.Values.agentk8sglue.basePodTemplate.annotations | nindent 10 }}
+        {{- end}}
+      spec:
+        {{- if $.Values.imageCredentials.enabled }}
+        imagePullSecrets:
+        {{- if $.Values.imageCredentials.existingSecret }}
+          - name: $.Values.imageCredentials.existingSecret
+        {{- else }}
+          - name: {{ include "clearml.name" $ }}-ark
+        {{- end }}
+        {{- end }}
+        {{- if $value.templateOverrides.schedulerName }}
+        schedulerName: {{ $value.templateOverrides.schedulerName }}
+        {{- else if $.Values.agentk8sglue.basePodTemplate.schedulerName }}
+        schedulerName: {{ $.Values.agentk8sglue.basePodTemplate.schedulerName }}
+        {{- end}}
+        restartPolicy: Never
+        {{- if $value.templateOverrides.securityContext }}
+        securityContext:
+        {{- toYaml $value.templateOverrides.securityContext | nindent 10 }}
+        {{- else if $.Values.agentk8sglue.basePodTemplate.securityContext }}
+        securityContext:
+        {{- toYaml $.Values.agentk8sglue.basePodTemplate.securityContext | nindent 10 }}
+        {{- end}}
+        {{- if $value.templateOverrides.hostAliases }}
+          {{- with $value.templateOverrides.hostAliases }}
+        hostAliases:
+            {{- toYaml . | nindent 10 }}
+          {{- end }}
+        {{- else if $.Values.agentk8sglue.basePodTemplate.hostAliases }}
+          {{- with $.Values.agentk8sglue.basePodTemplate.hostAliases }}
+        hostAliases:
+            {{- toYaml . | nindent 10 }}
+          {{- end }}
+        {{- end }}
+        volumes:
+        {{- if $value.templateOverrides.volumes }}
+        {{- toYaml $value.templateOverrides.volumes | nindent 10 }}
+        {{- else if $.Values.agentk8sglue.basePodTemplate.volumes }}
+        {{- toYaml $.Values.agentk8sglue.basePodTemplate.volumes | nindent 10 }}
+        {{- end }}
+        {{- if $value.templateOverrides.fileMounts }}
+          - name: filemounts
+            secret:
+              secretName: {{ include "clearml.name" $ }}-{{ $key }}-fm
+        {{- else if $.Values.agentk8sglue.basePodTemplate.fileMounts }}
+          - name: filemounts
+            secret:
+              secretName: {{ include "clearml.name" $ }}-fm
+        {{- end }}
+        {{- if not $.Values.enterpriseFeatures.serviceAccountClusterAccess }}
+        serviceAccountName: {{ include "clearml.serviceAccountName" $ }}
+        {{- end }}
+        {{- if $value.templateOverrides.initContainers }}
+        initContainers:
+        {{- toYaml $value.templateOverrides.initContainers | nindent 10 }}
+        {{- else if $.Values.agentk8sglue.basePodTemplate.initContainers }}
+        initContainers:
+        {{- toYaml $.Values.agentk8sglue.basePodTemplate.initContainers | nindent 10 }}
+        {{- end }}
+        containers:
+        - resources:
+          {{- if $value.templateOverrides.resources }}
+          {{- toYaml $value.templateOverrides.resources | nindent 12 }}
+          {{- else if $.Values.agentk8sglue.basePodTemplate.resources }}
+          {{- toYaml $.Values.agentk8sglue.basePodTemplate.resources | nindent 12 }}
+          {{- end}}
+          ports:
+            - containerPort: 10022
+          volumeMounts:
+          {{- if $value.templateOverrides.volumeMounts }}
+          {{- toYaml $value.templateOverrides.volumeMounts | nindent 12 }}
+          {{- else if $.Values.agentk8sglue.basePodTemplate.volumeMounts }}
+          {{- toYaml $.Values.agentk8sglue.basePodTemplate.volumeMounts | nindent 12 }}
+          {{- end }}
+          {{- if $value.templateOverrides.fileMounts }}
+          {{- range $value.templateOverrides.fileMounts }}
+            - name: filemounts
+              mountPath: "{{ .folderPath }}/{{ .name }}"
+              subPath: "{{ .name }}"
+              readOnly: true
+          {{- end }}
+          {{- else if $.Values.agentk8sglue.basePodTemplate.fileMounts }}
+          {{- range $.Values.agentk8sglue.basePodTemplate.fileMounts }}
+            - name: filemounts
+              mountPath: "{{ .folderPath }}/{{ .name }}"
+              subPath: "{{ .name }}"
+              readOnly: true
+          {{- end }}
+          {{- end }}
+          env:
+            - name: CLEARML_API_HOST
+              value: {{ $.Values.agentk8sglue.apiServerUrlReference }}
+            - name: CLEARML_WEB_HOST
+              value: {{ $.Values.agentk8sglue.webServerUrlReference }}
+            - name: CLEARML_FILES_HOST
+              value: {{ $.Values.agentk8sglue.fileServerUrlReference }}
+            {{- if not $.Values.enterpriseFeatures.useOwnerToken }}
+            - name: CLEARML_API_ACCESS_KEY
+              valueFrom:
+                secretKeyRef:
+                  {{- if $.Values.clearml.existingAgentk8sglueSecret }}
+                  name: {{ $.Values.clearml.existingAgentk8sglueSecret }}
+                  {{- else }}
+                  name: {{ include "clearml.name" $ }}-ac
+                  {{- end }}
+                  key: agentk8sglue_key
+            - name: CLEARML_API_SECRET_KEY
+              valueFrom:
+                secretKeyRef:
+                  {{- if $.Values.clearml.existingAgentk8sglueSecret }}
+                  name: {{ $.Values.clearml.existingAgentk8sglueSecret }}
+                  {{- else }}
+                  name: {{ include "clearml.name" $ }}-ac
+                  {{- end }}
+                  key: agentk8sglue_secret
+            {{- end }}
+            - name: PYTHONUNBUFFERED
+              value: "x"
+            {{- if not $.Values.agentk8sglue.clearmlcheckCertificate }}
+            - name: CLEARML_API_HOST_VERIFY_CERT
+              value: "false"
+          {{- end }}
+          {{- if $value.templateOverrides.env }}
+          {{- toYaml $value.templateOverrides.env | nindent 12 }}
+          {{- else if $.Values.agentk8sglue.basePodTemplate.env }}
+          {{- toYaml $.Values.agentk8sglue.basePodTemplate.env | nindent 12 }}
+          {{- end }}
+        {{- if $value.templateOverrides.nodeSelector }}
+          {{- with $value.templateOverrides.nodeSelector }}
+        nodeSelector:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+        {{- else if $.Values.agentk8sglue.basePodTemplate.nodeSelector }}
+          {{- with $.Values.agentk8sglue.basePodTemplate.nodeSelector }}
+        nodeSelector:
+            {{- toYaml . | nindent 10 }}
+          {{- end }}
+        {{- end }}
+        {{- if $value.templateOverrides.tolerations }}
+          {{- with $value.templateOverrides.tolerations }}
+        tolerations:
+            {{- toYaml . | nindent 10 }}
+          {{- end }}
+        {{- else if $.Values.agentk8sglue.basePodTemplate.tolerations }}
+          {{- with $.Values.agentk8sglue.basePodTemplate.tolerations }}
+        tolerations:
+            {{- toYaml . | nindent 10 }}
+          {{- end }}
+        {{- end }}
+    {{- end }}
+  secrets.yaml: |
+    {{- range $key, $value := $.Values.enterpriseFeatures.queues }}
+    {{ $key }}:
+      {{- if $value.templateOverrides.fileMounts }}
+        - {{ include "clearml.name" $ }}-{{ $key }}-fm
+      {{- else if $.Values.agentk8sglue.basePodTemplate.fileMounts }}
+        - {{ include "clearml.name" $ }}-fm
+      {{- end }}
+    {{- end }}
+{{- else }}
   template.yaml: |
     apiVersion: v1
     metadata:
       namespace: {{ .Release.Namespace }}
+      labels:
+      {{- toYaml $.Values.agentk8sglue.basePodTemplate.labels | nindent 8 }}
+      annotations:
+      {{- toYaml $.Values.agentk8sglue.basePodTemplate.annotations | nindent 8 }}
     spec:
       {{- if .Values.imageCredentials.enabled }}
       imagePullSecrets:
       {{- if .Values.imageCredentials.existingSecret }}
-      - name: .Values.imageCredentials.existingSecret
+      - name: {{.Values.imageCredentials.existingSecret}}
       {{- else }}
-      - name: {{ include "agentk8sglue.referenceName" . }}-clearml-agent-registry-key
+      - name: name: {{ include "clearml.name" $ }}-ark
       {{- end }}
       {{- end }}
-      serviceAccountName: {{ .Values.agentk8sglue.serviceAccountName }}
+      {{- with .Values.agentk8sglue.basePodTemplate.volumes }}
       volumes:
-      {{- range .Values.agentk8sglue.podTemplate.volumes }}
-      - name: {{ .name }}
-        persistentVolumeClaim:
-          claimName: {{ .name }}
+      {{- toYaml . | nindent 8 }}
       {{- end }}
+      serviceAccountName: {{ include "clearml.serviceAccountName" $ }}
       containers:
       - resources:
-          {{- toYaml .Values.agentk8sglue.podTemplate.resources | nindent 10 }}
+          {{- toYaml .Values.agentk8sglue.basePodTemplate.resources | nindent 10 }}
         ports:
         - containerPort: 10022
+        {{- with .Values.agentk8sglue.basePodTemplate.volumeMounts }}
         volumeMounts:
-        {{- range .Values.agentk8sglue.podTemplate.volumes }}
-        - mountPath: {{ .path }}
-          name: {{ .name }}
+        {{- toYaml . | nindent 10 }}
         {{- end }}
         env:
         - name: CLEARML_API_HOST
@@ -46,7 +227,7 @@ data:
               {{- if .Values.clearml.existingAgentk8sglueSecret }}
               name: {{ .Values.clearml.existingAgentk8sglueSecret }}
               {{- else }}
-              name: {{ include "agentk8sglue.referenceName" . }}-clearml-agent-k8sglue
+              name: {{ include "clearml.name" . }}-ac
               {{- end }}
               key: agentk8sglue_key
         - name: CLEARML_API_SECRET_KEY
@@ -55,17 +236,48 @@ data:
               {{- if .Values.clearml.existingAgentk8sglueSecret }}
               name: {{ .Values.clearml.existingAgentk8sglueSecret }}
               {{- else }}
-              name: {{ include "agentk8sglue.referenceName" . }}-clearml-agent-k8sglue
+              name: {{ include "clearml.name" . }}-ac
               {{- end }}
               key: agentk8sglue_secret
-        {{- if .Values.agentk8sglue.podTemplate.env }}
-        {{ toYaml .Values.agentk8sglue.podTemplate.env | nindent 8 }}
+        {{- if .Values.agentk8sglue.basePodTemplate.env }}
+        {{ toYaml .Values.agentk8sglue.basePodTemplate.env | nindent 8 }}
         {{- end }}
-        {{- with .Values.agentk8sglue.podTemplate.nodeSelector}}
+        {{- with .Values.agentk8sglue.basePodTemplate.nodeSelector}}
       nodeSelector:
           {{- toYaml . | nindent 8 }}
         {{- end }}
-        {{- with .Values.agentk8sglue.podTemplate.tolerations }}
+        {{- with .Values.agentk8sglue.basePodTemplate.tolerations }}
       tolerations:
           {{- toYaml . | nindent 8 }}
         {{- end }}
+{{- end }}
+{{- if .Values.sessions.portModeEnabled }}
+{{- range untilStep 1 ( ( add .Values.sessions.maxServices 1 ) | int ) 1 }}
+  services-{{ . }}.yaml: |
+    apiVersion: v1
+    kind: Service
+    metadata:
+      name: clearml-session-{{ . }}
+      labels:
+        {{- include "clearml.labels" $ | nindent 8 }}
+      {{- with $.Values.sessions.svcAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+    spec:
+      type: {{ $.Values.sessions.svcType }}
+      ports:
+        - targetPort: 10022
+          {{- if eq $.Values.sessions.svcType "NodePort" }}
+          port: 10022
+          {{- else }}
+          port: {{ add $.Values.sessions.startingPort . }}
+          {{- end }}
+          protocol: TCP
+          {{- if eq $.Values.sessions.svcType "NodePort" }}
+          nodePort: {{ add $.Values.sessions.startingPort . }}
+          {{- end }}
+      selector:
+        ai.allegro.agent.serial: pod-{{ . }}
+{{- end }}
+{{- end }}

charts/clearml-agent/templates/agentk8sglue-deployment.yaml

@@ -1,9 +1,11 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: {{ include "agentk8sglue.referenceName" . }}
+  name: {{ include "clearml.name" . }}
   labels:
     {{- include "clearml.labels" . | nindent 4 }}
+  annotations:
+    {{- include "clearml.annotations" . | nindent 4 }}
 spec:
   replicas: {{ .Values.agentk8sglue.replicaCount }}
   selector:
@@ -13,51 +15,76 @@ spec:
     metadata:
       annotations:
         checksum/config: {{ printf "%s%s" .Values.clearml .Values.agentk8sglue | sha256sum }}
+        {{- include "clearml.annotations" . | nindent 8 }}
       labels:
-        {{- include "agentk8sglue.selectorLabels" . | nindent 8 }}
+        {{- include "clearml.labels" . | nindent 8 }}
     spec:
       {{- if .Values.imageCredentials.enabled }}
       imagePullSecrets:
       {{- if .Values.imageCredentials.existingSecret }}
       - name: .Values.imageCredentials.existingSecret
       {{- else }}
-      - name: {{ include "agentk8sglue.referenceName" . }}-clearml-agent-registry-key
+      - name: {{ include "clearml.name" . }}-ark
       {{- end }}
       {{- end }}
+      serviceAccountName: {{ include "clearml.serviceAccountName" . }}
+      securityContext: {{ toYaml .Values.agentk8sglue.securityContext | nindent 8 }}
       initContainers:
-          - name: init-k8s-glue
-            image: "{{ .Values.agentk8sglue.image.repository }}:{{ .Values.agentk8sglue.image.tag }}"
-            command:
-              - /bin/sh
-              - -c
-              - >
-                set -x;
-                while [ $(curl {{ if not .Values.agentk8sglue.clearmlcheckCertificate }}--insecure{{ end }} -sw '%{http_code}' "{{.Values.agentk8sglue.apiServerUrlReference}}/debug.ping" -o /dev/null) -ne 200 ] ; do
-                  echo "waiting for apiserver" ;
-                  sleep 5 ;
-                done;
-                while [[ $(curl {{ if not .Values.agentk8sglue.clearmlcheckCertificate }}--insecure{{ end }} -sw '%{http_code}' "{{.Values.agentk8sglue.fileServerUrlReference}}/" -o /dev/null) =~ 403|405 ]] ; do
-                  echo "waiting for fileserver" ;
-                  sleep 5 ;
-                done;
-                while [ $(curl {{ if not .Values.agentk8sglue.clearmlcheckCertificate }}--insecure{{ end }} -sw '%{http_code}' "{{.Values.agentk8sglue.webServerUrlReference}}/" -o /dev/null) -ne 200 ] ; do
-                  echo "waiting for webserver" ;
-                  sleep 5 ;
-                done
+      - name: init-k8s-glue
+        {{- if .Values.enterpriseFeatures.enabled }}
+        image: "{{ .Values.agentk8sglue.image.repository }}:{{ .Values.enterpriseFeatures.agentImageTagOverride }}"
+        {{- else }}
+        image: "{{ .Values.agentk8sglue.image.repository }}:{{ .Values.agentk8sglue.image.tag }}"
+        {{- end }}
+        command:
+          - /bin/sh
+          - -c
+          - >
+            set -x;
+            while [ $(curl {{ if not .Values.agentk8sglue.clearmlcheckCertificate }}--insecure{{ end }} -sw '%{http_code}' "{{.Values.agentk8sglue.apiServerUrlReference}}/debug.ping" -o /dev/null) -ne 200 ] ; do
+              echo "waiting for apiserver" ;
+              sleep 5 ;
+            done;
+            while [[ $(curl {{ if not .Values.agentk8sglue.clearmlcheckCertificate }}--insecure{{ end }} -sw '%{http_code}' "{{.Values.agentk8sglue.fileServerUrlReference}}/" -o /dev/null) =~ 403|405 ]] ; do
+              echo "waiting for fileserver" ;
+              sleep 5 ;
+            done;
+            while [ $(curl {{ if not .Values.agentk8sglue.clearmlcheckCertificate }}--insecure{{ end }} -sw '%{http_code}' "{{.Values.agentk8sglue.webServerUrlReference}}/" -o /dev/null) -ne 200 ] ; do
+              echo "waiting for webserver" ;
+              sleep 5 ;
+            done
       containers:
       - name: k8s-glue
+        {{- if .Values.enterpriseFeatures.enabled }}
+        image: "{{ .Values.agentk8sglue.image.repository }}:{{ .Values.enterpriseFeatures.agentImageTagOverride }}"
+        {{- else }}
         image: "{{ .Values.agentk8sglue.image.repository }}:{{ .Values.agentk8sglue.image.tag }}"
+        {{- end }}
         imagePullPolicy: IfNotPresent
-        command: ["/bin/bash", "-c", "export PATH=$PATH:$HOME/bin; source /root/.bashrc && /root/entrypoint.sh"]
+        command:
+          - /bin/bash
+          - -c
+          - >
+            export PATH=$PATH:$HOME/bin;
+            source /root/.bashrc && /root/entrypoint.sh
         volumeMounts:
-          - name: {{ include "agentk8sglue.referenceName" . }}-k8sagent-pod-template
+          - name: {{ include "clearml.name" . }}-pt
             mountPath: /root/template
-          {{- if or .Values.clearml.clearmlConfig .Values.clearml.existingClearmlConfigSecret }}
+          {{ if .Values.clearml.clearmlConfig }}
           - name: k8sagent-clearml-conf-volume
             mountPath: /root/clearml.conf
             subPath: clearml.conf
             readOnly: true
           {{- end }}
+          {{- if .Values.agentk8sglue.volumeMounts }}
+          {{- toYaml .Values.agentk8sglue.volumeMounts | nindent 10 }}
+          {{- end }}
+          {{- range .Values.agentk8sglue.fileMounts }}
+          - name: filemounts
+            mountPath: "{{ .folderPath }}/{{ .name }}"
+            subPath: "{{ .name }}"
+            readOnly: true
+          {{- end }}
         env:
           - name: CLEARML_API_HOST
             value: "{{.Values.agentk8sglue.apiServerUrlReference}}"
@@ -65,56 +92,108 @@ spec:
             value: "{{.Values.agentk8sglue.webServerUrlReference}}"
           - name: CLEARML_FILES_HOST
             value: "{{.Values.agentk8sglue.fileServerUrlReference}}"
-          - name: K8S_GLUE_MAX_PODS
-            value: "{{.Values.agentk8sglue.maxPods}}"
-          - name: K8S_GLUE_QUEUE
-            value: "{{.Values.agentk8sglue.queue}}"
+          {{- if not .Values.agentk8sglue.clearmlcheckCertificate }}
+          - name: CLEARML_API_HOST_VERIFY_CERT
+            value: "false"
+          {{- end }}
+          {{- if .Values.sessions.portModeEnabled }}
           - name: K8S_GLUE_EXTRA_ARGS
-            value: "--namespace {{ .Release.Namespace }} --template-yaml /root/template/template.yaml"
+            value: "--namespace {{ .Release.Namespace }} --template-yaml /root/template/template.yaml \
+                    --ports-mode --num-of-services {{ .Values.sessions.maxServices }} \
+                    --base-port {{ .Values.sessions.startingPort }} \
+                    --gateway-address {{ .Values.sessions.externalIP }}{{ if .Values.enterpriseFeatures.enabled }}{{ if .Values.enterpriseFeatures.useOwnerToken }} --use-owner-token{{ end }}{{ end }}"
+          {{- if .Values.sessions.dynamicSvcs }}
+          - name: CLEARML_K8S_GLUE_POD_POST_APPLY_CMD
+            value: "kubectl -n {namespace} apply -f ~/template/services-{pod_number}.yaml ; kubectl -n {namespace} label svc clearml-session-{pod_number} service-for={pod_name}"
+          - name: CLEARML_K8S_GLUE_POD_POST_DELETE_CMD
+            value: "kubectl -n {namespace} delete svc -l service-for={pod_name}"
+          {{- end }}
+          {{- else}}
+          - name: K8S_GLUE_EXTRA_ARGS
+            value: "--namespace {{ .Release.Namespace }} --template-yaml /root/template/template.yaml \
+                    --max-pods {{.Values.enterpriseFeatures.maxPods}}{{ if .Values.enterpriseFeatures.enabled }}{{ if .Values.enterpriseFeatures.useOwnerToken }} --use-owner-token{{ end }}{{ end }}"
+          {{- end }}
+          - name: CLEARML_K8S_GLUE_LIMIT_POD_LABEL
+            value: "ai.allegro.agent.serial=pod-{pod_number}"
+          - name: CLEARML_K8S_SECRETS_LIST_FILE
+            value: /root/template/secrets.yaml
           - name: K8S_DEFAULT_NAMESPACE
             value: "{{ .Release.Namespace }}"
           - name: CLEARML_API_ACCESS_KEY
             valueFrom:
               secretKeyRef:
-                {{- if .Values.clearml.existingAgentk8sglueSecret }}
-                name: {{ .Values.clearml.existingAgentk8sglueSecret }}
-                {{- else }}
-                name: {{ include "agentk8sglue.referenceName" . }}-clearml-agent-k8sglue
-                {{- end }}
+                name: {{ include "clearml.name" . }}-ac
                 key: agentk8sglue_key
           - name: CLEARML_API_SECRET_KEY
             valueFrom:
               secretKeyRef:
-                {{- if .Values.clearml.existingAgentk8sglueSecret }}
-                name: {{ .Values.clearml.existingAgentk8sglueSecret }}
-                {{- else }}
-                name: {{ include "agentk8sglue.referenceName" . }}-clearml-agent-k8sglue
-                {{- end }}
+                name: {{ include "clearml.name" . }}-ac
                 key: agentk8sglue_secret
           - name: CLEARML_WORKER_ID
-            value: "{{.Values.agentk8sglue.id}}"
+            value: {{ include "clearml.name" . }}
           - name: CLEARML_AGENT_UPDATE_REPO
             value: ""
           - name: FORCE_CLEARML_AGENT_REPO
-            value: ""
+            value: "" 
           - name: CLEARML_DOCKER_IMAGE
             value: "{{.Values.agentk8sglue.defaultContainerImage}}"
+          {{ if .Values.agentk8sglue.customBashScript }}
+          - name: CLEARML_K8S_GLUE_EXTRA_BASH_SCRIPT
+            value: "{{.Values.agentk8sglue.customBashScript}}"
+          {{- end }}
+          {{ if .Values.agentk8sglue.containerCustomBashScript }}
+          - name: CLEARML_K8S_GLUE_POD_BASH_SCRIPT
+            value: "{{.Values.agentk8sglue.containerCustomBashScript}}"
+          {{- end }}
+          {{- if .Values.agentk8sglue.debugMode }}
+          - name: "CLEARML_K8S_GLUE_DEBUG"
+            value: "1"
+          {{- end }}
           {{- if .Values.agentk8sglue.extraEnvs }}
           {{ toYaml .Values.agentk8sglue.extraEnvs | nindent 10 }}
           {{- end }}
+          {{- if  .Values.sessions.portModeEnabled }}
+          {{- if  .Values.sessions.setInteractiveQueuesTag }}
+          - name: "CLEARML_K8S_GLUE_SET_QUEUE_SYSTEM_TAGS"
+            value: "interactive"
+          {{- end }}
+          {{- end }}
+          {{- if .Values.enterpriseFeatures.enabled }}
+          - name: K8S_GLUE_QUEUE
+            value: {{ include "agentk8sglue.queues" . | quote }}
+          - name: CLEARML_K8S_GLUE_APPLY_VAULT_ENV_VARS
+            value: {{ .Values.enterpriseFeatures.applyVaultEnvVars | quote }}
+          - name: "CLEARML_K8S_GLUE_POD_MIN_RES_FIELD"
+            value: {{.Values.enterpriseFeatures.monitoredResources.minResourcesFieldName}}
+          - name: "CLEARML_K8S_GLUE_MAX_RESOURCES"
+            value: "{{.Values.enterpriseFeatures.monitoredResources.maxResources}}"
+          - name: "CLEARML_K8S_GLUE_POD_MAX_RES_FIELD"
+            value: {{.Values.enterpriseFeatures.monitoredResources.maxResourcesFieldName}}
+          {{- else }}
+          - name: K8S_GLUE_QUEUE
+            value: {{ .Values.agentk8sglue.queue }}
+          {{- end }}
+      {{- with .Values.agentk8sglue.nodeSelector}}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
       volumes:
-        - name: {{ include "agentk8sglue.referenceName" . }}-k8sagent-pod-template
-          configMap: 
-            name: {{ include "agentk8sglue.referenceName" . }}-k8sagent-pod-template
-        {{- if or .Values.clearml.clearmlConfig .Values.clearml.existingClearmlConfigSecret }}
+        - name: {{ include "clearml.name" . }}-pt
+          configMap:
+            name: {{ include "clearml.name" . }}-pt
+        {{ if .Values.clearml.clearmlConfig }}
         - name: k8sagent-clearml-conf-volume
           secret:
-            {{- if .Values.clearml.existingClearmlConfigSecret }}
-            secretName: {{ .Values.clearml.existingClearmlConfigSecret }}
-            {{- else }}
-            secretName: {{ include "agentk8sglue.referenceName" . }}-clearml-agent-conf
-            {{- end }}
+            secretName: {{ include "clearml.name" . }}-ac
             items:
             - key: clearml.conf
               path: clearml.conf
         {{ end }}
+        {{- if .Values.agentk8sglue.volumes }}
+        {{- toYaml .Values.agentk8sglue.volumes | nindent 8 }}
+        {{- end }}
+        {{ if .Values.agentk8sglue.fileMounts }}
+        - name: filemounts
+          secret:
+            secretName: {{ include "clearml.name" . }}-afm
+        {{- end }}

charts/clearml-agent/templates/agentk8sglue-rbac.yaml

@@ -1,23 +1,72 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
+{{- if not .Values.agentk8sglue.serviceExistingAccountName }}
+apiVersion: v1
+kind: ServiceAccount
 metadata:
-  name: {{ include "agentk8sglue.referenceName" . }}-k8sagent-pods-access
+  name: {{ include "clearml.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- if .Values.enterpriseFeatures.serviceAccountClusterAccess }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "clearml.name" . }}-kpa
 rules:
   - apiGroups:
       - ""
     resources:
       - pods
+      - secrets
+      - services
     verbs: ["get", "list", "watch", "create", "patch", "delete"]
+  - apiGroups:
+      - ""
+    resources:
+      - namespaces
+    verbs: ["list"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "clearml.name" . }}-kpa
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "clearml.serviceAccountName" . }}
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "clearml.name" . }}-kpa
+{{- else }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ include "clearml.name" . }}-kpa
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+      - secrets
+      - services
+    verbs: ["get", "list", "watch", "create", "patch", "delete"]
+  - apiGroups:
+      - ""
+    resources:
+      - namespaces
+    verbs: ["list"]
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
-  name: {{ include "agentk8sglue.referenceName" . }}-k8sagent-pods-access
+  name: {{ include "clearml.name" . }}-kpa
 subjects:
   - kind: ServiceAccount
-    name: default
+    name: {{ include "clearml.serviceAccountName" . }}
     namespace: {{ .Release.Namespace }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
-  name: {{ include "agentk8sglue.referenceName" . }}-k8sagent-pods-access
+  name: {{ include "clearml.name" . }}-kpa
+{{- end }}

charts/clearml-agent/templates/clearml-secrets.yaml

@@ -1,28 +1,18 @@
-{{- if not .Values.clearml.existingAgentk8sglueSecret }}
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ include "agentk8sglue.referenceName" . }}-clearml-agent-k8sglue
+  name: {{ include "clearml.name" . }}-ac
 data:
   agentk8sglue_key: {{ .Values.clearml.agentk8sglueKey | b64enc }}
   agentk8sglue_secret: {{ .Values.clearml.agentk8sglueSecret | b64enc }}
-{{- end }}
----
-{{- if not .Values.clearml.existingClearmlConfigSecret }}
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ include "agentk8sglue.referenceName" . }}-clearml-agent-conf
-data:
   clearml.conf: {{ .Values.clearml.clearmlConfig | b64enc }}
 ---
-{{- end }}
 {{- if .Values.imageCredentials.enabled }}
 {{- if not .Values.imageCredentials.existingSecret }}
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ include "agentk8sglue.referenceName" . }}-clearml-agent-registry-key
+  name: {{ include "clearml.name" . }}-ark
 type: kubernetes.io/dockerconfigjson
 data:
   .dockerconfigjson: {{ template "imagePullSecret" . }}

charts/clearml-agent/templates/service-secret.yaml

@@ -0,0 +1,37 @@
+{{ if .Values.agentk8sglue.fileMounts }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "clearml.name" . }}-afm
+data:
+  {{- range .Values.agentk8sglue.fileMounts }}
+  {{ .name }}: {{ .fileContent | b64enc }}
+  {{- end }}
+{{ end }}
+---
+{{- if .Values.enterpriseFeatures.enabled }}
+{{ if .Values.agentk8sglue.basePodTemplate.fileMounts }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "clearml.name" . }}-fm
+data:
+  {{- range .Values.agentk8sglue.basePodTemplate.fileMounts }}
+  {{ .name }}: {{ .fileContent | b64enc }}
+  {{- end }}
+{{ end }}
+---
+{{- range $key, $value := $.Values.agentk8sglue.queues }}
+{{ if .templateOverrides.fileMounts }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "clearml.name" $ }}-{{ $key }}-fm
+data:
+  {{- range .templateOverrides.fileMounts }}
+  {{ .name }}: {{ .fileContent | b64enc }}
+  {{- end }}
+{{ end }}
+---
+{{- end }}
+{{- end }}

charts/clearml-agent/templates/service-sessions.yaml

@@ -0,0 +1,32 @@
+{{- if .Values.sessions.portModeEnabled }}
+{{- if not .Values.sessions.dynamicSvcs }}
+{{- range untilStep 1 ( ( add .Values.sessions.maxServices 1 ) | int ) 1 }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: clearml-session-{{ . }}
+  labels:
+    {{- include "clearml.labels" $ | nindent 4 }}
+  {{- with $.Values.sessions.svcAnnotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  type: {{ $.Values.sessions.svcType }}
+  ports:
+    - targetPort: 10022
+      {{- if eq $.Values.sessions.svcType "NodePort" }}
+      port: 10022
+      {{- else }}
+      port: {{ add $.Values.sessions.startingPort . }}
+      {{- end }}
+      protocol: TCP
+      {{- if eq $.Values.sessions.svcType "NodePort" }}
+      nodePort: {{ add $.Values.sessions.startingPort . }}
+      {{- end }}
+  selector:
+    ai.allegro.agent.serial: pod-{{ . }}
+{{- end }}
+{{- end }}
+{{- end }}

charts/clearml-agent/values.yaml

@@ -36,14 +36,20 @@ agentk8sglue:
   # -- Glue Agent image configuration
   image:
     repository: "allegroai/clearml-agent-k8s-base"
-    tag: "1.24-18"
+    tag: "1.24-21"
 
   # -- Glue Agent number of pods
   replicaCount: 1
 
+  # -- if set, don't create a serviceAccountName but use defined existing one
+  serviceExistingAccountName: ""
+
   # -- Check certificates validity for evefry UrlReference below.
   clearmlcheckCertificate: true
 
+  # -- Enable Debugging logs for Agent pod
+  debugMode: false
+
   # -- Reference to Api server url
   apiServerUrlReference: "https://api.clear.ml"
   # -- Reference to File server url
@@ -51,27 +57,93 @@ agentk8sglue:
   # -- Reference to Web server url
   webServerUrlReference: "https://app.clear.ml"
 
-  # -- serviceAccountName for pods spawned to consume ClearML Task
-  serviceAccountName: default
-  # -- maximum concurrent consume ClearML Task pod
-  maxPods: 10
   # -- default container image for ClearML Task pod
   defaultContainerImage: ubuntu:18.04
   # -- ClearML queue this agent will consume
   queue: default
-
-  # -- ClearML worker ID (must be unique across the entire ClearMLenvironment)
-  id: k8s-agent
-
-  # -- Environment variables to be exposed in the agentk8sglue pods
+  # -- Custom Bash script for the Glue Agent
+  # -- labels setup for Agent pod (example in values.yaml comments)
+  labels: {}
+    # schedulerName: scheduler
+  # -- annotations setup for Agent pod (example in values.yaml comments)
+  annotations: {}
+    # key1: value1
+  customBashScript: ""
+  # -- Custom Bash script for the Task Pods ran by Glue Agent
+  containerCustomBashScript: ""
+  # -- Extra Environment variables for Glue Agent
   extraEnvs: []
+    # - name: PYTHONPATH
+    #   value: "somepath"
+    # -- Web Server pod security context
+  securityContext: {}
+    #  runAsUser: 1001
+    #  fsGroup: 1001
+  # -- nodeSelector setup for Agent pod (example in values.yaml comments)
+  nodeSelector: {}
+    # fleet: agent-nodes
+  # -- volumes definition for Glue Agent (example in values.yaml comments)
+  volumes: []
+    # - name: "yourvolume"
+    #   nfs:
+    #    server: 192.168.0.1
+    #    path: /var/nfs/mount
+  # -- volume mounts definition for Glue Agent (example in values.yaml comments)
+  volumeMounts: []
+    # - name: yourvolume
+    #   mountPath: /yourpath
+    #   subPath: userfolder
 
-  # -- template for pods spawned to consume ClearML Task
-  podTemplate:
+  # -- file definition for Glue Agent (example in values.yaml comments)
+  fileMounts: []
+    # - name: "integration.py"
+    #   folderPath: "/mnt/python"
+    #   fileContent: |-
+    #     def get_template(*args, **kwargs):
+    #       print("args: {}".format(args))
+    #       print("kwargs: {}".format(kwargs))
+    #       return {
+    #           "template": {
+    #           }
+    #       }
+
+  # -- base template for pods spawned to consume ClearML Task
+  basePodTemplate:
+    # -- labels setup for pods spawned to consume ClearML Task (example in values.yaml comments)
+    labels: {}
+      # schedulerName: scheduler
+    # -- annotations setup for pods spawned to consume ClearML Task (example in values.yaml comments)
+    annotations: {}
+      # key1: value1
+    # -- initContainers definition for pods spawned to consume ClearML Task (example in values.yaml comments)
+    initContainers: []
+      # - name: volume-dirs-init-cntr
+      #   image: busybox:1.35
+      #  command:
+      #    - /bin/bash
+      #    - -c
+      #    - >
+      #      /bin/echo "this is an init";
+    # -- schedulerName setup for pods spawned to consume ClearML Task
+    schedulerName: ""
     # -- volumes definition for pods spawned to consume ClearML Task (example in values.yaml comments)
     volumes: []
       # - name: "yourvolume"
-      #   path: "/yourpath"
+      #   nfs:
+      #    server: 192.168.0.1
+      #    path: /var/nfs/mount
+    # -- volume mounts definition for pods spawned to consume ClearML Task (example in values.yaml comments)
+    volumeMounts: []
+      # - name: yourvolume
+      #   mountPath: /yourpath
+      #   subPath: userfolder
+    # -- file definition for pods spawned to consume ClearML Task (example in values.yaml comments)
+    fileMounts: []
+      # - name: "mounted-file.txt"
+      #   folderPath: "/mnt/"
+      #   fileContent: |-
+      #     this is a test file
+      #     with test content
     # -- environment variables for pods spawned to consume ClearML Task (example in values.yaml comments)
     env: []
       # # to setup access to private repo, setup secret with git credentials:
@@ -82,6 +154,10 @@ agentk8sglue:
       #     secretKeyRef:
       #       name: git-password
       #       key: git-password
+      # - name: CURL_CA_BUNDLE
+      #   value: ""
+      # - name: PYTHONWARNINGS
+      #   value: "=\"ignore:Unverified HTTPS request\""
     # -- resources declaration for pods spawned to consume ClearML Task (example in values.yaml comments)
     resources: {}
       # limits:
@@ -94,3 +170,69 @@ agentk8sglue:
     # -- nodeSelector setup for pods spawned to consume ClearML Task (example in values.yaml comments)
     nodeSelector: {}
       # fleet: gpu-nodes
+    # -- securityContext setup for pods spawned to consume ClearML Task (example in values.yaml comments)
+    securityContext: {}
+      #  runAsUser: 1001
+      #  fsGroup: 1001
+    # -- hostAliases setup for pods spawned to consume ClearML Task (example in values.yaml comments)
+    hostAliases: {}
+    # - ip: "127.0.0.1"
+    #   hostnames:
+    #   - "foo.local"
+    #   - "bar.local"
+
+# -- Sessions internal service configuration
+sessions:
+  # -- Enable/Disable sessions portmode WARNING: only one Agent deployment can have this set to true
+  portModeEnabled: false
+  # -- Enable/Disable dynamic svc for sessions pods
+  dynamicSvcs: false
+  # -- specific annotations for session services
+  svcAnnotations: {}
+  # -- service type ("NodePort" or "ClusterIP" or "LoadBalancer")
+  svcType: "NodePort"
+  # -- External IP sessions clients can connect to
+  externalIP: 0.0.0.0
+  # -- starting range of exposed NodePorts
+  startingPort: 30000
+  # -- maximum number of NodePorts exposed
+  maxServices: 20
+  # -- set interactive queue tags
+  setInteractiveQueuesTag: true
+
+# -- Enterprise features (work only with an Enterprise license)
+enterpriseFeatures:
+  # -- Enable/Disable Enterprise features
+  enabled: false
+  # -- Image tag override for enterprise version
+  agentImageTagOverride: "1.24-57"
+  # -- service account access every namespace flag
+  serviceAccountClusterAccess: false
+  # -- push env vars from Clear.ML Vault to task pods
+  applyVaultEnvVars: true
+  # -- GPU resource general counters
+  monitoredResources:
+    # -- Field name used by Agent to count minimum resources
+    minResourcesFieldName: "resources|limits|nvidia.com/gpu"
+    # -- Maximum resources counter
+    maxResources: 0
+    # -- Field name used by Agent to count maximum resources
+    maxResourcesFieldName: "resources|limits|nvidia.com/gpu"
+  # -- maximum concurrent consume ClearML Task pod
+  maxPods: 10
+  # -- Agent must use owner Token
+  useOwnerToken: true
+  # -- ClearML queues and related template OVERRIDES used this agent will consume
+  queues:
+    # -- name of the queue will be used for this template
+    # default:
+      # -- overrides of the base template for this queue (must be declared even if empty!)
+      # templateOverrides: {}
+    ## -- name of the queue will be used for this template
+    # default-gpu:
+    #  # -- overrides of the base template for this queue
+    #  templateOverrides:
+    #     # -- resources declaration for pods spawned to consume ClearML Task
+    #    resources:
+    #      limits:
+    #        nvidia.com/gpu: 1

charts/clearml-serving/Chart.yaml

@@ -2,13 +2,12 @@ apiVersion: v2
 name: clearml-serving
 description: ClearML Serving Helm Chart
 type: application
-version: 0.4.1
-appVersion: "0.9.0"
+version: 0.7.0
+appVersion: "1.2.0"
+kubeVersion: ">= 1.19.0-0 < 1.26.0-0"
 maintainers:
   - name: valeriano-manassero
     url: https://github.com/valeriano-manassero
-  - name: stefano-cherchi
-    url: https://github.com/stefano-cherchi
 keywords:
   - clearml
   - "machine learning"

charts/clearml-serving/README.md

@@ -1,6 +1,6 @@
 # clearml-serving
 
-![Version: 0.4.1](https://img.shields.io/badge/Version-0.4.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.9.0](https://img.shields.io/badge/AppVersion-0.9.0-informational?style=flat-square)
+![Version: 0.7.0](https://img.shields.io/badge/Version-0.7.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.2.0](https://img.shields.io/badge/AppVersion-1.2.0-informational?style=flat-square)
 
 ClearML Serving Helm Chart
 
@@ -9,63 +9,47 @@ ClearML Serving Helm Chart
 | Name | Email | Url |
 | ---- | ------ | --- |
 | valeriano-manassero |  | <https://github.com/valeriano-manassero> |
-| stefano-cherchi |  | <https://github.com/stefano-cherchi> |
+
+## Requirements
+
+Kubernetes: `>= 1.19.0-0 < 1.26.0-0`
 
 ## Values
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| alertmanager.affinity | object | `{}` |  |
-| alertmanager.image | string | `"prom/alertmanager:v0.23.0"` |  |
-| alertmanager.nodeSelector | object | `{}` |  |
-| alertmanager.resources | object | `{}` |  |
-| alertmanager.tolerations | list | `[]` |  |
-| clearml.apiAccessKey | string | `"ClearML API Access Key"` |  |
-| clearml.apiHost | string | `"http://clearml-server-apiserver:8008"` |  |
-| clearml.apiSecretKey | string | `"ClearML API Secret Key"` |  |
-| clearml.defaultBaseServeUrl | string | `"http://127.0.0.1:8080/serve"` |  |
-| clearml.filesHost | string | `"http://clearml-server-fileserver:8081"` |  |
-| clearml.servingTaskId | string | `"ClearML Serving Task ID"` |  |
-| clearml.webHost | string | `"http://clearml-server-webserver:80"` |  |
-| clearml_serving_inference.affinity | object | `{}` |  |
+| alertmanager | object | `{"affinity":{},"image":{"repository":"prom/alertmanager","tag":"v0.23.0"},"nodeSelector":{},"resources":{},"tolerations":[]}` | Alertmanager generic configigurations |
+| clearml | object | `{"apiAccessKey":"ClearML API Access Key","apiHost":"http://clearml-server-apiserver:8008","apiSecretKey":"ClearML API Secret Key","defaultBaseServeUrl":"http://127.0.0.1:8080/serve","filesHost":"http://clearml-server-fileserver:8081","servingTaskId":"ClearML Serving Task ID","webHost":"http://clearml-server-webserver:80"}` | ClearMl generic configurations |
+| clearml_serving_inference | object | `{"affinity":{},"autoscaling":{"enabled":false,"maxReplicas":11,"minReplicas":1,"targetCPU":50,"targetMemory":50},"extraPythonPackages":[],"image":{"repository":"allegroai/clearml-serving-inference","tag":"1.2.0"},"ingress":{"annotations":{},"enabled":false,"hostName":"serving.clearml.127-0-0-1.nip.io","path":"/","tlsSecretName":""},"nodeSelector":{},"resources":{},"tolerations":[]}` | ClearML serving inference configurations |
+| clearml_serving_inference.affinity | object | `{}` | Affinity configuration |
+| clearml_serving_inference.autoscaling | object | `{"enabled":false,"maxReplicas":11,"minReplicas":1,"targetCPU":50,"targetMemory":50}` | Autoscaling configuration |
 | clearml_serving_inference.extraPythonPackages | list | `[]` | Extra Python Packages to be installed in running pods |
-| clearml_serving_inference.image | string | `"allegroai/clearml-serving-inference"` |  |
-| clearml_serving_inference.nodeSelector | object | `{}` |  |
-| clearml_serving_inference.resources | object | `{}` |  |
-| clearml_serving_inference.tolerations | list | `[]` |  |
-| clearml_serving_statistics.affinity | object | `{}` |  |
+| clearml_serving_inference.image | object | `{"repository":"allegroai/clearml-serving-inference","tag":"1.2.0"}` | Container Image |
+| clearml_serving_inference.ingress | object | `{"annotations":{},"enabled":false,"hostName":"serving.clearml.127-0-0-1.nip.io","path":"/","tlsSecretName":""}` | Ingress exposing configurations |
+| clearml_serving_inference.nodeSelector | object | `{}` | Node Selector configuration |
+| clearml_serving_inference.resources | object | `{}` | Pod resources definition |
+| clearml_serving_inference.tolerations | list | `[]` | Tolerations configuration |
+| clearml_serving_statistics | object | `{"affinity":{},"extraPythonPackages":[],"image":{"repository":"allegroai/clearml-serving-statistics","tag":"1.2.0"},"nodeSelector":{},"resources":{},"tolerations":[]}` | ClearML serving statistics configurations |
+| clearml_serving_statistics.affinity | object | `{}` | Affinity configuration |
 | clearml_serving_statistics.extraPythonPackages | list | `[]` | Extra Python Packages to be installed in running pods |
-| clearml_serving_statistics.image | string | `"allegroai/clearml-serving-statistics"` |  |
-| clearml_serving_statistics.nodeSelector | object | `{}` |  |
-| clearml_serving_statistics.resources | object | `{}` |  |
-| clearml_serving_statistics.tolerations | list | `[]` |  |
-| clearml_serving_triton.affinity | object | `{}` |  |
-| clearml_serving_triton.enabled | bool | `true` |  |
+| clearml_serving_statistics.image | object | `{"repository":"allegroai/clearml-serving-statistics","tag":"1.2.0"}` | Container Image |
+| clearml_serving_statistics.nodeSelector | object | `{}` | Node Selector configuration |
+| clearml_serving_statistics.resources | object | `{}` | Pod resources definition |
+| clearml_serving_statistics.tolerations | list | `[]` | Tolerations configuration |
+| clearml_serving_triton | object | `{"affinity":{},"autoscaling":{"enabled":false,"maxReplicas":11,"minReplicas":1,"targetCPU":50,"targetMemory":50},"enabled":true,"extraPythonPackages":[],"image":{"repository":"allegroai/clearml-serving-triton","tag":"1.2.0-22.07"},"ingress":{"annotations":{},"enabled":false,"hostName":"serving-grpc.clearml.127-0-0-1.nip.io","path":"/","tlsSecretName":""},"nodeSelector":{},"resources":{},"tolerations":[]}` | ClearML serving Triton configurations |
+| clearml_serving_triton.affinity | object | `{}` | Affinity configuration |
+| clearml_serving_triton.autoscaling | object | `{"enabled":false,"maxReplicas":11,"minReplicas":1,"targetCPU":50,"targetMemory":50}` | Autoscaling configuration |
+| clearml_serving_triton.enabled | bool | `true` | Triton pod creation enable/disable |
 | clearml_serving_triton.extraPythonPackages | list | `[]` | Extra Python Packages to be installed in running pods |
-| clearml_serving_triton.image | string | `"allegroai/clearml-serving-triton"` |  |
-| clearml_serving_triton.nodeSelector | object | `{}` |  |
-| clearml_serving_triton.resources | object | `{}` |  |
-| clearml_serving_triton.tolerations | list | `[]` |  |
-| grafana.affinity | object | `{}` |  |
-| grafana.image | string | `"grafana/grafana:8.4.4-ubuntu"` |  |
-| grafana.nodeSelector | object | `{}` |  |
-| grafana.resources | object | `{}` |  |
-| grafana.tolerations | list | `[]` |  |
-| kafka.affinity | object | `{}` |  |
-| kafka.image | string | `"bitnami/kafka:3.1.0"` |  |
-| kafka.nodeSelector | object | `{}` |  |
-| kafka.resources | object | `{}` |  |
-| kafka.tolerations | list | `[]` |  |
-| prometheus.affinity | object | `{}` |  |
-| prometheus.image | string | `"prom/prometheus:v2.34.0"` |  |
-| prometheus.nodeSelector | object | `{}` |  |
-| prometheus.resources | object | `{}` |  |
-| prometheus.tolerations | list | `[]` |  |
-| zookeeper.affinity | object | `{}` |  |
-| zookeeper.image | string | `"bitnami/zookeeper:3.7.0"` |  |
-| zookeeper.nodeSelector | object | `{}` |  |
-| zookeeper.resources | object | `{}` |  |
-| zookeeper.tolerations | list | `[]` |  |
+| clearml_serving_triton.image | object | `{"repository":"allegroai/clearml-serving-triton","tag":"1.2.0-22.07"}` | Container Image |
+| clearml_serving_triton.ingress | object | `{"annotations":{},"enabled":false,"hostName":"serving-grpc.clearml.127-0-0-1.nip.io","path":"/","tlsSecretName":""}` | Ingress exposing configurations |
+| clearml_serving_triton.nodeSelector | object | `{}` | Node Selector configuration |
+| clearml_serving_triton.resources | object | `{}` | Pod resources definition |
+| clearml_serving_triton.tolerations | list | `[]` | Tolerations configuration |
+| grafana | object | `{"affinity":{},"image":{"repository":"grafana/grafana","tag":"8.4.4-ubuntu"},"ingress":{"annotations":{},"enabled":false,"hostName":"serving-grafana.clearml.127-0-0-1.nip.io","path":"/","tlsSecretName":""},"nodeSelector":{},"resources":{},"tolerations":[]}` | Grafana generic configigurations |
+| kafka | object | `{"affinity":{},"image":{"repository":"bitnami/kafka","tag":"3.1.0"},"nodeSelector":{},"resources":{},"tolerations":[]}` | Kafka generic configigurations |
+| prometheus | object | `{"affinity":{},"image":{"repository":"prom/prometheus","tag":"v2.34.0"},"nodeSelector":{},"resources":{},"tolerations":[]}` | Prometheus generic configigurations |
+| zookeeper | object | `{"affinity":{},"image":{"repository":"bitnami/zookeeper","tag":"3.7.0"},"nodeSelector":{},"resources":{},"tolerations":[]}` | Zookeeper generic configigurations |
 
 ----------------------------------------------
 Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)

charts/clearml-serving/templates/_helpers.tpl

@@ -60,3 +60,33 @@ Create the name of the service account to use
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
 {{- end }}
+
+{{/*
+Return the target Kubernetes version
+*/}}
+{{- define "common.capabilities.kubeVersion" -}}
+{{- if .Values.global }}
+    {{- if .Values.global.kubeVersion }}
+    {{- .Values.global.kubeVersion -}}
+    {{- else }}
+    {{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}}
+    {{- end -}}
+{{- else }}
+{{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiVersion for Horizontal Pod Autoscaler.
+*/}}
+{{- define "common.capabilities.hpa.apiVersion" -}}
+{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .context) -}}
+{{- if .beta2 -}}
+{{- print "autoscaling/v2beta2" -}}
+{{- else -}}
+{{- print "autoscaling/v2beta1" -}}
+{{- end -}}
+{{- else -}}
+{{- print "autoscaling/v2" -}}
+{{- end -}}
+{{- end -}}

charts/clearml-serving/templates/alertmanager-deployment.yaml

@@ -19,10 +19,9 @@ spec:
         clearml.serving.service: alertmanager
     spec:
       containers:
-        - image: {{ .Values.alertmanager.image }}
+        - image: "{{ .Values.alertmanager.image.repository }}:{{ .Values.alertmanager.image.tag }}"
           name: clearml-serving-alertmanager
           ports:
             - containerPort: 9093
           resources: {}
       restartPolicy: Always
-status: {}

charts/clearml-serving/templates/alertmanager-service.yaml

@@ -12,5 +12,3 @@ spec:
       targetPort: 9093
   selector:
     clearml.serving.service: alertmanager
-status:
-  loadBalancer: {}

charts/clearml-serving/templates/clearml-serving-inference-deployment.yaml

@@ -54,10 +54,9 @@ spec:
             - name: EXTRA_PYTHON_PACKAGES
               value: '{{ join " " .Values.clearml_serving_inference.extraPythonPackages }}'
             {{- end }}
-          image: "{{ .Values.clearml_serving_inference.image }}:{{ .Chart.AppVersion }}"
+          image: "{{ .Values.clearml_serving_inference.image.repository }}:{{ .Values.clearml_serving_inference.image.tag }}"
           name: clearml-serving-inference
           ports:
             - containerPort: 8080
           resources: {}
       restartPolicy: Always
-status: {}

charts/clearml-serving/templates/clearml-serving-inference-hpa.yaml

@@ -0,0 +1,42 @@
+{{- if .Values.clearml_serving_inference.autoscaling.enabled }}
+apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ ) }}
+kind: HorizontalPodAutoscaler
+metadata:
+  name: clearml-serving-inference-hpa
+  namespace: {{ .Release.Namespace | quote }}
+  annotations: {}
+  labels:
+    clearml.serving.service: clearml-serving-inference
+spec:
+  scaleTargetRef:
+    apiVersion: "apps/v1"
+    kind: Deployment
+    name: clearml-serving-inference
+  minReplicas: {{ .Values.clearml_serving_inference.autoscaling.minReplicas }}
+  maxReplicas: {{ .Values.clearml_serving_inference.autoscaling.maxReplicas }}
+  metrics:
+    {{- if .Values.clearml_serving_inference.autoscaling.targetCPU }}
+    - type: Resource
+      resource:
+        name: cpu
+        {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }}
+        targetAverageUtilization: {{ .Values.clearml_serving_inference.autoscaling.targetCPU }}
+        {{- else }}
+        target:
+          type: Utilization
+          averageUtilization: {{ .Values.clearml_serving_inference.autoscaling.targetCPU }}
+        {{- end }}
+    {{- end }}
+    {{- if .Values.clearml_serving_inference.autoscaling.targetMemory }}
+    - type: Resource
+      resource:
+        name: memory
+        {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }}
+        targetAverageUtilization: {{ .Values.clearml_serving_inference.autoscaling.targetMemory }}
+        {{- else }}
+        target:
+          type: Utilization
+          averageUtilization: {{ .Values.clearml_serving_inference.autoscaling.targetMemory }}
+        {{- end }}
+    {{- end }}
+{{- end }}

charts/clearml-serving/templates/clearml-serving-inference-ingress.yaml

@@ -0,0 +1,40 @@
+{{- if .Values.clearml_serving_inference.ingress.enabled -}}
+{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1
+{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- else -}}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+  name: clearml-serving-inference
+  labels:
+    clearml.serving.service: clearml-serving-inference
+  annotations:
+    {{- toYaml .Values.clearml_serving_inference.ingress.annotations | nindent 4 }}
+spec:
+  {{- if .Values.clearml_serving_inference.ingress.tlsSecretName }}
+  tls:
+    - hosts:
+        - {{ .Values.clearml_serving_inference.ingress.hostName }}
+      secretName: {{ .Values.clearml_serving_inference.ingress.tlsSecretName }}
+  {{- end }}
+  rules:
+  - host: {{ .Values.clearml_serving_inference.ingress.hostName }}
+    http:
+      paths:
+      - path: {{ .Values.clearml_serving_inference.ingress.path }}
+  {{ if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion }}
+        pathType: Prefix
+        backend:
+          service:
+            name: clearml-serving-inference
+            port:
+              number: 8080
+  {{ else }}
+        backend:
+          serviceName: clearml-serving-inference
+          servicePort: 8080
+  {{ end }}
+{{- end }}

charts/clearml-serving/templates/clearml-serving-inference-service.yaml

@@ -12,5 +12,3 @@ spec:
       targetPort: 8080
   selector:
     clearml.serving.service: clearml-serving-inference
-status:
-  loadBalancer: {}

charts/clearml-serving/templates/clearml-serving-statistics-deployment.yaml

@@ -40,10 +40,9 @@ spec:
             - name: EXTRA_PYTHON_PACKAGES
               value: '{{ join " " .Values.clearml_serving_statistics.extraPythonPackages }}'
             {{- end }}
-          image: "{{ .Values.clearml_serving_statistics.image }}:{{ .Chart.AppVersion }}"
+          image: "{{ .Values.clearml_serving_statistics.image.repository }}:{{ .Values.clearml_serving_statistics.image.tag }}"
           name: clearml-serving-statistics
           ports:
             - containerPort: 9999
           resources: {}
       restartPolicy: Always
-status: {}

charts/clearml-serving/templates/clearml-serving-statistics-service.yaml

@@ -12,5 +12,3 @@ spec:
       targetPort: 9999
   selector:
     clearml.serving.service: clearml-serving-statistics
-status:
-  loadBalancer: {}

charts/clearml-serving/templates/clearml-serving-triton-deployment.yaml

@@ -41,12 +41,11 @@ spec:
             - name: EXTRA_PYTHON_PACKAGES
               value: '{{ join " " .Values.clearml_serving_triton.extraPythonPackages }}'
             {{- end }}
-          image: "{{ .Values.clearml_serving_triton.image }}:{{ .Chart.AppVersion }}"
+          image: "{{ .Values.clearml_serving_triton.image.repository }}:{{ .Values.clearml_serving_triton.image.tag }}"
           name: clearml-serving-triton
           ports:
             - containerPort: 8001
           resources: {}
       restartPolicy: Always
-status: {}
 {{ end }}
 

charts/clearml-serving/templates/clearml-serving-triton-hpa.yaml

@@ -0,0 +1,42 @@
+{{- if .Values.clearml_serving_triton.autoscaling.enabled }}
+apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ ) }}
+kind: HorizontalPodAutoscaler
+metadata:
+  name: clearml-serving-triton-hpa
+  namespace: {{ .Release.Namespace | quote }}
+  annotations: {}
+  labels:
+    clearml.serving.service: clearml-serving-triton
+spec:
+  scaleTargetRef:
+    apiVersion: "apps/v1"
+    kind: Deployment
+    name: clearml-serving-triton
+  minReplicas: {{ .Values.clearml_serving_triton.autoscaling.minReplicas }}
+  maxReplicas: {{ .Values.clearml_serving_triton.autoscaling.maxReplicas }}
+  metrics:
+    {{- if .Values.clearml_serving_triton.autoscaling.targetCPU }}
+    - type: Resource
+      resource:
+        name: cpu
+        {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }}
+        targetAverageUtilization: {{ .Values.clearml_serving_triton.autoscaling.targetCPU }}
+        {{- else }}
+        target:
+          type: Utilization
+          averageUtilization: {{ .Values.clearml_serving_triton.autoscaling.targetCPU }}
+        {{- end }}
+    {{- end }}
+    {{- if .Values.clearml_serving_triton.autoscaling.targetMemory }}
+    - type: Resource
+      resource:
+        name: memory
+        {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }}
+        targetAverageUtilization: {{ .Values.clearml_serving_triton.autoscaling.targetMemory }}
+        {{- else }}
+        target:
+          type: Utilization
+          averageUtilization: {{ .Values.clearml_serving_triton.autoscaling.targetMemory }}
+        {{- end }}
+    {{- end }}
+{{- end }}

charts/clearml-serving/templates/clearml-serving-triton-ingress.yaml

@@ -0,0 +1,42 @@
+{{- if .Values.clearml_serving_triton.enabled -}}
+{{- if .Values.clearml_serving_triton.ingress.enabled -}}
+{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1
+{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- else -}}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+  name: clearml-serving-triton
+  labels:
+    clearml.serving.service: clearml-serving-triton
+  annotations:
+    {{- toYaml .Values.clearml_serving_triton.ingress.annotations | nindent 4 }}
+spec:
+  {{- if .Values.clearml_serving_triton.ingress.tlsSecretName }}
+  tls:
+    - hosts:
+        - {{ .Values.clearml_serving_triton.ingress.hostName }}
+      secretName: {{ .Values.clearml_serving_triton.ingress.tlsSecretName }}
+  {{- end }}
+  rules:
+  - host: {{ .Values.clearml_serving_triton.ingress.hostName }}
+    http:
+      paths:
+      - path: {{ .Values.clearml_serving_triton.ingress.path }}
+  {{ if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion }}
+        pathType: Prefix
+        backend:
+          service:
+            name: clearml-serving-triton
+            port:
+              number: 8001
+  {{ else }}
+        backend:
+          serviceName: clearml-serving-triton
+          servicePort: 8001
+  {{ end }}
+{{- end }}
+{{- end }}

charts/clearml-serving/templates/clearml-serving-triton-service.yaml

@@ -13,6 +13,4 @@ spec:
       targetPort: 8001
   selector:
     clearml.serving.service: clearml-serving-triton
-status:
-  loadBalancer: {}
 {{ end }}

charts/clearml-serving/templates/grafana-deployment.yaml

@@ -20,7 +20,7 @@ spec:
         clearml.serving.service: grafana
     spec:
       containers:
-        - image: {{ .Values.grafana.image }}
+        - image: "{{ .Values.grafana.image.repository }}:{{ .Values.grafana.image.tag }}"
           name: clearml-serving-grafana
           ports:
             - containerPort: 3000
@@ -33,4 +33,3 @@ spec:
         - name: grafana-conf
           secret:
             secretName: grafana-config
-status: {}

charts/clearml-serving/templates/grafana-ingress.yaml

@@ -0,0 +1,40 @@
+{{- if .Values.grafana.ingress.enabled -}}
+{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1
+{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- else -}}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+  name: clearml-serving-grafana
+  labels:
+    clearml.serving.service: clearml-serving-grafana
+  annotations:
+    {{- toYaml .Values.grafana.ingress.annotations | nindent 4 }}
+spec:
+  {{- if .Values.grafana.ingress.tlsSecretName }}
+  tls:
+    - hosts:
+        - {{ .Values.grafana.ingress.hostName }}
+      secretName: {{ .Values.grafana.ingress.tlsSecretName }}
+  {{- end }}
+  rules:
+  - host: {{ .Values.grafana.ingress.hostName }}
+    http:
+      paths:
+      - path: {{ .Values.grafana.ingress.path }}
+  {{ if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion }}
+        pathType: Prefix
+        backend:
+          service:
+            name: clearml-serving-grafana
+            port:
+              number: 3000
+  {{ else }}
+        backend:
+          serviceName: clearml-serving-grafana
+          servicePort: 3000
+  {{ end }}
+{{- end }}

charts/clearml-serving/templates/grafana-service.yaml

@@ -12,5 +12,3 @@ spec:
       targetPort: 3000
   selector:
     clearml.serving.service: grafana
-status:
-  loadBalancer: {}

charts/clearml-serving/templates/kafka-deployment.yaml

@@ -32,10 +32,9 @@ spec:
               value: clearml-serving-zookeeper:2181
             - name: KAFKA_CREATE_TOPICS
               value: '"topic_test:1:1"'
-          image: {{ .Values.kafka.image }}
+          image: "{{ .Values.kafka.image.repository }}:{{ .Values.kafka.image.tag }}"
           name: clearml-serving-kafka
           ports:
             - containerPort: 9092
           resources: {}
       restartPolicy: Always
-status: {}

charts/clearml-serving/templates/kafka-service.yaml

@@ -12,5 +12,3 @@ spec:
       targetPort: 9092
   selector:
     clearml.serving.service: kafka
-status:
-  loadBalancer: {}

charts/clearml-serving/templates/prometheus-deployment.yaml

@@ -27,7 +27,7 @@ spec:
             - --web.console.templates=/etc/prometheus/consoles
             - --storage.tsdb.retention.time=200h
             - --web.enable-lifecycle
-          image: {{ .Values.prometheus.image }}
+          image: "{{ .Values.prometheus.image.repository }}:{{ .Values.prometheus.image.tag }}"
           name: clearml-serving-prometheus
           ports:
             - containerPort: 9090
@@ -40,4 +40,3 @@ spec:
         - name: prometheus-conf
           secret:
             secretName: prometheus-config
-status: {}

charts/clearml-serving/templates/prometheus-service.yaml

@@ -12,5 +12,3 @@ spec:
       targetPort: 9090
   selector:
     clearml.serving.service: prometheus
-status:
-  loadBalancer: {}

charts/clearml-serving/templates/zookeeper-deployment.yaml

@@ -22,10 +22,9 @@ spec:
         - env:
             - name: ALLOW_ANONYMOUS_LOGIN
               value: "yes"
-          image: {{ .Values.zookeeper.image }}
+          image: "{{ .Values.zookeeper.image.repository }}:{{ .Values.zookeeper.image.tag }}"
           name: clearml-serving-zookeeper
           ports:
             - containerPort: 2181
           resources: {}
       restartPolicy: Always
-status: {}

charts/clearml-serving/templates/zookeeper-service.yaml

@@ -12,5 +12,3 @@ spec:
       targetPort: 2181
   selector:
     clearml.serving.service: zookeeper
-status:
-  loadBalancer: {}

charts/clearml-serving/values.yaml

@@ -1,5 +1,4 @@
-# Default values for clearml-serving.
-
+# -- ClearMl generic configurations
 clearml:
   apiAccessKey: "ClearML API Access Key"
   apiSecretKey: "ClearML API Secret Key"
@@ -9,71 +8,157 @@ clearml:
   defaultBaseServeUrl: http://127.0.0.1:8080/serve
   servingTaskId: "ClearML Serving Task ID"
 
+# -- Zookeeper generic configigurations
 zookeeper:
-  image: bitnami/zookeeper:3.7.0
+  image:
+    repository: "bitnami/zookeeper"
+    tag: "3.7.0"
   nodeSelector: {}
   tolerations: []
   affinity: {}
   resources: {}
 
+# -- Kafka generic configigurations
 kafka:
-  image: bitnami/kafka:3.1.0
+  image:
+    repository: "bitnami/kafka"
+    tag: "3.1.0"
   nodeSelector: {}
   tolerations: []
   affinity: {}
   resources: {}
 
+# -- Prometheus generic configigurations
 prometheus:
-  image: prom/prometheus:v2.34.0
+  image:
+    repository: "prom/prometheus"
+    tag: "v2.34.0"
   nodeSelector: {}
   tolerations: []
   affinity: {}
   resources: {}
 
+# -- Grafana generic configigurations
 grafana:
-  image: grafana/grafana:8.4.4-ubuntu
+  image:
+    repository: "grafana/grafana"
+    tag: "8.4.4-ubuntu"
   nodeSelector: {}
   tolerations: []
   affinity: {}
   resources: {}
+  ingress:
+    enabled: false
+    hostName: "serving-grafana.clearml.127-0-0-1.nip.io"
+    tlsSecretName: ""
+    annotations: {}
+    path: "/"
 
+# -- Alertmanager generic configigurations
 alertmanager:
-  image: prom/alertmanager:v0.23.0
+  image:
+    repository: "prom/alertmanager"
+    tag: "v0.23.0"
   nodeSelector: {}
   tolerations: []
   affinity: {}
   resources: {}
 
+# -- ClearML serving statistics configurations
 clearml_serving_statistics:
-  image: allegroai/clearml-serving-statistics
+  # -- Container Image
+  image:
+    repository: "allegroai/clearml-serving-statistics"
+    tag: "1.2.0"
+  # -- Node Selector configuration
   nodeSelector: {}
+  # -- Tolerations configuration
   tolerations: []
+  # -- Affinity configuration
   affinity: {}
+  # -- Pod resources definition
   resources: {}
   # -- Extra Python Packages to be installed in running pods
   extraPythonPackages: []
   #  - numpy==1.22.4
   #  - pandas==1.4.2
 
+# -- ClearML serving inference configurations
 clearml_serving_inference:
-  image: allegroai/clearml-serving-inference
+  # -- Container Image
+  image:
+    repository: "allegroai/clearml-serving-inference"
+    tag: "1.2.0"
+  # -- Node Selector configuration
   nodeSelector: {}
+  # -- Tolerations configuration
   tolerations: []
+  # -- Affinity configuration
   affinity: {}
+  # -- Pod resources definition
   resources: {}
   # -- Extra Python Packages to be installed in running pods
   extraPythonPackages: []
   #  - numpy==1.22.4
   #  - pandas==1.4.2
+  # -- Autoscaling configuration
+  autoscaling:
+    enabled: false
+    minReplicas: 1
+    maxReplicas: 11
+    targetCPU: 50
+    targetMemory: 50
+  # -- Ingress exposing configurations
+  ingress:
+    enabled: false
+    hostName: "serving.clearml.127-0-0-1.nip.io"
+    tlsSecretName: ""
+    annotations: {}
+    path: "/"
 
+# -- ClearML serving Triton configurations
 clearml_serving_triton:
+  # -- Triton pod creation enable/disable
   enabled: true
-  image: allegroai/clearml-serving-triton
+  # -- Container Image
+  image:
+    repository: "allegroai/clearml-serving-triton"
+    tag: "1.2.0-22.07"
+  # -- Node Selector configuration
   nodeSelector: {}
+  # -- Tolerations configuration
   tolerations: []
+  # -- Affinity configuration
   affinity: {}
+  # -- Pod resources definition
   resources: {}
   # -- Extra Python Packages to be installed in running pods
   extraPythonPackages: []
   #  - numpy==1.22.4
   #  - pandas==1.4.2
+  # -- Autoscaling configuration
+  autoscaling:
+    enabled: false
+    minReplicas: 1
+    maxReplicas: 11
+    targetCPU: 50
+    targetMemory: 50
+  # -- Ingress exposing configurations
+  ingress:
+    enabled: false
+    hostName: "serving-grpc.clearml.127-0-0-1.nip.io"
+    tlsSecretName: ""
+    annotations: {}
+    #  # Example for AWS ALB
+    #  kubernetes.io/ingress.class: alb
+    #  alb.ingress.kubernetes.io/backend-protocol: HTTP
+    #  alb.ingress.kubernetes.io/backend-protocol-version: GRPC
+    #  alb.ingress.kubernetes.io/certificate-arn: <cerntificate arn>
+    #  alb.ingress.kubernetes.io/ssl-redirect: '443'
+    #  alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]'
+    #  alb.ingress.kubernetes.io/target-type: ip
+    #
+    #  # Example for NNGINX ingress controller
+    #  nginx.ingress.kubernetes.io/ssl-redirect: "true"
+    #  nginx.ingress.kubernetes.io/backend-protocol: "GRPC"
+    path: "/"

charts/clearml/Chart.yaml

@@ -2,8 +2,9 @@ apiVersion: v2
 name: clearml
 description: MLOps platform
 type: application
-version: "4.2.0"
-appVersion: "1.6.0"
+version: "5.5.1"
+appVersion: "1.9.2"
+kubeVersion: ">= 1.21.0-0 < 1.27.0-0"
 home: https://clear.ml
 icon: https://raw.githubusercontent.com/allegroai/clearml/master/docs/clearml-logo.svg
 sources:
@@ -29,3 +30,7 @@ dependencies:
     version: "7.16.2"
     repository: "file://../../dependency_charts/elasticsearch"
     condition: elasticsearch.enabled
+annotations:
+  artifacthub.io/changes: |
+    - kind: changed
+      description: check redis and mongodb too before starting apiserver

charts/clearml/README.md

@@ -1,6 +1,6 @@
 # ClearML Ecosystem for Kubernetes
 
-![Version: 4.2.0](https://img.shields.io/badge/Version-4.2.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.6.0](https://img.shields.io/badge/AppVersion-1.6.0-informational?style=flat-square)
+![Version: 5.5.1](https://img.shields.io/badge/Version-5.5.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.9.2](https://img.shields.io/badge/AppVersion-1.9.2-informational?style=flat-square)
 
 MLOps platform
 
@@ -31,7 +31,7 @@ For development/evaluation it's possible to use [kind](https://kind.sigs.k8s.io)
 After installation, following commands will create a complete ClearML insatllation:
 
 ```
-cat <<EOF | kind create cluster --config=-                                                                  ─╯
+cat <<EOF | kind create cluster --config=-
 kind: Cluster
 apiVersion: kind.x-k8s.io/v1alpha4
 nodes:
@@ -85,6 +85,12 @@ This will create 3 ingress rules:
 
 Just pointing the domain records to the IP where ingress controller is responding will complete the deployment process.
 
+A production ready cluster should also have some different configuration like the one proposed in `values-production.yaml` that can be applied with:
+
+```
+helm install clearml allegroai/clearml -f values-production.yaml
+```
+
 ## Upgrades/ Values upgrades
 
 Updating to latest version of this chart can be done in two steps:
@@ -103,6 +109,11 @@ helm upgrade clearml allegroai/clearml --version <CURRENT CHART VERSION> -f cust
 Please note: updating values only should always be done setting explicit chart version to avoid a possible chart update.
 Keeping separate updates procedures between version and values can be a good practice to seprate potential concerns.
 
+## ENTERPRISE Version
+
+There are some specific Enterprise version features that can be enabled only with specific Enterprise licensed images.
+Enabling this features on OSS version can cause the entire installation to break.
+
 ## Additional Configuration for ClearML Server
 
 You can also configure the **clearml-server** for:
@@ -119,6 +130,8 @@ For detailed instructions, see the [Optional Configuration](https://github.com/a
 
 ## Requirements
 
+Kubernetes: `>= 1.21.0-0 < 1.27.0-0`
+
 | Repository | Name | Version |
 |------------|------|---------|
 | file://../../dependency_charts/elasticsearch | elasticsearch | 7.16.2 |
@@ -129,146 +142,138 @@ For detailed instructions, see the [Optional Configuration](https://github.com/a
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| apiserver.affinity | object | `{}` |  |
-| apiserver.authCookiesMaxAge | int | `864000` | Amount of seconds the authorization cookie will last in user browser |
-| apiserver.configDir | string | `"/opt/clearml/config"` |  |
-| apiserver.configuration | object | `{"additionalConfigs":{},"configRefName":"","secretRefName":""}` | additional configurations that can be used by api server; check examples in values.yaml file |
-| apiserver.extraEnvs | list | `[]` |  |
-| apiserver.image.pullPolicy | string | `"IfNotPresent"` |  |
-| apiserver.image.repository | string | `"allegroai/clearml"` |  |
-| apiserver.image.tag | string | `"1.6.0"` |  |
-| apiserver.livenessDelay | int | `60` |  |
-| apiserver.nodeSelector | object | `{}` |  |
-| apiserver.podAnnotations | object | `{}` |  |
-| apiserver.prepopulateArtifactsPath | string | `"/mnt/fileserver"` |  |
-| apiserver.prepopulateEnabled | string | `"true"` |  |
-| apiserver.prepopulateZipFiles | string | `"/opt/clearml/db-pre-populate"` |  |
-| apiserver.readinessDelay | int | `60` |  |
-| apiserver.replicaCount | int | `1` |  |
-| apiserver.resources | object | `{}` |  |
+| apiserver | object | `{"additionalConfigs":{},"affinity":{},"enabled":true,"existingAdditionalConfigsConfigMap":"","existingAdditionalConfigsSecret":"","extraEnvs":[],"image":{"pullPolicy":"IfNotPresent","repository":"allegroai/clearml","tag":"1.9.2-317"},"indexReplicas":0,"indexShards":1,"ingress":{"annotations":{},"enabled":false,"hostName":"api.clearml.127-0-0-1.nip.io","ingressClassName":"","path":"/","tlsSecretName":""},"nodeSelector":{},"podAnnotations":{},"prepopulateEnabled":true,"processes":{"count":8,"maxRequests":1000,"maxRequestsJitter":300,"timeout":24000},"replicaCount":1,"resources":{"limits":{"cpu":"2000m","memory":"1Gi"},"requests":{"cpu":"100m","memory":"256Mi"}},"securityContext":{},"service":{"nodePort":30008,"port":8008,"type":"NodePort"},"tolerations":[]}` | Api Server configurations |
+| apiserver.additionalConfigs | object | `{}` | files declared in this parameter will be mounted and read by apiserver (examples in values.yaml) if not overridden by existingAdditionalConfigsSecret |
+| apiserver.affinity | object | `{}` | Api Server affinity setup |
+| apiserver.enabled | bool | `true` | Enable/Disable component deployment |
+| apiserver.existingAdditionalConfigsConfigMap | string | `""` | reference for files declared in existing ConfigMap will be mounted and read by apiserver (examples in values.yaml) |
+| apiserver.existingAdditionalConfigsSecret | string | `""` | reference for files declared in existing Secret will be mounted and read by apiserver (examples in values.yaml) if not overridden by existingAdditionalConfigsConfigMap |
+| apiserver.extraEnvs | list | `[]` | Api Server extra envrinoment variables |
+| apiserver.image | object | `{"pullPolicy":"IfNotPresent","repository":"allegroai/clearml","tag":"1.9.2-317"}` | Api Server image configuration |
+| apiserver.indexReplicas | int | `0` | Number of additional replicas in Elasticsearch indexes |
+| apiserver.indexShards | int | `1` | Number of shards in Elasticsearch indexes |
+| apiserver.ingress | object | `{"annotations":{},"enabled":false,"hostName":"api.clearml.127-0-0-1.nip.io","ingressClassName":"","path":"/","tlsSecretName":""}` | Ingress configuration for Api Server component |
+| apiserver.ingress.annotations | object | `{}` | Ingress annotations |
+| apiserver.ingress.enabled | bool | `false` | Enable/Disable ingress |
+| apiserver.ingress.hostName | string | `"api.clearml.127-0-0-1.nip.io"` | Ingress hostname domain |
+| apiserver.ingress.ingressClassName | string | `""` | ClassName (must be defined if no default ingressClassName is available) |
+| apiserver.ingress.path | string | `"/"` | Ingress root path url |
+| apiserver.ingress.tlsSecretName | string | `""` | Reference to secret containing TLS certificate. If set, it enables HTTPS on ingress rule. |
+| apiserver.nodeSelector | object | `{}` | Api Server nodeselector |
+| apiserver.podAnnotations | object | `{}` | specific annotation for Api Server pods |
+| apiserver.prepopulateEnabled | bool | `true` | Enable/Disable example data load |
+| apiserver.processes | object | `{"count":8,"maxRequests":1000,"maxRequestsJitter":300,"timeout":24000}` | Api Server internal processes configuration |
+| apiserver.processes.count | int | `8` | Api Server internal listing processes |
+| apiserver.processes.maxRequests | int | `1000` | Api Server maximum number of concurrent requests |
+| apiserver.processes.maxRequestsJitter | int | `300` | Api Server max jitter on api request |
+| apiserver.processes.timeout | int | `24000` | Api timeout (ms) |
+| apiserver.replicaCount | int | `1` | Api Server number of pods |
+| apiserver.resources | object | `{"limits":{"cpu":"2000m","memory":"1Gi"},"requests":{"cpu":"100m","memory":"256Mi"}}` | Api Server resources per pod; these are minimal requirements, it's suggested to increase these values in production environments |
+| apiserver.securityContext | object | `{}` | Api Server pod security context |
+| apiserver.service | object | `{"nodePort":30008,"port":8008,"type":"NodePort"}` | Api Server internal service configuration |
 | apiserver.service.nodePort | int | `30008` | If service.type set to NodePort, this will be set to service's nodePort field. If service.type is set to others, this field will be ignored |
-| apiserver.service.port | int | `8008` |  |
-| apiserver.service.type | string | `"NodePort"` | This will set to service's spec.type field |
-| apiserver.tolerations | list | `[]` |  |
-| clearml | object | `{"defaultCompany":"d1bd92a3b039400cbafc60a7a5b1e52b"}` | ClearMl generic configurations |
-| elasticsearch.clusterHealthCheckParams | string | `"wait_for_status=yellow&timeout=1s"` |  |
-| elasticsearch.clusterName | string | `"clearml-elastic"` |  |
-| elasticsearch.enabled | bool | `true` |  |
-| elasticsearch.esConfig."elasticsearch.yml" | string | `"xpack.security.enabled: false\n"` |  |
-| elasticsearch.esJavaOpts | string | `"-Xmx2g -Xms2g"` |  |
-| elasticsearch.extraEnvs[0].name | string | `"bootstrap.memory_lock"` |  |
-| elasticsearch.extraEnvs[0].value | string | `"false"` |  |
-| elasticsearch.extraEnvs[1].name | string | `"cluster.routing.allocation.node_initial_primaries_recoveries"` |  |
-| elasticsearch.extraEnvs[1].value | string | `"500"` |  |
-| elasticsearch.extraEnvs[2].name | string | `"cluster.routing.allocation.disk.watermark.low"` |  |
-| elasticsearch.extraEnvs[2].value | string | `"500mb"` |  |
-| elasticsearch.extraEnvs[3].name | string | `"cluster.routing.allocation.disk.watermark.high"` |  |
-| elasticsearch.extraEnvs[3].value | string | `"500mb"` |  |
-| elasticsearch.extraEnvs[4].name | string | `"cluster.routing.allocation.disk.watermark.flood_stage"` |  |
-| elasticsearch.extraEnvs[4].value | string | `"500mb"` |  |
-| elasticsearch.extraEnvs[5].name | string | `"http.compression_level"` |  |
-| elasticsearch.extraEnvs[5].value | string | `"7"` |  |
-| elasticsearch.extraEnvs[6].name | string | `"reindex.remote.whitelist"` |  |
-| elasticsearch.extraEnvs[6].value | string | `"*.*"` |  |
-| elasticsearch.extraEnvs[7].name | string | `"xpack.monitoring.enabled"` |  |
-| elasticsearch.extraEnvs[7].value | string | `"false"` |  |
-| elasticsearch.extraEnvs[8].name | string | `"xpack.security.enabled"` |  |
-| elasticsearch.extraEnvs[8].value | string | `"false"` |  |
-| elasticsearch.httpPort | int | `9200` |  |
-| elasticsearch.minimumMasterNodes | int | `1` |  |
-| elasticsearch.persistence.enabled | bool | `true` |  |
-| elasticsearch.replicas | int | `1` |  |
-| elasticsearch.resources.limits.memory | string | `"4Gi"` |  |
-| elasticsearch.resources.requests.memory | string | `"4Gi"` |  |
-| elasticsearch.roles.data | string | `"true"` |  |
-| elasticsearch.roles.ingest | string | `"true"` |  |
-| elasticsearch.roles.master | string | `"true"` |  |
-| elasticsearch.roles.remote_cluster_client | string | `"true"` |  |
-| elasticsearch.volumeClaimTemplate.accessModes[0] | string | `"ReadWriteOnce"` |  |
-| elasticsearch.volumeClaimTemplate.resources.requests.storage | string | `"50Gi"` |  |
+| apiserver.tolerations | list | `[]` | Api Server tolerations setup |
+| clearml | object | `{"apiserverKey":"GGS9F4M6XB2DXJ5AFT9F","apiserverSecret":"2oGujVFhPfaozhpuz2GzQfA5OyxmMsR3WVJpsCR5hrgHFs20PO","clientConfigurationApiUrl":"","clientConfigurationFilesUrl":"","cookieDomain":"","cookieName":"clearml-token-k8s","defaultCompany":"d1bd92a3b039400cbafc60a7a5b1e52b","fileserverKey":"XXCRJ123CEE2KSQ068WO","fileserverSecret":"YIy8EVAC7QCT4FtgitxAQGyW7xRHDZ4jpYlTE7HKiscpORl1hG","readinessprobeKey":"GK4PRTVT3706T25K6BA1","readinessprobeSecret":"ymLh1ok5k5xNUQfS944Xdx9xjf0wueokqKM2dMZfHuH9ayItG2","secureAuthTokenSecret":"ymLh1ok5k5xNUQfS944Xdx9xjf0wueokqKM2dMZfHuH9ayItG2","testUserKey":"ENP39EQM4SLACGD5FXB7","testUserSecret":"lPcm0imbcBZ8mwgO7tpadutiS3gnJD05x9j7afwXPS35IKbpiQ"}` | ClearMl generic configurations |
+| clearml.apiserverKey | string | `"GGS9F4M6XB2DXJ5AFT9F"` | Api Server basic auth key |
+| clearml.apiserverSecret | string | `"2oGujVFhPfaozhpuz2GzQfA5OyxmMsR3WVJpsCR5hrgHFs20PO"` | Api Server basic auth secret |
+| clearml.clientConfigurationApiUrl | string | `""` | Override the API Urls displayed when showing an example of the SDK's clearml.conf configuration |
+| clearml.clientConfigurationFilesUrl | string | `""` | Override the Files Urls displayed when showing an example of the SDK's clearml.conf configuration |
+| clearml.cookieDomain | string | `""` | Cookie domain to be left empty if not exposed with an ingress |
+| clearml.cookieName | string | `"clearml-token-k8s"` | Name fo the UI cookie |
+| clearml.defaultCompany | string | `"d1bd92a3b039400cbafc60a7a5b1e52b"` | Company name |
+| clearml.fileserverKey | string | `"XXCRJ123CEE2KSQ068WO"` | File Server basic auth key |
+| clearml.fileserverSecret | string | `"YIy8EVAC7QCT4FtgitxAQGyW7xRHDZ4jpYlTE7HKiscpORl1hG"` | File Server basic auth secret |
+| clearml.readinessprobeKey | string | `"GK4PRTVT3706T25K6BA1"` | Readiness probe basic auth key |
+| clearml.readinessprobeSecret | string | `"ymLh1ok5k5xNUQfS944Xdx9xjf0wueokqKM2dMZfHuH9ayItG2"` | Readiness probe basic auth secret |
+| clearml.secureAuthTokenSecret | string | `"ymLh1ok5k5xNUQfS944Xdx9xjf0wueokqKM2dMZfHuH9ayItG2"` | Secure Auth secret |
+| clearml.testUserKey | string | `"ENP39EQM4SLACGD5FXB7"` | Test Server basic auth key |
+| clearml.testUserSecret | string | `"lPcm0imbcBZ8mwgO7tpadutiS3gnJD05x9j7afwXPS35IKbpiQ"` | Test File Server basic auth secret |
+| elasticsearch | object | `{"clusterHealthCheckParams":"wait_for_status=yellow&timeout=1s","clusterName":"clearml-elastic","enabled":true,"esConfig":{"elasticsearch.yml":"xpack.security.enabled: false\n"},"esJavaOpts":"-Xmx2g -Xms2g","extraEnvs":[{"name":"bootstrap.memory_lock","value":"false"},{"name":"cluster.routing.allocation.node_initial_primaries_recoveries","value":"500"},{"name":"cluster.routing.allocation.disk.watermark.low","value":"500mb"},{"name":"cluster.routing.allocation.disk.watermark.high","value":"500mb"},{"name":"cluster.routing.allocation.disk.watermark.flood_stage","value":"500mb"},{"name":"http.compression_level","value":"7"},{"name":"reindex.remote.whitelist","value":"*.*"},{"name":"xpack.monitoring.enabled","value":"false"},{"name":"xpack.security.enabled","value":"false"}],"httpPort":9200,"minimumMasterNodes":1,"persistence":{"enabled":true},"replicas":1,"resources":{"limits":{"cpu":"2000m","memory":"4Gi"},"requests":{"cpu":"100m","memory":"2Gi"}},"roles":{"data":"true","ingest":"true","master":"true","remote_cluster_client":"true"},"volumeClaimTemplate":{"accessModes":["ReadWriteOnce"],"resources":{"requests":{"storage":"50Gi"}},"storageClassName":null}}` | Configuration from https://github.com/elastic/helm-charts/blob/7.16/elasticsearch/values.yaml |
+| enterpriseFeatures | object | `{"airGappedDocumentation":{"enabled":false,"image":{"repository":"","tag":"4"}},"apiserverImageTagOverride":"3.15.3-909","clearmlApplications":{"affinity":{},"agentKey":"GK4PRTVT3706T25K6BA1","agentSecret":"ymLh1ok5k5xNUQfS944Xdx9xjf0wueokqKM2dMZfHuH9ayItG2","basePodImage":{"repository":"","tag":"app-1.1.1-47"},"enabled":true,"extraEnvs":[],"gitAgentPass":"git_password","gitAgentUser":"git_user","image":{"pullPolicy":"IfNotPresent","repository":"","tag":"1.24-57"},"nodeSelector":{},"podAnnotations":{},"replicaCount":1,"resources":{"limits":{"cpu":"2000m","memory":"1Gi"},"requests":{"cpu":"100m","memory":"256Mi"}},"tolerations":[]},"defaultCompanyGuid":"d1bd92a3b039400cbafc60a7a5b1e52b","enabled":false,"extraIndexUrl":"","fileserverImageTagOverride":"3.15.3-909","overrideReferenceApiUrl":"","overrideReferenceFileUrl":"","webserverImageTagOverride":"3.15.3-801"}` | Enterprise features (work only with an Enterprise license) |
+| enterpriseFeatures.airGappedDocumentation | object | `{"enabled":false,"image":{"repository":"","tag":"4"}}` | Air gapped documentation  configurations |
+| enterpriseFeatures.airGappedDocumentation.enabled | bool | `false` | Enable/Disable air gapped documentation deployment |
+| enterpriseFeatures.airGappedDocumentation.image | object | `{"repository":"","tag":"4"}` | Air gapped documentation image configuration |
+| enterpriseFeatures.apiserverImageTagOverride | string | `"3.15.3-909"` | Image tag override for apiserver enterprise version |
+| enterpriseFeatures.clearmlApplications | object | `{"affinity":{},"agentKey":"GK4PRTVT3706T25K6BA1","agentSecret":"ymLh1ok5k5xNUQfS944Xdx9xjf0wueokqKM2dMZfHuH9ayItG2","basePodImage":{"repository":"","tag":"app-1.1.1-47"},"enabled":true,"extraEnvs":[],"gitAgentPass":"git_password","gitAgentUser":"git_user","image":{"pullPolicy":"IfNotPresent","repository":"","tag":"1.24-57"},"nodeSelector":{},"podAnnotations":{},"replicaCount":1,"resources":{"limits":{"cpu":"2000m","memory":"1Gi"},"requests":{"cpu":"100m","memory":"256Mi"}},"tolerations":[]}` | APPS configurations |
+| enterpriseFeatures.clearmlApplications.affinity | object | `{}` | APPS affinity setup |
+| enterpriseFeatures.clearmlApplications.agentKey | string | `"GK4PRTVT3706T25K6BA1"` | Apps Server basic auth key |
+| enterpriseFeatures.clearmlApplications.agentSecret | string | `"ymLh1ok5k5xNUQfS944Xdx9xjf0wueokqKM2dMZfHuH9ayItG2"` | Apps Server basic auth secret |
+| enterpriseFeatures.clearmlApplications.basePodImage | object | `{"repository":"","tag":"app-1.1.1-47"}` | APPS base spawning pods image |
+| enterpriseFeatures.clearmlApplications.enabled | bool | `true` | Enable/Disable component deployment |
+| enterpriseFeatures.clearmlApplications.extraEnvs | list | `[]` | APPS extra envrinoment variables |
+| enterpriseFeatures.clearmlApplications.gitAgentPass | string | `"git_password"` | Apps Server Git password |
+| enterpriseFeatures.clearmlApplications.gitAgentUser | string | `"git_user"` | Apps Server Git user |
+| enterpriseFeatures.clearmlApplications.image | object | `{"pullPolicy":"IfNotPresent","repository":"","tag":"1.24-57"}` | APPS image configuration |
+| enterpriseFeatures.clearmlApplications.nodeSelector | object | `{}` | APPS nodeselector |
+| enterpriseFeatures.clearmlApplications.podAnnotations | object | `{}` | specific annotation for APPS pods |
+| enterpriseFeatures.clearmlApplications.replicaCount | int | `1` | APPS number of pods |
+| enterpriseFeatures.clearmlApplications.resources | object | `{"limits":{"cpu":"2000m","memory":"1Gi"},"requests":{"cpu":"100m","memory":"256Mi"}}` | APPS resources per pod; these are minimal requirements, it's suggested to increase these values in production environments |
+| enterpriseFeatures.clearmlApplications.tolerations | list | `[]` | APPS tolerations setup |
+| enterpriseFeatures.defaultCompanyGuid | string | `"d1bd92a3b039400cbafc60a7a5b1e52b"` | Company ID |
+| enterpriseFeatures.enabled | bool | `false` | Enable/Disable Enterprise features |
+| enterpriseFeatures.extraIndexUrl | string | `""` | extra index URL for Enterprise packages |
+| enterpriseFeatures.fileserverImageTagOverride | string | `"3.15.3-909"` | Image tag override for fileserver enterprise version |
+| enterpriseFeatures.overrideReferenceApiUrl | string | `""` | set this value AND overrideReferenceFileUrl if external endpoint exposure is in place (like a LoadBalancer) example: "https://api.clearml.local" |
+| enterpriseFeatures.overrideReferenceFileUrl | string | `""` | set this value AND overrideReferenceAPIUrl if external endpoint exposure is in place (like a LoadBalancer) example: "https://files.clearml.local" |
+| enterpriseFeatures.webserverImageTagOverride | string | `"3.15.3-801"` | Image tag override for webserver enterprise version |
+| externalServices | object | `{"elasticsearchHost":"","elasticsearchPort":9200,"mongodbConnectionStringAuth":"","mongodbConnectionStringBackend":"","redisHost":"","redisPort":6379}` | Definition of external services to use if not enabled as dependency charts here |
 | externalServices.elasticsearchHost | string | `""` | Existing ElasticSearch Hostname to use if elasticsearch.enabled is false |
 | externalServices.elasticsearchPort | int | `9200` | Existing ElasticSearch Port to use if elasticsearch.enabled is false |
-| externalServices.mongodbHost | string | `""` | Existing MongoDB Hostname to use if elasticsearch.enabled is false |
-| externalServices.mongodbPort | int | `27017` | Existing MongoDB Port to use if elasticsearch.enabled is false |
-| externalServices.redisHost | string | `""` | Existing Redis Hostname to use if elasticsearch.enabled is false |
-| externalServices.redisPort | int | `6379` | Existing Redis Port to use if elasticsearch.enabled is false |
-| fileserver.affinity | object | `{}` |  |
-| fileserver.extraEnvs | list | `[]` |  |
-| fileserver.image.pullPolicy | string | `"IfNotPresent"` |  |
-| fileserver.image.repository | string | `"allegroai/clearml"` |  |
-| fileserver.image.tag | string | `"1.6.0"` |  |
-| fileserver.nodeSelector | object | `{}` |  |
-| fileserver.podAnnotations | object | `{}` |  |
-| fileserver.replicaCount | int | `1` |  |
-| fileserver.resources | object | `{}` |  |
+| externalServices.mongodbConnectionStringAuth | string | `""` | Existing MongoDB connection string for BACKEND to use if mongodb.enabled is false |
+| externalServices.mongodbConnectionStringBackend | string | `""` | Existing MongoDB connection string for AUTH to use if mongodb.enabled is false |
+| externalServices.redisHost | string | `""` | Existing Redis Hostname to use if redis.enabled is false |
+| externalServices.redisPort | int | `6379` | Existing Redis Port to use if redis.enabled is false |
+| fileserver | object | `{"affinity":{},"enabled":true,"extraEnvs":[],"image":{"pullPolicy":"IfNotPresent","repository":"allegroai/clearml","tag":"1.9.2-317"},"ingress":{"annotations":{},"enabled":false,"hostName":"files.clearml.127-0-0-1.nip.io","ingressClassName":"","path":"/","tlsSecretName":""},"nodeSelector":{},"podAnnotations":{},"replicaCount":1,"resources":{"limits":{"cpu":"2000m","memory":"1Gi"},"requests":{"cpu":"100m","memory":"256Mi"}},"securityContext":{},"service":{"nodePort":30081,"port":8081,"type":"NodePort"},"storage":{"data":{"accessMode":"ReadWriteOnce","class":"","existingPVC":"","size":"50Gi"}},"tolerations":[]}` | File Server configurations |
+| fileserver.affinity | object | `{}` | File Server affinity setup |
+| fileserver.enabled | bool | `true` | Enable/Disable component deployment |
+| fileserver.extraEnvs | list | `[]` | File Server extra envrinoment variables |
+| fileserver.image | object | `{"pullPolicy":"IfNotPresent","repository":"allegroai/clearml","tag":"1.9.2-317"}` | File Server image configuration |
+| fileserver.ingress | object | `{"annotations":{},"enabled":false,"hostName":"files.clearml.127-0-0-1.nip.io","ingressClassName":"","path":"/","tlsSecretName":""}` | Ingress configuration for File Server component |
+| fileserver.ingress.annotations | object | `{}` | Ingress annotations |
+| fileserver.ingress.enabled | bool | `false` | Enable/Disable ingress |
+| fileserver.ingress.hostName | string | `"files.clearml.127-0-0-1.nip.io"` | Ingress hostname domain |
+| fileserver.ingress.ingressClassName | string | `""` | ClassName (must be defined if no default ingressClassName is available) |
+| fileserver.ingress.path | string | `"/"` | Ingress root path url |
+| fileserver.ingress.tlsSecretName | string | `""` | Reference to secret containing TLS certificate. If set, it enables HTTPS on ingress rule. |
+| fileserver.nodeSelector | object | `{}` | File Server nodeselector |
+| fileserver.podAnnotations | object | `{}` | specific annotation for File Server pods |
+| fileserver.replicaCount | int | `1` | File Server number of pods |
+| fileserver.resources | object | `{"limits":{"cpu":"2000m","memory":"1Gi"},"requests":{"cpu":"100m","memory":"256Mi"}}` | File Server resources per pod; these are minimal requirements, it's suggested to increase these values in production environments |
+| fileserver.securityContext | object | `{}` | File Server pod security context |
+| fileserver.service | object | `{"nodePort":30081,"port":8081,"type":"NodePort"}` | File Server internal service configuration |
 | fileserver.service.nodePort | int | `30081` | If service.type set to NodePort, this will be set to service's nodePort field. If service.type is set to others, this field will be ignored |
-| fileserver.service.port | int | `8081` |  |
-| fileserver.service.type | string | `"NodePort"` | This will set to service's spec.type field |
-| fileserver.storage.data.class | string | `""` |  |
-| fileserver.storage.data.size | string | `"50Gi"` |  |
-| fileserver.tolerations | list | `[]` |  |
-| imageCredentials | object | `{"email":"someone@host.com","enabled":false,"existingSecret":"","password":"pwd","registry":"docker.io","username":"someone"}` | Private image registry configuration |
+| fileserver.storage | object | `{"data":{"accessMode":"ReadWriteOnce","class":"","existingPVC":"","size":"50Gi"}}` | File server persistence settings |
+| fileserver.storage.data.accessMode | string | `"ReadWriteOnce"` | Access mode (must be ReadWriteMany if fileserver replica > 1) |
+| fileserver.storage.data.class | string | `""` | Storage class (use default if empty) |
+| fileserver.storage.data.existingPVC | string | `""` | If set, it uses an already existing PVC instead of dynamic provisioning |
+| fileserver.tolerations | list | `[]` | File Server tolerations setup |
+| imageCredentials | object | `{"email":"someone@host.com","enabled":false,"existingSecret":"","password":"pwd","registry":"docker.io","username":"someone"}` | Container registry configuration |
 | imageCredentials.email | string | `"someone@host.com"` | Email |
 | imageCredentials.enabled | bool | `false` | Use private authentication mode |
 | imageCredentials.existingSecret | string | `""` | If this is set, chart will not generate a secret but will use what is defined here |
 | imageCredentials.password | string | `"pwd"` | Registry password |
 | imageCredentials.registry | string | `"docker.io"` | Registry name |
 | imageCredentials.username | string | `"someone"` | Registry username |
-| ingress.annotations | object | `{}` |  |
-| ingress.api.annotations | object | `{}` |  |
-| ingress.api.enabled | bool | `false` |  |
-| ingress.api.hostName | string | `"api.clearml.127-0-0-1.nip.io"` |  |
-| ingress.api.path | string | `"/"` |  |
-| ingress.api.tlsSecretName | string | `""` |  |
-| ingress.app.annotations | object | `{}` |  |
-| ingress.app.enabled | bool | `false` |  |
-| ingress.app.hostName | string | `"app.clearml.127-0-0-1.nip.io"` |  |
-| ingress.app.path | string | `"/"` |  |
-| ingress.app.tlsSecretName | string | `""` |  |
-| ingress.files.annotations | object | `{}` |  |
-| ingress.files.enabled | bool | `false` |  |
-| ingress.files.hostName | string | `"files.clearml.127-0-0-1.nip.io"` |  |
-| ingress.files.path | string | `"/"` |  |
-| ingress.files.tlsSecretName | string | `""` |  |
-| ingress.name | string | `"clearml-server-ingress"` |  |
-| mongodb.architecture | string | `"standalone"` |  |
-| mongodb.auth.enabled | bool | `false` |  |
-| mongodb.enabled | bool | `true` |  |
-| mongodb.persistence.accessModes[0] | string | `"ReadWriteOnce"` |  |
-| mongodb.persistence.enabled | bool | `true` |  |
-| mongodb.persistence.size | string | `"50Gi"` |  |
-| mongodb.replicaCount | int | `1` |  |
-| mongodb.service.name | string | `"{{ .Release.Name }}-mongodb"` |  |
-| mongodb.service.port | int | `27017` |  |
-| mongodb.service.portName | string | `"mongo-service"` |  |
-| mongodb.service.type | string | `"ClusterIP"` |  |
-| redis.cluster.enabled | bool | `false` |  |
-| redis.databaseNumber | int | `0` |  |
-| redis.enabled | bool | `true` |  |
-| redis.master.name | string | `"{{ .Release.Name }}-redis-master"` |  |
-| redis.master.persistence.accessModes[0] | string | `"ReadWriteOnce"` |  |
-| redis.master.persistence.enabled | bool | `true` |  |
-| redis.master.persistence.size | string | `"5Gi"` |  |
-| redis.master.port | int | `6379` |  |
-| redis.usePassword | bool | `false` |  |
-| secret.authToken | string | `"1SCf0ov3Nm544Td2oZ0gXSrsNx5XhMWdVlKz1tOgcx158bD5RV"` | Set for auth_token field |
-| secret.credentials.apiserver.accessKey | string | `"5442F3443MJMORWZA3ZH"` | Set for apiserver_key field |
-| secret.credentials.apiserver.secretKey | string | `"BxapIRo9ZINi8x25CRxz8Wdmr2pQjzuWVB4PNASZqCtTyWgWVQ"` | Set for apiserver_secret field |
-| secret.credentials.tests.accessKey | string | `"ENP39EQM4SLACGD5FXB7"` | Set for tests_user_key field |
-| secret.credentials.tests.secretKey | string | `"lPcm0imbcBZ8mwgO7tpadutiS3gnJD05x9j7afwXPS35IKbpiQ"` | Set for tests_user_secret field |
-| secret.existingSecret | string | `""` | If this is set, chart will not generate a secret but will use what is defined here |
-| secret.httpSession | string | `"9Tw20RbhJ1bLBiHEOWXvhplKGUbTgLzAtwFN2oLQvWwS0uRpD5"` | Set for http_session field |
-| webserver.additionalConfigs | object | `{}` |  |
-| webserver.affinity | object | `{}` |  |
-| webserver.extraEnvs | list | `[]` |  |
-| webserver.image.pullPolicy | string | `"IfNotPresent"` |  |
-| webserver.image.repository | string | `"allegroai/clearml"` |  |
-| webserver.image.tag | string | `"1.6.0"` |  |
-| webserver.nodeSelector | object | `{}` |  |
-| webserver.podAnnotations | object | `{}` |  |
-| webserver.replicaCount | int | `1` |  |
-| webserver.resources | object | `{}` |  |
+| mongodb | object | `{"architecture":"standalone","auth":{"enabled":false},"enabled":true,"persistence":{"accessModes":["ReadWriteOnce"],"enabled":true,"size":"50Gi","storageClass":null},"replicaCount":1}` | Configuration from https://github.com/bitnami/charts/blob/master/bitnami/mongodb/values.yaml |
+| redis | object | `{"cluster":{"enabled":false},"databaseNumber":0,"enabled":true,"master":{"name":"{{ .Release.Name }}-redis-master","persistence":{"accessModes":["ReadWriteOnce"],"enabled":true,"size":"5Gi","storageClass":null},"port":6379},"usePassword":false}` | Configuration from https://github.com/bitnami/charts/blob/master/bitnami/redis/values.yaml |
+| webserver | object | `{"additionalConfigs":{},"affinity":{},"enabled":true,"extraEnvs":[],"image":{"pullPolicy":"IfNotPresent","repository":"allegroai/clearml","tag":"1.9.2-317"},"ingress":{"annotations":{},"enabled":false,"hostName":"app.clearml.127-0-0-1.nip.io","ingressClassName":"","path":"/","tlsSecretName":""},"nodeSelector":{},"podAnnotations":{},"podSecurityContext":{},"replicaCount":1,"resources":{"limits":{"cpu":"2000m","memory":"1Gi"},"requests":{"cpu":"100m","memory":"256Mi"}},"service":{"nodePort":30080,"port":8080,"type":"NodePort"},"tolerations":[]}` | Web Server configurations |
+| webserver.additionalConfigs | object | `{}` | Additional specific webserver configurations |
+| webserver.affinity | object | `{}` | Web Server affinity setup |
+| webserver.enabled | bool | `true` | Enable/Disable component deployment |
+| webserver.extraEnvs | list | `[]` | Web Server extra envrinoment variables |
+| webserver.image | object | `{"pullPolicy":"IfNotPresent","repository":"allegroai/clearml","tag":"1.9.2-317"}` | Web Server image configuration |
+| webserver.ingress | object | `{"annotations":{},"enabled":false,"hostName":"app.clearml.127-0-0-1.nip.io","ingressClassName":"","path":"/","tlsSecretName":""}` | Ingress configuration for Web Server component |
+| webserver.ingress.annotations | object | `{}` | Ingress annotations |
+| webserver.ingress.enabled | bool | `false` | Enable/Disable ingress |
+| webserver.ingress.hostName | string | `"app.clearml.127-0-0-1.nip.io"` | Ingress hostname domain |
+| webserver.ingress.ingressClassName | string | `""` | ClassName (must be defined if no default ingressClassName is available) |
+| webserver.ingress.path | string | `"/"` | Ingress root path url |
+| webserver.ingress.tlsSecretName | string | `""` | Reference to secret containing TLS certificate. If set, it enables HTTPS on ingress rule. |
+| webserver.nodeSelector | object | `{}` | Web Server nodeselector |
+| webserver.podAnnotations | object | `{}` | specific annotation for Web Server pods |
+| webserver.podSecurityContext | object | `{}` | Web Server pod security context |
+| webserver.replicaCount | int | `1` | Web Server number of pods |
+| webserver.resources | object | `{"limits":{"cpu":"2000m","memory":"1Gi"},"requests":{"cpu":"100m","memory":"256Mi"}}` | Web Server resources per pod; these are minimal requirements, it's suggested to increase these values in production environments |
+| webserver.service | object | `{"nodePort":30080,"port":8080,"type":"NodePort"}` | Web Server internal service configuration |
 | webserver.service.nodePort | int | `30080` | If service.type set to NodePort, this will be set to service's nodePort field. If service.type is set to others, this field will be ignored |
-| webserver.service.port | int | `80` |  |
-| webserver.service.type | string | `"NodePort"` | This will set to service's spec.type field |
-| webserver.tolerations | list | `[]` |  |
+| webserver.tolerations | list | `[]` | Web Server tolerations setup |

charts/clearml/README.md.gotmpl

@@ -28,7 +28,7 @@ For development/evaluation it's possible to use [kind](https://kind.sigs.k8s.io)
 After installation, following commands will create a complete ClearML insatllation:
 
 ```
-cat <<EOF | kind create cluster --config=-                                                                  ─╯
+cat <<EOF | kind create cluster --config=-
 kind: Cluster
 apiVersion: kind.x-k8s.io/v1alpha4
 nodes:
@@ -82,6 +82,12 @@ This will create 3 ingress rules:
 
 Just pointing the domain records to the IP where ingress controller is responding will complete the deployment process.
 
+A production ready cluster should also have some different configuration like the one proposed in `values-production.yaml` that can be applied with:
+
+```
+helm install clearml allegroai/clearml -f values-production.yaml
+```
+
 ## Upgrades/ Values upgrades
 
 Updating to latest version of this chart can be done in two steps:
@@ -100,6 +106,11 @@ helm upgrade clearml allegroai/clearml --version <CURRENT CHART VERSION> -f cust
 Please note: updating values only should always be done setting explicit chart version to avoid a possible chart update. 
 Keeping separate updates procedures between version and values can be a good practice to seprate potential concerns.
 
+## ENTERPRISE Version
+
+There are some specific Enterprise version features that can be enabled only with specific Enterprise licensed images. 
+Enabling this features on OSS version can cause the entire installation to break.
+
 ## Additional Configuration for ClearML Server
 
 You can also configure the **clearml-server** for:

charts/clearml/templates/NOTES.txt

@@ -1,10 +1,6 @@
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range $host := .Values.ingress.hosts }}
-  {{- range .paths }}
-  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
-  {{- end }}
-{{- end }}
+1. Get the application URL:
+{{- if .Values.webserver.ingress.enabled }}
+  http{{ if $.Values.webserver.ingress.tls }}s{{ end }}://{{ .Values.webserver.ingress.hostName }}
 {{- else if contains "NodePort" .Values.webserver.service.type }}
   export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "clearml.fullname" . }})
   export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")

charts/clearml/templates/_helpers.tpl

@@ -50,39 +50,64 @@ app.kubernetes.io/name: {{ include "clearml.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
 
+{{/*
+Reference Name (apiserver)
+*/}}
+{{- define "apiserver.referenceName" -}}
+{{- include "clearml.name" . }}-apiserver
+{{- end }}
+
+{{/*
 Selector labels (apiserver)
 */}}
-{{- define "clearml.selectorLabelsApiServer" -}}
+{{- define "apiserver.selectorLabels" -}}
 app.kubernetes.io/name: {{ include "clearml.name" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}-apiserver
+app.kubernetes.io/instance: {{ include "apiserver.referenceName" . }}
 {{- end }}
 
+{{/*
+Reference Name (fileserver)
+*/}}
+{{- define "fileserver.referenceName" -}}
+{{- include "clearml.name" . }}-fileserver
+{{- end }}
+
+{{/*
 Selector labels (fileserver)
 */}}
-{{- define "clearml.selectorLabelsFileServer" -}}
+{{- define "fileserver.selectorLabels" -}}
 app.kubernetes.io/name: {{ include "clearml.name" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}-fileserver
+app.kubernetes.io/instance: {{ include "fileserver.referenceName" . }}
 {{- end }}
 
+{{/*
+Reference Name (webserver)
+*/}}
+{{- define "webserver.referenceName" -}}
+{{- include "clearml.name" . }}-webserver
+{{- end }}
+
+{{/*
 Selector labels (webserver)
 */}}
-{{- define "clearml.selectorLabelsWebServer" -}}
+{{- define "webserver.selectorLabels" -}}
 app.kubernetes.io/name: {{ include "clearml.name" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}-webserver
+app.kubernetes.io/instance: {{ include "webserver.referenceName" . }}
 {{- end }}
 
-Selector labels (agentservices)
+{{/*
+Reference Name (apps)
 */}}
-{{- define "clearml.selectorLabelsAgentServices" -}}
-app.kubernetes.io/name: {{ include "clearml.name" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}-agentservices
+{{- define "clearmlApplications.referenceName" -}}
+{{- include "clearml.name" . }}-apps
 {{- end }}
 
-Selector labels (agent)
+{{/*
+Selector labels (apps)
 */}}
-{{- define "clearml.selectorLabelsAgent" -}}
+{{- define "clearmlApplications.selectorLabels" -}}
 app.kubernetes.io/name: {{ include "clearml.name" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}-agent
+app.kubernetes.io/instance: {{ include "clearmlApplications.referenceName" . }}
 {{- end }}
 
 {{/*
@@ -97,53 +122,91 @@ Create the name of the service account to use
 {{- end }}
 
 {{/*
-Create the name of the App service to use
-*/}}
-{{- define "clearml.serviceApp" -}}
-{{- if .Values.ingress.enabled }}
-{{- if .Values.ingress.app.tlsSecretName }}
-{{- printf "%s%s" "https://" .Values.ingress.app.hostName }}
-{{- else }}
-{{- printf "%s%s" "http://" .Values.ingress.app.hostName }}
-{{- end }}
-{{- else }}
-{{- printf "%s%s%s%s" "http://" (include "clearml.fullname" .) "-webserver:" (.Values.webserver.service.port | toString) }}
-{{- end }}
-{{- end }}
-
-{{/*
-Create the name of the Api service to use
-*/}}
-{{- define "clearml.serviceApi" -}}
-{{- if .Values.ingress.enabled }}
-{{- if .Values.ingress.api.tlsSecretName }}
-{{- printf "%s%s" "https://" .Values.ingress.api.hostName }}
-{{- else }}
-{{- printf "%s%s" "http://" .Values.ingress.api.hostName }}
-{{- end }}
-{{- else }}
-{{- printf "%s%s%s%s" "http://" (include "clearml.fullname" .) "-apiserver:" (.Values.apiserver.service.port | toString) }}
-{{- end }}
-{{- end }}
-
-{{/*
-Create the name of the Files service to use
-*/}}
-{{- define "clearml.serviceFiles" -}}
-{{- if .Values.ingress.enabled }}
-{{- if .Values.ingress.files.tlsSecretName }}
-{{- printf "%s%s" "https://" .Values.ingress.files.hostName }}
-{{- else }}
-{{- printf "%s%s" "http://" .Values.ingress.files.hostName }}
-{{- end }}
-{{- else }}
-{{- printf "%s%s%s%s" "http://" (include "clearml.fullname" .) "-fileserver:" (.Values.fileserver.service.port | toString) }}
-{{- end }}
-{{- end }}
-
-{{/*
-Return the proper Docker Image Registry Secret Names
+Create secret to access docker registry
 */}}
 {{- define "imagePullSecret" }}
-{{- printf "{\"auths\": {\"%s\": {\"auth\": \"%s\"}}}" .Values.imageCredentials.registry (printf "%s:%s" .Values.imageCredentials.username .Values.imageCredentials.password | b64enc) | b64enc }}
+{{- with .Values.imageCredentials }}
+{{- printf "{\"auths\":{\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}}}" .registry .username .password .email (printf "%s:%s" .username .password | b64enc) | b64enc }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create readiness probe auth token
+*/}}
+{{- define "readinessProbeAuth" }}
+{{- printf "%s:%s" .Values.clearml.readinessprobeKey .Values.clearml.readinessprobeSecret | b64enc }}
+{{- end }}
+
+{{/*
+Elasticsearch Service name
+*/}}
+{{- define "elasticsearch.servicename" -}}
+{{- if .Values.elasticsearch.enabled }}
+{{- .Values.elasticsearch.clusterName }}-master
+{{- else }}
+{{- .Values.externalServices.elasticsearchHost }}
+{{- end }}
+{{- end }}
+
+{{/*
+Elasticsearch Service port
+*/}}
+{{- define "elasticsearch.serviceport" -}}
+{{- if .Values.elasticsearch.enabled }}
+{{- .Values.elasticsearch.httpPort }}
+{{- else }}
+{{- .Values.externalServices.elasticsearchPort }}
+{{- end }}
+{{- end }}
+
+{{/*
+MongoDB Comnnection string
+*/}}
+{{- define "mongodb.connectionstring" -}}
+{{- if eq .Values.mongodb.architecture "standalone" }}
+{{- printf "%s%s%s" "mongodb://" .Release.Name "-mongodb:27017" }}
+{{- else }}
+{{- $connectionString := "mongodb://" }}
+{{- range $i,$e := until (.Values.mongodb.replicaCount | int) }}
+{{- $connectionString = printf "%s%s%s%s%s%s%s%s%s" $connectionString $.Release.Name "-mongodb-" ( $i | toString ) "." $.Release.Name "-mongodb-headless." $.Release.Namespace ".svc.cluster.local," }}
+{{- end }}
+{{- printf "%s" ( trimSuffix "," $connectionString ) }}
+{{- end }}
+{{- end }}
+
+{{/*
+Redis Service name
+*/}}
+{{- define "redis.servicename" -}}
+{{- if .Values.redis.enabled }}
+{{- tpl .Values.redis.master.name . }}
+{{- else }}
+{{- .Values.externalServices.redisHost }}
+{{- end }}
+{{- end }}
+
+{{/*
+Redis Service port
+*/}}
+{{- define "redis.serviceport" -}}
+{{- if .Values.redis.enabled }}
+{{- .Values.redis.master.port }}
+{{- else }}
+{{- .Values.externalServices.redisPort }}
+{{- end }}
+{{- end }}
+
+{{/*
+clientConfiguration string compose
+*/}}
+{{- define "clearml.clientConfiguration" -}}
+{{- $clientConfiguration := "" }}
+{{- if and (.Values.clearml.clientConfigurationApiUrl) .Values.clearml.clientConfigurationFilesUrl }}
+{{- $clientConfiguration = printf "%s%s%s%s%s" "{\"apiServer\":\"" .Values.clearml.clientConfigurationApiUrl "\",\"filesServer\":\"" .Values.clearml.clientConfigurationFilesUrl "\"}" }}
+{{- else if .Values.clearml.clientConfigurationApiUrl }}
+{{- $clientConfiguration = printf "%s%s%s" "{\"apiServer\":\"" .Values.clearml.clientConfigurationApiUrl "\"}" }}
+{{- else if .Values.clearml.clientConfigurationFilesUrl }}
+{{- $clientConfiguration = printf "%s%s%s" "{\"filesServer\":\"" .Values.clearml.clientConfigurationFilesUrl "\"}" }}
+{{- end }}
+{{- $clientConfiguration }}
 {{- end }}

charts/clearml/templates/apiserver-configmap.yaml

@@ -0,0 +1,15 @@
+{{- if .Values.apiserver.enabled }}
+{{- if .Values.apiserver.additionalConfigs }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: "{{ include "apiserver.referenceName" . }}-configmap"
+  labels:
+    {{- include "clearml.labels" . | nindent 4 }}
+data:
+  {{- range $key, $val := .Values.apiserver.additionalConfigs }}
+  {{ $key }}: |
+    {{- $val | nindent 4 }}
+  {{- end }}
+{{- end }}
+{{- end }}

charts/clearml/templates/apiserver-deployment.yaml

@@ -0,0 +1,263 @@
+{{- if .Values.apiserver.enabled }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "apiserver.referenceName" . }}
+  labels:
+    {{- include "clearml.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.apiserver.replicaCount }}
+  selector:
+    matchLabels:
+      {{- include "apiserver.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      {{- with .Values.apiserver.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "apiserver.selectorLabels" . | nindent 8 }}
+    spec:
+      {{- if .Values.imageCredentials.enabled }}
+      imagePullSecrets:
+      {{- if .Values.imageCredentials.existingSecret }}
+      - name: .Values.imageCredentials.existingSecret
+      {{- else }}
+      - name: clearml-registry-key
+      {{- end }}
+      {{- end }}
+      {{- if or .Values.apiserver.additionalConfigs .Values.apiserver.existingAdditionalConfigsConfigMap  .Values.apiserver.existingAdditionalConfigsSecret }}
+      volumes:
+        - name: apiserver-config
+          {{- if or .Values.apiserver.existingAdditionalConfigsConfigMap }}
+          configMap:
+            name: {{ .Values.apiserver.existingAdditionalConfigsConfigMap }}
+          {{- else if or .Values.apiserver.existingAdditionalConfigsSecret }}
+          secret:
+            secretName: {{ .Values.apiserver.existingAdditionalConfigsSecret }}
+          {{- else if or .Values.apiserver.additionalConfigs }}
+          configMap:
+            name: "{{ include "apiserver.referenceName" . }}-configmap"
+          {{- end }}
+      {{- end }}
+      securityContext: {{ toYaml .Values.apiserver.podSecurityContext | nindent 8 }}
+      initContainers:
+        - name: init-apiserver
+          {{- if .Values.enterpriseFeatures.enabled }}
+          image: "{{ .Values.apiserver.image.repository }}:{{ .Values.enterpriseFeatures.apiserverImageTagOverride }}"
+          {{- else }}
+          image: "{{ .Values.apiserver.image.repository }}:{{ .Values.apiserver.image.tag }}"
+          {{- end }}
+          command:
+            - /bin/sh
+            - -c
+            - >
+              set -x;
+              {{- if .Values.elasticsearch.enabled }}
+              while [ $(curl -sw '%{http_code}' "http://{{ include "elasticsearch.servicename" . }}:{{ include "elasticsearch.serviceport" . }}/_cluster/health" -o /dev/null) -ne 200 ] ; do
+                echo "waiting for elasticsearch" ;
+                sleep 5 ;
+              done ;
+              {{- end }}
+              {{- if .Values.mongodb.enabled }}
+              while [ $(curl --telnet-option BOGUS --connect-timeout 2 -s "telnet://{{ .Release.Name }}-mongodb:27017" -o /dev/null; echo $?) -ne 49 ] ; do
+                echo "waiting for mongodb" ;
+                sleep 5 ;
+              done ;
+              {{- end }}
+              {{- if .Values.redis.enabled }}
+              while [ $(curl --telnet-option BOGUS --connect-timeout 2 -s "telnet://{{ include "redis.servicename" . }}:{{ include "redis.serviceport" . }}" -o /dev/null; echo $?) -ne 49 ] ; do
+                echo "waiting for redis" ;
+                sleep 5 ;
+              done ;
+              {{- end }}
+      containers:
+        - name: clearml-apiserver
+          {{- if .Values.enterpriseFeatures.enabled }}
+          image: "{{ .Values.apiserver.image.repository }}:{{ .Values.enterpriseFeatures.apiserverImageTagOverride }}"
+          {{- else }}
+          image: "{{ .Values.apiserver.image.repository }}:{{ .Values.apiserver.image.tag }}"
+          {{- end }}
+          imagePullPolicy: {{ .Values.apiserver.image.pullPolicy }}
+          ports:
+            - name: http
+              containerPort: 8008
+              protocol: TCP
+          env:
+          - name: CLEARML_ELASTIC_SERVICE_HOST
+            value: {{ include "elasticsearch.servicename" . }}
+          - name: CLEARML_ELASTIC_SERVICE_PORT
+            value: "{{ include "elasticsearch.serviceport" . }}"
+          {{- if .Values.mongodb.enabled }}
+          - name: CLEARML_MONGODB_SERVICE_CONNECTION_STRING
+            value: {{ include "mongodb.connectionstring" . | quote }}
+          {{- else }}
+          - name: CLEARML__HOSTS__MONGO__BACKEND__HOST
+            value: {{ .Values.externalServices.mongodbConnectionStringBackend | quote }}
+          - name: CLEARML__HOSTS__MONGO__AUTH__HOST
+            value: {{ .Values.externalServices.mongodbConnectionStringAuth | quote }}
+          {{- end }}
+          - name: CLEARML_REDIS_SERVICE_HOST
+            value: {{ include "redis.servicename" . }}
+          - name: CLEARML_REDIS_SERVICE_PORT
+            value: "{{ include "redis.serviceport" . }}"
+          - name: CLEARML_CONFIG_PATH
+            value: /opt/clearml/config
+          - name: CLEARML__apiserver__default_company_name
+            value: "{{ .Values.clearml.defaultCompany }}"
+          {{- if not (eq .Values.clearml.cookieDomain "") }}
+          - name: CLEARML__APISERVER__AUTH__SESSION_AUTH_COOKIE_NAME
+            value: {{ .Values.clearml.cookieName }}
+          - name: CLEARML__APISERVER__AUTH__COOKIES__DOMAIN
+            value: ".{{ .Values.clearml.cookieDomain }}"
+          {{- end }}
+          - name: CLEARML__secure__credentials__apiserver__user_key
+            valueFrom:
+              secretKeyRef:
+                name: clearml-conf
+                key: apiserver_key
+          - name: CLEARML__secure__credentials__apiserver__user_secret
+            valueFrom:
+              secretKeyRef:
+                name: clearml-conf
+                key: apiserver_secret
+          - name: CLEARML__secure__auth__token_secret
+            valueFrom:
+              secretKeyRef:
+                name: clearml-conf
+                key: secure_auth_token_secret
+          {{- if .Values.apiserver.prepopulateEnabled }}
+          - name: CLEARML__APISERVER__PRE_POPULATE__ENABLED
+            value: "true"
+          - name: CLEARML__APISERVER__PRE_POPULATE__ZIP_FILES
+            value: "/opt/clearml/db-pre-populate"
+          {{- end }}
+          {{- if .Values.enterpriseFeatures.enabled }}
+          - name: CLEARML__apiserver__default_company
+            value: "{{ .Values.enterpriseFeatures.defaultCompanyGuid }}"
+          - name: APPLY_ES_MAPPINGS
+            value: "false"
+          - name: CLEARML__HOSTS__ELASTIC__LOGS__HOSTS
+            value: "[\"http://{{ include "elasticsearch.servicename" . }}:{{ include "elasticsearch.serviceport" . }}\"]"
+          - name: NUMBER_OF_GUNICORN_WORKERS
+            value: "{{ .Values.apiserver.processes.count }}"
+          - name: GUNICORN_TIMEOUT
+            value: "{{ .Values.apiserver.processes.timeout }}"
+          - name: GUNICORN_MAX_REQUESTS
+            value: "{{ .Values.apiserver.processes.maxRequests }}"
+          - name: GUNICORN_MAX_REQUESTS_JITTER
+            value: "{{ .Values.apiserver.processes.maxRequestsJitter }}"
+          - name: CLEARML_CONFIG_VERBOSE
+            value: "0"
+          - name: CLEARML__SERVICES__APPLICATIONS__TEMPLATES__FOLDER
+            value: "/opt/allegro/config/applications"
+          - name: CLEARML__apiserver__apilog__prefix
+            value: "fluentd."
+          - name: CLEARML__apiserver__apilog__index_name_prefix__default
+            value: "allegro.apiserver.api-logs."
+          - name: CLEARML__apiserver__apilog__adapter
+            value: "logging"
+          - name: CLEARML__apiserver__apilog__rotation__index_size
+            value: "225000"
+          - name: CLEARML__services__tasks__non_responsive_tasks_watchdog__enabled
+            value: "false"
+          - name: CLEARML__APISERVER__AUTH__COOKIES__MAX_AGE
+            value: "2678400"
+          - name: CLEARML__services__frames__scroll_state_expiration_hours
+            value: "6"
+          - name: CLEARML__services__organization__features__applications
+            value: "true"
+          - name: CLEARML__services__organization__features__app_management
+            value: "true"
+          - name: CLEARML__SERVICES___ELASTIC__MAPPINGS__EVENTS__NUMBER_OF_REPLICAS
+            value: {{ .Values.apiserver.indexReplicas | quote }}
+          - name: CLEARML__SERVICES___ELASTIC__MAPPINGS__EVENTS__NUMBER_OF_SHARDS
+            value: {{ .Values.apiserver.indexShards | quote }}
+          - name: CLEARML__APISERVER__LOG_CALLS
+            value: "false"
+          - name: ALLEGRO_ENV
+            value: "onprem_k8s"
+          - name: CLEARML__secure__credentials__fileserver__user_key
+            valueFrom:
+              secretKeyRef:
+                name: clearml-conf
+                key: fileserver_key
+          - name: CLEARML__secure__credentials__fileserver__user_secret
+            valueFrom:
+              secretKeyRef:
+                name: clearml-conf
+                key: fileserver_secret
+          - name: CLEARML__secure__applications__agents_credentials__apps_agent__user_key
+            valueFrom:
+              secretKeyRef:
+                name: clearml-conf
+                key: apps_agent_key
+          - name: CLEARML__secure__applications__agents_credentials__apps_agent__user_secret
+            valueFrom:
+              secretKeyRef:
+                name: clearml-conf
+                key: apps_agent_secret
+          {{- else }}
+          - name: CLEARML__SECURE__CREDENTIALS__TESTS__USER_KEY
+            valueFrom:
+              secretKeyRef:
+                name: "clearml-conf"
+                key: test_user_key
+          - name: CLEARML__SECURE__CREDENTIALS__TESTS__USER_SECRET
+            valueFrom:
+              secretKeyRef:
+                name: "clearml-conf"
+                key: test_user_secret
+          - name: CLEARML_ENV
+            value: "helm-cloud"
+          {{- end }}
+          {{- if .Values.apiserver.extraEnvs }}
+          {{ toYaml .Values.apiserver.extraEnvs | nindent 10 }}
+          {{- end }}
+          {{- if not .Values.enterpriseFeatures.enabled }}
+          args:
+            - apiserver
+          {{- end }}
+          livenessProbe:
+            initialDelaySeconds: 60
+            httpGet:
+              path: /debug.ping
+              port: 8008
+          readinessProbe:
+            initialDelaySeconds: 60
+            failureThreshold: 8
+            httpGet:
+              {{- if .Values.enterpriseFeatures.enabled }}
+              path: /server.health_check
+              {{- else }}
+              path: /debug.ping
+              {{- end }}
+              port: 8008
+              httpHeaders:
+                - name: Authorization
+                  value: Basic {{ include "readinessProbeAuth" . }}
+          {{- if or .Values.apiserver.additionalConfigs .Values.apiserver.existingAdditionalConfigsConfigMap  .Values.apiserver.existingAdditionalConfigsSecret }}
+          volumeMounts:  
+            - name: apiserver-config
+              {{- if .Values.enterpriseFeatures.enabled }}
+              mountPath: /opt/clearml/config/default
+              {{- else }}
+              mountPath: /opt/clearml/config
+              {{- end }}
+          {{- end }}
+          resources:
+            {{- toYaml .Values.apiserver.resources | nindent 12 }}
+      {{- with .Values.apiserver.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.apiserver.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.apiserver.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+{{- end }}

charts/clearml/templates/apiserver-ingress.yaml

@@ -0,0 +1,50 @@
+{{- if .Values.apiserver.enabled }}
+{{- if .Values.apiserver.ingress.enabled }}
+{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1
+{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- else -}}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+  name: {{ include "apiserver.referenceName" . }}
+  labels:
+    {{- include "clearml.labels" . | nindent 4 }}
+  {{- $annotations := .Values.apiserver.ingress.annotations  }}
+  {{- if .Values.apiserver.ingress.annotations }}
+  {{- $annotations = mergeOverwrite $annotations .Values.apiserver.ingress.annotations }}
+  {{- end }}
+  annotations:
+    {{- toYaml $annotations | nindent 4 }}
+
+spec:
+  {{- if .Values.apiserver.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.apiserver.ingress.ingressClassName }}
+  {{- end }}
+  {{- if .Values.apiserver.ingress.tlsSecretName }}
+  tls:
+    - hosts:
+        - {{ .Values.apiserver.ingress.hostName }}
+      secretName: {{ .Values.apiserver.ingress.tlsSecretName }}
+  {{- end }}
+  rules:
+  - host: {{ .Values.apiserver.ingress.hostName }}
+    http:
+      paths:
+      - path: {{ .Values.apiserver.ingress.path }}
+  {{ if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion }}
+        pathType: Prefix
+        backend:
+          service:
+            name: {{ include "apiserver.referenceName" . }}
+            port:
+              number: {{ .Values.apiserver.service.port }}
+  {{ else }}
+        backend:
+          serviceName: {{ include "apiserver.referenceName" . }}
+          servicePort: {{ .Values.apiserver.service.port }}
+  {{ end }}
+{{- end }}
+{{- end }}

charts/clearml/templates/apiserver-service.yaml

@@ -1,7 +1,8 @@
+{{- if .Values.apiserver.enabled }}
 apiVersion: v1
 kind: Service
 metadata:
-  name: {{ include "clearml.fullname" . }}-apiserver
+  name: {{ include "apiserver.referenceName" . }}
   labels:
     {{- include "clearml.labels" . | nindent 4 }}
 spec:
@@ -9,9 +10,10 @@ spec:
   ports:
     - port: {{ .Values.apiserver.service.port }}
       targetPort: {{ .Values.apiserver.service.port }}
-{{- if eq .Values.apiserver.service.type "NodePort" }}
+      {{- if eq .Values.apiserver.service.type "NodePort" }}
       nodePort: {{ .Values.apiserver.service.nodePort }}
-{{- end }}
+      {{- end }}
       protocol: TCP
   selector:
-    {{- include "clearml.selectorLabelsApiServer" . | nindent 4 }}
+    {{- include "apiserver.selectorLabels" . | nindent 4 }}
+{{- end }}

charts/clearml/templates/apps-configmap.yaml

@@ -0,0 +1,32 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "clearml.name" . }}-apps-pt
+data:
+  template.yaml: |
+    apps_queue:
+      apiVersion: v1
+      metadata:
+        namespace: {{ $.Release.Namespace }}
+      spec:
+        {{- if $.Values.imageCredentials.enabled }}
+        imagePullSecrets:
+        {{- if $.Values.imageCredentials.existingSecret }}
+          - name: $.Values.imageCredentials.existingSecret
+        {{- else }}
+          - name: clearml-registry-key
+        {{- end }}
+        {{- end }}
+        serviceAccountName: "clearml-apps-sa"
+        containers:
+        - resources:
+          ports:
+            - containerPort: 10022
+          volumeMounts:
+          env:
+          - name: CLEARML_API_HOST
+            value: "http://{{ include "apiserver.referenceName" . }}:{{ .Values.apiserver.service.port }}"
+          - name: CLEARML_FILES_HOST
+            value: "http://{{ include "fileserver.referenceName" . }}:{{ .Values.fileserver.service.port }}"
+          - name: CLEARML_WEB_HOST
+            value: "http://{{ include "webserver.referenceName" . }}:{{ .Values.webserver.service.port }}"

charts/clearml/templates/apps-deployment.yaml

@@ -0,0 +1,126 @@
+{{- if .Values.enterpriseFeatures.enabled }}
+{{- if .Values.enterpriseFeatures.clearmlApplications.enabled }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "clearmlApplications.referenceName" . }}
+  labels:
+    {{- include "clearml.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.enterpriseFeatures.clearmlApplications.replicaCount }}
+  selector:
+    matchLabels:
+      {{- include "clearmlApplications.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      {{- with .Values.enterpriseFeatures.clearmlApplications.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "clearmlApplications.selectorLabels" . | nindent 8 }}
+    spec:
+      {{- if .Values.imageCredentials.enabled }}
+      imagePullSecrets:
+      {{- if .Values.imageCredentials.existingSecret }}
+      - name: .Values.imageCredentials.existingSecret
+      {{- else }}
+      - name: clearml-registry-key
+      {{- end }}
+      {{- end }}
+      volumes:
+        - name: {{ include "clearml.name" . }}-apps-pt
+          configMap:
+            name: {{ include "clearml.name" . }}-apps-pt
+      {{- if .Values.enterpriseFeatures.clearmlApplications.additionalConfigs }}
+        - name: apps-config
+          configMap:
+            name: "{{ include "clearmlApplications.referenceName" . }}-configmap"
+      {{- end }}
+      serviceAccountName: "clearml-apps-sa"
+      initContainers:
+        - name: init-apps
+          image: "{{ .Values.enterpriseFeatures.clearmlApplications.image.repository }}:{{ .Values.enterpriseFeatures.clearmlApplications.image.tag | default .Chart.AppVersion }}"
+          command:
+            - /bin/sh
+            - -c
+            - >
+              set -x;
+              while [ $(curl -sw '%{http_code}' "http://{{ include "apiserver.referenceName" . }}:{{ .Values.apiserver.service.port }}/debug.ping" -o /dev/null) -ne 200 ] ; do
+                echo "waiting for apiserver" ;
+                sleep 5 ;
+              done
+      containers:
+        - name: clearml-apps
+          image: "{{ .Values.enterpriseFeatures.clearmlApplications.image.repository }}:{{ .Values.enterpriseFeatures.clearmlApplications.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.enterpriseFeatures.clearmlApplications.image.pullPolicy }}
+          ports:
+            - name: http
+              containerPort: 8008
+              protocol: TCP
+          env:
+          - name: CLEARML_API_HOST
+            value: "http://{{ include "apiserver.referenceName" . }}:{{ .Values.apiserver.service.port }}"
+          - name: CLEARML_FILES_HOST
+            value: "http://{{ include "fileserver.referenceName" . }}:{{ .Values.fileserver.service.port }}"
+          - name: CLEARML_WEB_HOST
+            value: "http://{{ include "webserver.referenceName" . }}:{{ .Values.webserver.service.port }}"
+          - name: CLEARML_AGENT_DEFAULT_BASE_DOCKER
+            value: "{{ .Values.enterpriseFeatures.clearmlApplications.basePodImage.repository }}:{{ .Values.enterpriseFeatures.clearmlApplications.basePodImage.tag }}"
+          - name: CLEARML_WORKER_ID
+            value: "apps-agent-1"
+          - name: CLEARML_NO_DEFAULT_SERVER
+            value: "true"
+          - name: K8S_GLUE_EXTRA_ARGS
+            value: "--namespace {{ .Release.Namespace }} --template-yaml /root/template/template.yaml \
+                    --child-report-tags application --max-pods 5 --use-owner-token"
+          - name: K8S_GLUE_QUEUE
+            value: "apps_queue"
+          - name: CLEARML_AGENT_DISABLE_SSH_MOUNT
+            value: "1"
+          - name: CLEARML_API_ACCESS_KEY
+            valueFrom:
+              secretKeyRef:
+                name: clearml-conf
+                key: apps_agent_key
+          - name: CLEARML_API_SECRET_KEY
+            valueFrom:
+              secretKeyRef:
+                name: clearml-conf
+                key: apps_agent_secret
+          - name: CLEARML_AGENT_GIT_USER
+            valueFrom:
+              secretKeyRef:
+                name: clearml-conf
+                key: apps_git_agent_user
+          - name: CLEARML_AGENT_GIT_PASS
+            valueFrom:
+              secretKeyRef:
+                name: clearml-conf
+                key: apps_git_agent_pass
+          {{- if .Values.enterpriseFeatures.clearmlApplications.extraEnvs }}
+          {{ toYaml .Values.enterpriseFeatures.clearmlApplications.extraEnvs | nindent 10 }}
+          {{- end }}
+          volumeMounts:
+          - name: {{ include "clearml.name" . }}-apps-pt
+            mountPath: /root/template
+          {{- if .Values.enterpriseFeatures.clearmlApplications.additionalConfigs }}
+            - name: apps-config
+              mountPath: /opt/clearml/config/default
+          {{- end }}
+          resources:
+            {{- toYaml .Values.enterpriseFeatures.clearmlApplications.resources | nindent 12 }}
+      {{- with .Values.enterpriseFeatures.clearmlApplications.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.enterpriseFeatures.clearmlApplications.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.enterpriseFeatures.clearmlApplications.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+{{- end }}
+{{- end }}

charts/clearml/templates/apps-rbac.yaml

@@ -0,0 +1,33 @@
+{{- if .Values.enterpriseFeatures.enabled }}
+{{- if .Values.enterpriseFeatures.clearmlApplications.enabled }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: "clearml-apps-sa"
+  namespace: {{ .Release.Namespace }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ include "clearmlApplications.referenceName" . }}-kpa
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+    verbs: ["get", "list", "watch", "create", "patch", "delete"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ include "clearmlApplications.referenceName" . }}-kpa
+subjects:
+  - kind: ServiceAccount
+    name: "clearml-apps-sa"
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ include "clearmlApplications.referenceName" . }}-kpa
+{{- end }}
+{{- end }}

charts/clearml/templates/clearml-secrets.yaml

@@ -0,0 +1,28 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: clearml-conf
+data:
+  apiserver_key: {{ .Values.clearml.apiserverKey | b64enc }}
+  apiserver_secret: {{ .Values.clearml.apiserverSecret | b64enc }}
+  fileserver_key: {{ .Values.clearml.fileserverKey | b64enc }}
+  fileserver_secret: {{ .Values.clearml.fileserverSecret | b64enc }}
+  apps_agent_key: {{ .Values.enterpriseFeatures.clearmlApplications.agentKey | b64enc }}
+  apps_agent_secret: {{ .Values.enterpriseFeatures.clearmlApplications.agentSecret | b64enc }}
+  secure_auth_token_secret: {{ .Values.clearml.secureAuthTokenSecret | b64enc }}
+  apps_git_agent_user: {{ .Values.enterpriseFeatures.clearmlApplications.gitAgentUser | b64enc }}
+  apps_git_agent_pass: {{ .Values.enterpriseFeatures.clearmlApplications.gitAgentPass | b64enc }}
+  test_user_key: {{ .Values.clearml.testUserKey | b64enc }}
+  test_user_secret: {{ .Values.clearml.testUserSecret | b64enc }}
+---
+{{- if .Values.imageCredentials.enabled }}
+{{- if not .Values.imageCredentials.existingSecret }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: clearml-registry-key
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: {{ template "imagePullSecret" . }}
+{{- end }}
+{{- end }}

charts/clearml/templates/configmap-apiserver.yaml

@@ -1,13 +0,0 @@
-{{- if .Values.apiserver.configuration.additionalConfigs -}}
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: "{{ include "clearml.fullname" . }}-apiserver-configmap"
-  labels:
-    {{- include "clearml.labels" . | nindent 4 }}
-data:
-  {{- range $key, $val := .Values.apiserver.configuration.additionalConfigs }}
-  {{ $key }}: |
-    {{- $val | nindent 4 }}
-  {{- end }}
-{{- end -}}

charts/clearml/templates/configmap-webserver.yaml

@@ -1,13 +0,0 @@
-{{- if .Values.webserver.additionalConfigs -}}
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: "{{ include "clearml.fullname" . }}-webserver-configmap"
-  labels:
-    {{- include "clearml.labels" . | nindent 4 }}
-data:
-  {{- range $key, $val := .Values.webserver.additionalConfigs }}
-  {{ $key }}: |
-    {{- $val | nindent 4 }}
-  {{- end }}
-{{- end -}}

charts/clearml/templates/deployment-apiserver.yaml

@@ -1,165 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ include "clearml.fullname" . }}-apiserver
-  labels:
-    {{- include "clearml.labels" . | nindent 4 }}
-spec:
-  replicas: {{ .Values.apiserver.replicaCount }}
-  selector:
-    matchLabels:
-      {{- include "clearml.selectorLabelsApiServer" . | nindent 6 }}
-  template:
-    metadata:
-      annotations:
-        checksum/secret: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }}
-      {{- with .Values.apiserver.podAnnotations }}
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      labels:
-        {{- include "clearml.selectorLabelsApiServer" . | nindent 8 }}
-    spec:
-      {{- if .Values.imageCredentials.enabled }}
-      imagePullSecrets:
-      {{- if .Values.imageCredentials.existingSecret }}
-      - name: {{ .Values.imageCredentials.existingSecret }}
-      {{- else }}
-      - name: clearml-agent-registry-key
-      {{- end }}
-      {{- end }}
-      containers:
-        - name: {{ .Chart.Name }}
-          image: "{{ .Values.apiserver.image.repository }}:{{ .Values.apiserver.image.tag | default .Chart.AppVersion }}"
-          imagePullPolicy: {{ .Values.apiserver.image.pullPolicy }}
-          ports:
-            - name: http
-              containerPort: 8008
-              protocol: TCP
-          env:
-          - name: CLEARML_ELASTIC_SERVICE_HOST
-          {{- if .Values.elasticsearch.enabled }}
-            value: "{{ .Values.elasticsearch.clusterName }}-master"
-          {{- else }}
-            value: "{{ .Values.externalServices.elasticsearchHost }}"
-          {{- end }}
-          - name: CLEARML_ELASTIC_SERVICE_PORT
-          {{- if .Values.elasticsearch.enabled }}
-            value: "{{ .Values.elasticsearch.httpPort }}"
-          {{- else }}
-            value: "{{ .Values.externalServices.elasticsearchPort }}"
-          {{- end }}
-          - name: CLEARML_MONGODB_SERVICE_HOST
-          {{- if .Values.mongodb.enabled }}
-            value: "{{ tpl .Values.mongodb.service.name . }}"
-          {{- else }}
-            value: "{{ .Values.externalServices.mongodbHost }}"
-          {{- end }}
-          - name: CLEARML_MONGODB_SERVICE_PORT
-          {{- if .Values.mongodb.enabled }}
-            value: "{{ .Values.mongodb.service.port }}"
-          {{- else }}
-            value: "{{ .Values.externalServices.mongodbPort }}"
-          {{- end }}
-          - name: CLEARML_REDIS_SERVICE_HOST
-          {{- if .Values.redis.enabled }}
-            value: "{{ tpl .Values.redis.master.name . }}"
-          {{- else }}
-            value: "{{ .Values.externalServices.redisHost }}"
-          {{- end }}
-          - name: CLEARML_REDIS_SERVICE_PORT
-          {{- if .Values.redis.enabled }}
-            value: "{{ .Values.redis.master.port }}"
-          {{- else }}
-            value: "{{ .Values.externalServices.redisPort }}"
-          {{- end }}
-          - name: CLEARML__APISERVER__PRE_POPULATE__ENABLED
-            value: "{{ .Values.apiserver.prepopulateEnabled }}"
-          - name: CLEARML__APISERVER__PRE_POPULATE__ZIP_FILES
-            value: "{{ .Values.apiserver.prepopulateZipFiles }}"
-          - name: CLEARML_SERVER_DEPLOYMENT_TYPE
-            value: "helm-cloud"
-          - name: CLEARML__APISERVER__AUTH__COOKIES__MAX_AGE
-            value: "{{ .Values.apiserver.authCookiesMaxAge }}"
-          - name: CLEARML_CONFIG_DIR
-            value: /opt/clearml/config
-          - name: CLEARML__APISERVER__DEFAULT_COMPANY
-            value: {{ .Values.clearml.defaultCompany }}
-          - name: CLEARML__SECURE__HTTP__SESSION_SECRET__APISERVER
-            valueFrom:
-              secretKeyRef:
-                name: {{ default "clearml-conf" .Values.secret.existingSecret }}
-                key: http_session
-          - name: CLEARML__SECURE__AUTH__TOKEN_SECRET
-            valueFrom:
-              secretKeyRef:
-                name: {{ default "clearml-conf" .Values.secret.existingSecret }}
-                key: auth_token
-          - name: CLEARML__SECURE__CREDENTIALS__APISERVER__USER_KEY
-            valueFrom:
-              secretKeyRef:
-                name: {{ default "clearml-conf" .Values.secret.existingSecret }}
-                key: apiserver_key
-          - name: CLEARML__SECURE__CREDENTIALS__APISERVER__USER_SECRET
-            valueFrom:
-              secretKeyRef:
-                name: {{ default "clearml-conf" .Values.secret.existingSecret }}
-                key: apiserver_secret
-          - name: CLEARML__SECURE__CREDENTIALS__TESTS__USER_KEY
-            valueFrom:
-              secretKeyRef:
-                name: {{ default "clearml-conf" .Values.secret.existingSecret }}
-                key: tests_user_key
-          - name: CLEARML__SECURE__CREDENTIALS__TESTS__USER_SECRET
-            valueFrom:
-              secretKeyRef:
-                name: {{ default "clearml-conf" .Values.secret.existingSecret }}
-                key: tests_user_secret
-         {{- if .Values.apiserver.extraEnvs }}
-         {{ toYaml .Values.apiserver.extraEnvs | nindent 10 }}
-         {{- end }}
-          args:
-            - apiserver
-          livenessProbe:
-            initialDelaySeconds: {{ .Values.apiserver.livenessDelay }}
-            httpGet:
-              path: /debug.ping
-              port: 8008
-          readinessProbe:
-            initialDelaySeconds: {{ .Values.apiserver.readinessDelay }}
-            failureThreshold: 8
-            httpGet:
-              path: /debug.ping
-              port: 8008
-          {{- if or .Values.apiserver.configuration.additionalConfigs .Values.apiserver.configuration.configRefName  .Values.apiserver.configuration.secretRefName }}
-          volumeMounts:
-           - name: apiserver-config
-             mountPath: /opt/clearml/config
-          {{- end }}
-          resources:
-            {{- toYaml .Values.apiserver.resources | nindent 12 }}
-      {{- if or .Values.apiserver.configuration.additionalConfigs .Values.apiserver.configuration.configRefName  .Values.apiserver.configuration.secretRefName }}
-      volumes:
-        - name: apiserver-config
-          {{- if or .Values.apiserver.configuration.configRefName }}
-          configMap:
-            name: {{ .Values.apiserver.configuration.configRefName }}
-          {{- else if or .Values.apiserver.configuration.secretRefName }}
-          secret:
-            secretName: {{ .Values.apiserver.configuration.secretRefName }}
-          {{- else if or .Values.apiserver.configuration.additionalConfigs }}
-          configMap:
-            name: "{{ include "clearml.fullname" . }}-apiserver-configmap"
-          {{- end }}
-      {{- end }}
-      {{- with .Values.apiserver.nodeSelector }}
-      nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.apiserver.affinity }}
-      affinity:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.apiserver.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}

charts/clearml/templates/deployment-fileserver.yaml

@@ -1,77 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ include "clearml.fullname" . }}-fileserver
-  labels:
-    {{- include "clearml.labels" . | nindent 4 }}
-spec:
-  replicas: {{ .Values.fileserver.replicaCount }}
-  selector:
-    matchLabels:
-      {{- include "clearml.selectorLabelsFileServer" . | nindent 6 }}
-  template:
-    metadata:
-      {{- with .Values.fileserver.podAnnotations }}
-      annotations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      labels:
-        {{- include "clearml.selectorLabelsFileServer" . | nindent 8 }}
-    spec:
-      volumes:
-        - name: fileserver-data
-          persistentVolumeClaim:
-            claimName: {{ include "clearml.fullname" . }}-fileserver-data
-      {{- if .Values.imageCredentials.enabled }}
-      imagePullSecrets:
-      {{- if .Values.imageCredentials.existingSecret }}
-      - name: {{ .Values.imageCredentials.existingSecret }}
-      {{- else }}
-      - name: clearml-agent-registry-key
-      {{- end }}
-      {{- end }}
-      containers:
-        - name: {{ .Chart.Name }}
-          image: "{{ .Values.fileserver.image.repository }}:{{ .Values.fileserver.image.tag | default .Chart.AppVersion }}"
-          imagePullPolicy: {{ .Values.fileserver.image.pullPolicy }}
-          ports:
-            - name: http
-              containerPort: 8081
-              protocol: TCP
-          env:
-          - name: CLEARML_CONFIG_DIR
-            value: /opt/clearml/config
-          {{- if .Values.fileserver.extraEnvs }}
-          {{ toYaml .Values.fileserver.extraEnvs | nindent 10 }}
-          {{- end }}
-          args:
-            - fileserver
-          livenessProbe:
-            exec:
-              command:
-                - curl
-                - -X OPTIONS
-                - http://localhost:8081/
-          readinessProbe:
-            exec:
-              command:
-                - curl
-                - -X OPTIONS
-                - http://localhost:8081/
-          volumeMounts:
-            - name: fileserver-data
-              mountPath: /mnt/fileserver
-          resources:
-            {{- toYaml .Values.fileserver.resources | nindent 12 }}
-      {{- with .Values.fileserver.nodeSelector }}
-      nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.fileserver.affinity }}
-      affinity:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.fileserver.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}

charts/clearml/templates/deployment-webserver.yaml

@@ -1,83 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ include "clearml.fullname" . }}-webserver
-  labels:
-    {{- include "clearml.labels" . | nindent 4 }}
-spec:
-  replicas: {{ .Values.webserver.replicaCount }}
-  selector:
-    matchLabels:
-      {{- include "clearml.selectorLabelsWebServer" . | nindent 6 }}
-  template:
-    metadata:
-      {{- with .Values.webserver.podAnnotations }}
-      annotations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      labels:
-        {{- include "clearml.selectorLabelsWebServer" . | nindent 8 }}
-    spec:
-      {{- if .Values.imageCredentials.enabled }}
-      imagePullSecrets:
-      {{- if .Values.imageCredentials.existingSecret }}
-      - name: {{ .Values.imageCredentials.existingSecret }}
-      {{- else }}
-      - name: clearml-agent-registry-key
-      {{- end }}
-      {{- end }}
-      containers:
-        - name: {{ .Chart.Name }}
-          image: "{{ .Values.webserver.image.repository }}:{{ .Values.webserver.image.tag | default .Chart.AppVersion }}"
-          imagePullPolicy: {{ .Values.webserver.image.pullPolicy }}
-          ports:
-            - name: http
-              containerPort: 80
-              protocol: TCP
-          livenessProbe:
-            exec:
-              command:
-                - curl
-                - -X OPTIONS
-                - http://0.0.0.0:80/
-          readinessProbe:
-            exec:
-              command:
-                - curl
-                - -X OPTIONS
-                - http://0.0.0.0:80/
-          {{- if .Values.webserver.additionalConfigs }}
-          volumeMounts:
-          - name: webserver-config
-            mountPath: /opt/clearml/config
-          {{- end }}
-          env:
-          - name: NGINX_APISERVER_ADDRESS
-            value: "http://{{ include "clearml.fullname" . }}-apiserver:{{ .Values.apiserver.service.port }}"
-          - name: NGINX_FILESERVER_ADDRESS
-            value: "http://{{ include "clearml.fullname" . }}-fileserver:{{ .Values.fileserver.service.port }}"
-          {{- if .Values.webserver.extraEnvs }}
-          {{ toYaml .Values.webserver.extraEnvs | nindent 10 }}
-          {{- end }}
-          args:
-            - webserver
-          resources:
-            {{- toYaml .Values.webserver.resources | nindent 12 }}
-      {{- if .Values.webserver.additionalConfigs }}
-      volumes:
-        - name: webserver-config
-          configMap:
-            name: "{{ include "clearml.fullname" . }}-webserver-configmap"
-      {{- end }}
-      {{- with .Values.webserver.nodeSelector }}
-      nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.webserver.affinity }}
-      affinity:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.webserver.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}

charts/clearml/templates/fileserver-deployment.yaml

@@ -0,0 +1,126 @@
+{{- if .Values.fileserver.enabled }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "fileserver.referenceName" . }}
+  labels:
+    {{- include "clearml.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.fileserver.replicaCount }}
+  selector:
+    matchLabels:
+      {{- include "fileserver.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      {{- with .Values.fileserver.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "fileserver.selectorLabels" . | nindent 8 }}
+    spec:
+      {{- if .Values.imageCredentials.enabled }}
+      imagePullSecrets:
+      {{- if .Values.imageCredentials.existingSecret }}
+      - name: .Values.imageCredentials.existingSecret
+      {{- else }}
+      - name: clearml-registry-key
+      {{- end }}
+      {{- end }}
+      volumes:
+        {{- if .Values.fileserver.storage.data.existingPVC }}
+        - name: fileserver-data
+          persistentVolumeClaim:
+            claimName: {{ .Values.fileserver.storage.data.existingPVC | quote }}
+        {{- else }}
+        - name: fileserver-data
+          persistentVolumeClaim:
+            claimName: {{ include "fileserver.referenceName" . }}-data
+        {{- end }}
+      securityContext: {{ toYaml .Values.fileserver.podSecurityContext | nindent 8 }}
+      initContainers:
+          - name: init-fileserver
+            {{- if .Values.enterpriseFeatures.enabled }}
+            image: "{{ .Values.fileserver.image.repository }}:{{ .Values.enterpriseFeatures.fileserverImageTagOverride }}"
+            {{- else }}
+            image: "{{ .Values.fileserver.image.repository }}:{{ .Values.fileserver.image.tag }}"
+            {{- end }}
+            command:
+              - /bin/sh
+              - -c
+              - >
+                set -x;
+                while [ $(curl -sw '%{http_code}' "http://{{ include "apiserver.referenceName" . }}:{{ .Values.apiserver.service.port }}/debug.ping" -o /dev/null) -ne 200 ] ; do
+                  echo "waiting for apiserver" ;
+                  sleep 5 ;
+                done
+      containers:
+        - name: clearml-fileserver
+          {{- if .Values.enterpriseFeatures.enabled }}
+          image: "{{ .Values.fileserver.image.repository }}:{{ .Values.enterpriseFeatures.fileserverImageTagOverride }}"
+          {{- else }}
+          image: "{{ .Values.fileserver.image.repository }}:{{ .Values.fileserver.image.tag }}"
+          {{- end }}
+          imagePullPolicy: {{ .Values.fileserver.image.pullPolicy }}
+          ports:
+            - name: http
+              containerPort: 8081
+              protocol: TCP
+          env:
+          - name: CLEARML__HOSTS__API_SERVER
+            value: "http://{{ include "apiserver.referenceName" . }}:{{ .Values.apiserver.service.port }}"
+          - name: CLEARML_REDIS_SERVICE_HOST
+            value: {{ include "redis.servicename" . }}
+          - name: CLEARML_REDIS_SERVICE_PORT
+            value: "{{ include "redis.serviceport" . }}"
+          {{- if not (eq .Values.clearml.cookieDomain "") }}
+          - name: CLEARML__FILESERVER__AUTH__COOKIE_NAMES
+            value: "[ {{ .Values.clearml.cookieName }} ]"
+          {{- end }}
+          - name: USER_KEY
+            valueFrom:
+              secretKeyRef:
+                name: clearml-conf
+                key: fileserver_key
+          - name: USER_SECRET
+            valueFrom:
+              secretKeyRef:
+                name: clearml-conf
+                key: fileserver_secret
+          {{- if .Values.fileserver.extraEnvs }}
+          {{ toYaml .Values.fileserver.extraEnvs | nindent 10 }}
+          {{- end }}
+          {{- if not .Values.enterpriseFeatures.enabled }}
+          args:
+            - fileserver
+          {{- end }}
+          livenessProbe:
+            exec:
+              command:
+                - curl
+                - -X OPTIONS
+                - http://localhost:8081/
+          readinessProbe:
+            exec:
+              command:
+                - curl
+                - -X OPTIONS
+                - http://localhost:8081/
+          volumeMounts:
+            - name: fileserver-data
+              mountPath: /mnt/fileserver
+          resources:
+            {{- toYaml .Values.fileserver.resources | nindent 12 }}
+      {{- with .Values.fileserver.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.fileserver.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.fileserver.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+{{- end }}

charts/clearml/templates/fileserver-ingress.yaml

@@ -0,0 +1,49 @@
+{{- if .Values.fileserver.enabled }}
+{{- if .Values.fileserver.ingress.enabled }}
+{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1
+{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- else -}}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+  name: {{ include "fileserver.referenceName" . }}
+  labels:
+    {{- include "clearml.labels" . | nindent 4 }}
+  {{- $annotations := .Values.fileserver.ingress.annotations }}
+  {{- if .Values.fileserver.ingress.annotations }}
+  {{- $annotations = mergeOverwrite $annotations .Values.fileserver.ingress.annotations }}
+  {{- end }}
+  annotations:
+    {{- toYaml $annotations | nindent 4 }}
+spec:
+  {{- if .Values.fileserver.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.fileserver.ingress.ingressClassName }}
+  {{- end }}
+  {{- if .Values.fileserver.ingress.tlsSecretName }}
+  tls:
+    - hosts:
+        - {{ .Values.fileserver.ingress.hostName }}
+      secretName: {{ .Values.fileserver.ingress.tlsSecretName }}
+  {{- end }}
+  rules:
+  - host: {{ .Values.fileserver.ingress.hostName }}
+    http:
+      paths:
+      - path: {{ .Values.fileserver.ingress.path }}
+  {{ if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion }}
+        pathType: Prefix
+        backend:
+          service:
+            name: {{ include "fileserver.referenceName" . }}
+            port:
+              number: {{ .Values.fileserver.service.port }}
+  {{ else }}
+        backend:
+          serviceName: {{ include "fileserver.referenceName" . }}
+          servicePort: {{ .Values.fileserver.service.port }}
+  {{ end }}
+{{- end }}
+{{- end }}

charts/clearml/templates/fileserver-pvc.yaml

@@ -1,16 +1,19 @@
+{{- if .Values.fileserver.enabled }}
+{{- if not .Values.fileserver.storage.data.existingPVC }}
 kind: PersistentVolumeClaim
 apiVersion: v1
 metadata:
-  name: {{ include "clearml.fullname" . }}-fileserver-data
+  name: {{ include "fileserver.referenceName" . }}-data
   labels:
     {{- include "clearml.labels" . | nindent 4 }}
 spec:
   accessModes:
-    - ReadWriteOnce
+    - {{ .Values.fileserver.storage.data.accessMode }}
   resources:
     requests:
       storage: {{ .Values.fileserver.storage.data.size | quote }}
   {{- if .Values.fileserver.storage.data.class }}
   storageClassName: {{ .Values.fileserver.storage.data.class | quote }}
   {{- end -}}
-  
+{{- end }}
+{{- end }}

charts/clearml/templates/fileserver-service.yaml

@@ -1,17 +1,19 @@
+{{- if .Values.fileserver.enabled }}
 apiVersion: v1
 kind: Service
 metadata:
-  name: {{ include "clearml.fullname" . }}-fileserver
+  name: {{ include "fileserver.referenceName" . }}
   labels:
     {{- include "clearml.labels" . | nindent 4 }}
 spec:
   type: {{ .Values.fileserver.service.type }}
   ports:
     - port: {{ .Values.fileserver.service.port }}
-      targetPort: {{ .Values.fileserver.service.port }}
-{{- if eq .Values.fileserver.service.type "NodePort" }}
+      targetPort: 8081
+      {{- if eq .Values.fileserver.service.type "NodePort" }}
       nodePort: {{ .Values.fileserver.service.nodePort }}
-{{- end }}
+      {{- end }}
       protocol: TCP
   selector:
-    {{- include "clearml.selectorLabelsFileServer" . | nindent 4 }}
+    {{- include "fileserver.selectorLabels" . | nindent 4 }}
+{{- end }}

charts/clearml/templates/imagePullSecret.yaml

@@ -1,9 +0,0 @@
-{{- if .Values.imageCredentials.enabled -}}
-apiVersion: v1
-kind: Secret
-metadata:
-  name: clearml-agent-registry-key
-type: kubernetes.io/dockerconfigjson
-data:
-  .dockerconfigjson: {{ template "imagePullSecret" . }}
-{{- end }}

charts/clearml/templates/ingress-api.yaml

@@ -1,45 +0,0 @@
-{{- if .Values.ingress.api.enabled -}}
-{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
-apiVersion: networking.k8s.io/v1
-{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
-apiVersion: networking.k8s.io/v1beta1
-{{- else -}}
-apiVersion: extensions/v1beta1
-{{- end }}
-kind: Ingress
-metadata:
-  name: {{ include "clearml.fullname" . }}-api
-  labels:
-    {{- include "clearml.labels" . | nindent 4 }}
-  {{- $annotations := .Values.ingress.annotations }}
-  {{- if .Values.ingress.api.annotations }}
-  {{- $annotations = mergeOverwrite $annotations .Values.ingress.api.annotations }}
-  {{- end }}
-  annotations:
-    {{- toYaml $annotations | nindent 4 }}
-
-spec:
-  {{- if .Values.ingress.api.tlsSecretName }}
-  tls:
-    - hosts:
-        - {{ .Values.ingress.api.hostName }}
-      secretName: {{ .Values.ingress.api.tlsSecretName }}
-  {{- end }}
-  rules:
-  - host: {{ .Values.ingress.api.hostName }}
-    http:
-      paths:
-      - path: {{ .Values.ingress.api.path }}
-  {{ if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion }}
-        pathType: Prefix
-        backend:
-          service:
-            name: {{ include "clearml.fullname" . }}-apiserver
-            port:
-              number: {{ .Values.apiserver.service.port }}
-  {{ else }}
-        backend:
-          serviceName: {{ include "clearml.fullname" . }}-apiserver
-          servicePort: {{ .Values.apiserver.service.port }}
-  {{ end }}
-{{- end }}

charts/clearml/templates/ingress-app.yaml

@@ -1,44 +0,0 @@
-{{- if .Values.ingress.app.enabled -}}
-{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
-apiVersion: networking.k8s.io/v1
-{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
-apiVersion: networking.k8s.io/v1beta1
-{{- else -}}
-apiVersion: extensions/v1beta1
-{{- end }}
-kind: Ingress
-metadata:
-  name: {{ include "clearml.fullname" . }}-app
-  labels:
-    {{- include "clearml.labels" . | nindent 4 }}
-  {{- $annotations := .Values.ingress.annotations }}
-  {{- if .Values.ingress.app.annotations }}
-  {{- $annotations = mergeOverwrite $annotations .Values.ingress.app.annotations }}
-  {{- end }}
-  annotations:
-    {{- toYaml $annotations | nindent 4 }}
-spec:
-  {{- if .Values.ingress.app.tlsSecretName }}
-  tls:
-    - hosts:
-        - {{ .Values.ingress.app.hostName }}
-      secretName: {{ .Values.ingress.app.tlsSecretName }}
-  {{- end }}
-  rules:
-  - host: {{ .Values.ingress.app.hostName }}
-    http:
-      paths:
-      - path: {{ .Values.ingress.app.path }}
-  {{ if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion }}
-        pathType: Prefix
-        backend:
-          service:
-            name: {{ include "clearml.fullname" . }}-webserver
-            port:
-              number: {{ .Values.webserver.service.port }}
-  {{ else }}
-        backend:
-          serviceName: {{ include "clearml.fullname" . }}-webserver
-          servicePort: {{ .Values.webserver.service.port }}
-  {{ end }}
-{{- end }}

charts/clearml/templates/ingress-files.yaml

@@ -1,44 +0,0 @@
-{{- if .Values.ingress.files.enabled -}}
-{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
-apiVersion: networking.k8s.io/v1
-{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
-apiVersion: networking.k8s.io/v1beta1
-{{- else -}}
-apiVersion: extensions/v1beta1
-{{- end }}
-kind: Ingress
-metadata:
-  name: {{ include "clearml.fullname" . }}-files
-  labels:
-    {{- include "clearml.labels" . | nindent 4 }}
-  {{- $annotations := .Values.ingress.annotations }}
-  {{- if .Values.ingress.files.annotations }}
-  {{- $annotations = mergeOverwrite $annotations .Values.ingress.files.annotations }}
-  {{- end }}
-  annotations:
-    {{- toYaml $annotations | nindent 4 }}
-spec:
-  {{- if .Values.ingress.files.tlsSecretName }}
-  tls:
-    - hosts:
-        - {{ .Values.ingress.files.hostName }}
-      secretName: {{ .Values.ingress.files.tlsSecretName }}
-  {{- end }}
-  rules:
-  - host: {{ .Values.ingress.files.hostName }}
-    http:
-      paths:
-      - path: {{ .Values.ingress.files.path }}
-  {{ if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion }}
-        pathType: Prefix
-        backend:
-          service:
-            name: {{ include "clearml.fullname" . }}-fileserver
-            port:
-              number: {{ .Values.fileserver.service.port }}
-  {{ else }}
-        backend:
-          serviceName: {{ include "clearml.fullname" . }}-fileserver
-          servicePort: {{ .Values.fileserver.service.port }}
-  {{ end }}
-{{- end }}

charts/clearml/templates/secrets.yaml

@@ -1,13 +0,0 @@
-{{- if not .Values.secret.existingSecret }}
-apiVersion: v1
-kind: Secret
-metadata:
-  name: clearml-conf
-stringData:
-  apiserver_key: {{ .Values.secret.credentials.apiserver.accessKey }}
-  apiserver_secret: {{ .Values.secret.credentials.apiserver.secretKey }}
-  http_session: {{ .Values.secret.httpSession }}
-  auth_token: {{ .Values.secret.authToken }}
-  tests_user_key: {{ .Values.secret.credentials.tests.accessKey }}
-  tests_user_secret: {{ .Values.secret.credentials.tests.secretKey }}
-{{- end }}

charts/clearml/templates/service-webserver.yaml

@@ -1,17 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ include "clearml.fullname" . }}-webserver
-  labels:
-    {{- include "clearml.labels" . | nindent 4 }}
-spec:
-  type: {{ .Values.webserver.service.type }}
-  ports:
-    - port: {{ .Values.webserver.service.port }}
-      targetPort: {{ .Values.webserver.service.port }}
-{{- if eq .Values.webserver.service.type "NodePort" }}
-      nodePort: {{ .Values.webserver.service.nodePort }}
-{{- end }}
-      protocol: TCP
-  selector:
-    {{- include "clearml.selectorLabelsWebServer" . | nindent 4 }}

charts/clearml/templates/webserver-configmap.yaml

@@ -0,0 +1,31 @@
+{{- if .Values.webserver.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: "{{ include "webserver.referenceName" . }}-configmap"
+  labels:
+    {{- include "clearml.labels" . | nindent 4 }}
+data:
+  {{- if .Values.enterpriseFeatures.enabled }}
+  configuration.json: |
+    {
+      "gettingStartedContext": {
+        "install":"pip install -U --extra-index-url {{ .Values.enterpriseFeatures.extraIndexUrl }} allegroai",
+        "configure": "allegroai-init",
+        "packageName": "allegroai",
+        "agentName": "allegroai"
+      },
+      "docsLink": "https://clear.ml/docs/",
+      "applicationsBackground": "ui-assets/apps-message.svg"
+      {{- if and .Values.enterpriseFeatures.overrideReferenceApiUrl .Values.enterpriseFeatures.overrideReferenceFileUrl }}
+      ,
+      "fileBaseUrl": "{{ .Values.enterpriseFeatures.overrideReferenceFileUrl }}",
+      "apiBaseUrl": "{{ .Values.enterpriseFeatures.overrideReferenceApiUrl }}"
+      {{- end }}
+    }
+  {{- end }}
+  {{- range $key, $val := .Values.webserver.additionalConfigs }}
+  {{ $key }}: |
+    {{- $val | nindent 4 }}
+  {{- end }}
+{{- end -}}

charts/clearml/templates/webserver-deployment.yaml

@@ -0,0 +1,165 @@
+{{- if .Values.webserver.enabled }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "webserver.referenceName" . }}
+  labels:
+    {{- include "clearml.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.webserver.replicaCount }}
+  selector:
+    matchLabels:
+      {{- include "webserver.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      {{- with .Values.webserver.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "webserver.selectorLabels" . | nindent 8 }}
+    spec:
+      {{- if .Values.imageCredentials.enabled }}
+      imagePullSecrets:
+      {{- if .Values.imageCredentials.existingSecret }}
+      - name: .Values.imageCredentials.existingSecret
+      {{- else }}
+      - name: clearml-registry-key
+      {{- end }}
+      {{- end }}
+      volumes:
+        - name: webserver-config
+          configMap:
+            name: "{{ include "webserver.referenceName" . }}-configmap"
+        {{- if .Values.enterpriseFeatures.airGappedDocumentation.enabled }}
+        - name: documentation
+          emptyDir: {}
+        {{- end }}
+      securityContext: {{ toYaml .Values.webserver.podSecurityContext | nindent 8 }}
+      initContainers:
+        {{- if .Values.enterpriseFeatures.airGappedDocumentation.enabled }}
+        - name: init-airgap-docs
+          image: "{{ .Values.enterpriseFeatures.airGappedDocumentation.image.repository }}:{{ .Values.enterpriseFeatures.airGappedDocumentation.image.tag | default .Chart.AppVersion }}"
+          command:
+            - /bin/sh
+            - -c
+            - cp -a /docs_site/* /usr/share/nginx/html/clearml
+          volumeMounts:
+            - name: webserver-config
+              mountPath: /mnt/external_files/configs
+            {{- if .Values.enterpriseFeatures.airGappedDocumentation.enabled }}
+            - mountPath: /usr/share/nginx/html/clearml
+              name: documentation
+            {{- end }}
+        {{- end }}
+        - name: init-webserver
+          {{- if .Values.enterpriseFeatures.enabled }}
+          image: "{{ .Values.webserver.image.repository }}:{{ .Values.enterpriseFeatures.webserverImageTagOverride }}"
+          {{- else }}
+          image: "{{ .Values.webserver.image.repository }}:{{ .Values.webserver.image.tag }}"
+          {{- end }}
+          command:
+            - /bin/sh
+            - -c
+            - >
+              set -x;
+              while [ $(curl -sw '%{http_code}' "http://{{ include "apiserver.referenceName" . }}:{{ .Values.apiserver.service.port }}/debug.ping" -o /dev/null) -ne 200 ] ; do
+                echo "waiting for apiserver" ;
+                sleep 5 ;
+              done
+      containers:
+        - name: clearml-webserver
+          {{- if .Values.enterpriseFeatures.enabled }}
+          image: "{{ .Values.webserver.image.repository }}:{{ .Values.enterpriseFeatures.webserverImageTagOverride }}"
+          {{- else }}
+          image: "{{ .Values.webserver.image.repository }}:{{ .Values.webserver.image.tag }}"
+          {{- end }}
+          imagePullPolicy: {{ .Values.webserver.image.pullPolicy }}
+          ports:
+            - name: http
+              {{- if .Values.enterpriseFeatures.enabled }}
+              containerPort: 8080
+              {{- else }}
+              containerPort: 80
+              {{- end }}
+              protocol: TCP
+          livenessProbe:
+            exec:
+              command:
+                - curl
+                - -X OPTIONS
+                {{- if .Values.enterpriseFeatures.enabled }}
+                - http://localhost:8080/
+                {{- else }}
+                - http://localhost:80/
+                {{- end }}
+          readinessProbe:
+            exec:
+              command:
+                - curl
+                - -X OPTIONS
+                {{- if .Values.enterpriseFeatures.enabled }}
+                - http://localhost:8080/
+                {{- else }}
+                - http://localhost:80/
+                {{- end }}
+          env:
+          - name: NGINX_APISERVER_ADDRESS
+            value: "http://{{ include "apiserver.referenceName" . }}:{{ .Values.apiserver.service.port }}"
+          - name: NGINX_FILESERVER_ADDRESS
+            value: "http://{{ include "fileserver.referenceName" . }}:{{ .Values.fileserver.service.port }}"
+          {{- if .Values.enterpriseFeatures.enabled }}
+          {{- if .Values.enterpriseFeatures.airGappedDocumentation.enabled }}
+          - name: WEBSERVER__docsLink
+            value: "\"clearml/docs/\""
+          {{- end }}
+          - name: COMPANY_ID
+            value: "{{ .Values.clearml.defaultCompany }}"
+          - name: WEBSERVER__appsYouTubeIntroLink
+            value: "\"https://www.youtube.com/embed/HACL60h1Z54\""
+          - name: WEBSERVER__appsYouTubeIntroVideoId
+            value: "\"HACL60h1Z54\""
+          - name: USER_KEY
+            valueFrom:
+              secretKeyRef:
+                name: clearml-conf
+                key: apiserver_key
+          - name: USER_SECRET
+            valueFrom:
+              secretKeyRef:
+                name: clearml-conf
+                key: apiserver_secret
+          {{- end }}
+          {{- if include "clearml.clientConfiguration" . }}
+          - name: WEBSERVER__displayedServerUrls
+            value: {{ include "clearml.clientConfiguration" . | quote }} 
+          {{- end }}
+          {{- if .Values.webserver.extraEnvs }}
+          {{ toYaml .Values.webserver.extraEnvs | nindent 10 }}
+          {{- end }}
+          {{- if not .Values.enterpriseFeatures.enabled }}
+          args:
+            - webserver
+          {{- end }}
+          volumeMounts:
+            - name: webserver-config
+              mountPath: /mnt/external_files/configs
+            {{- if .Values.enterpriseFeatures.airGappedDocumentation.enabled }}
+            - mountPath: /usr/share/nginx/html/clearml
+              name: documentation
+            {{- end }}
+          resources:
+            {{- toYaml .Values.webserver.resources | nindent 12 }}
+      {{- with .Values.webserver.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.webserver.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.webserver.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+{{- end }}

charts/clearml/templates/webserver-ingress.yaml

@@ -0,0 +1,49 @@
+{{- if .Values.webserver.enabled }}
+{{- if .Values.webserver.ingress.enabled }}
+{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1
+{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- else -}}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+  name: {{ include "webserver.referenceName" . }}
+  labels:
+    {{- include "clearml.labels" . | nindent 4 }}
+  {{- $annotations := .Values.webserver.ingress.annotations }}
+  {{- if .Values.webserver.ingress.annotations }}
+  {{- $annotations = mergeOverwrite $annotations .Values.webserver.ingress.annotations }}
+  {{- end }}
+  annotations:
+    {{- toYaml $annotations | nindent 4 }}
+spec:
+  {{- if .Values.webserver.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.webserver.ingress.ingressClassName }}
+  {{- end }}
+  {{- if .Values.webserver.ingress.tlsSecretName }}
+  tls:
+    - hosts:
+        - {{ .Values.webserver.ingress.hostName }}
+      secretName: {{ .Values.webserver.ingress.tlsSecretName }}
+  {{- end }}
+  rules:
+  - host: {{ .Values.webserver.ingress.hostName }}
+    http:
+      paths:
+      - path: {{ .Values.webserver.ingress.path }}
+  {{ if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion }}
+        pathType: Prefix
+        backend:
+          service:
+            name: {{ include "webserver.referenceName" . }}
+            port:
+              number: {{ .Values.webserver.service.port }}
+  {{ else }}
+        backend:
+          serviceName: {{ include "webserver.referenceName" . }}
+          servicePort: {{ .Values.webserver.service.port }}
+  {{ end }}
+{{- end }}
+{{- end }}

charts/clearml/templates/webserver-service.yaml

@@ -0,0 +1,23 @@
+{{- if .Values.webserver.enabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "webserver.referenceName" . }}
+  labels:
+    {{- include "clearml.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.webserver.service.type }}
+  ports:
+    - port: {{ .Values.webserver.service.port }}
+      {{- if .Values.enterpriseFeatures.enabled }}
+      targetPort: 8080
+      {{- else }}
+      targetPort: 80
+      {{- end }}
+      {{- if eq .Values.webserver.service.type "NodePort" }}
+      nodePort: {{ .Values.webserver.service.nodePort }}
+      {{- end }}
+      protocol: TCP
+  selector:
+    {{- include "webserver.selectorLabels" . | nindent 4 }}
+{{- end }}

charts/clearml/values-production.yaml

@@ -0,0 +1,29 @@
+apiserver:
+  service:
+    type: ClusterIP
+  ingress:
+    enabled: true
+    hostName: "api.clearml.127-0-0-1.nip.io"
+fileserver:
+  service:
+    type: ClusterIP
+  ingress:
+    enabled: true
+    hostName: "files.clearml.127-0-0-1.nip.io"
+webserver:
+  service:
+    type: ClusterIP
+  ingress:
+    enabled: true
+    hostName: "app.clearml.127-0-0-1.nip.io"
+mongodb:
+  enabled: true
+  architecture: replicaset
+  replicaCount: 3
+  arbiter:
+    enabled: false
+  pdb:
+    create: true
+  podAntiAffinityPreset: soft
+elasticsearch:
+  replicas: 3

charts/clearml/values.yaml

@@ -1,4 +1,4 @@
-# -- Private image registry configuration
+# -- Container registry configuration
 imageCredentials:
   # -- Use private authentication mode
   enabled: false
@@ -15,230 +15,282 @@ imageCredentials:
 
 # -- ClearMl generic configurations
 clearml:
+  # -- Name fo the UI cookie
+  cookieName: "clearml-token-k8s"
+  # -- Cookie domain to be left empty if not exposed with an ingress
+  cookieDomain: ""
+  # -- Company name
   defaultCompany: "d1bd92a3b039400cbafc60a7a5b1e52b"
-ingress:
-  name: clearml-server-ingress
-  annotations: {}
-  app:
-    enabled: false
-    hostName: "app.clearml.127-0-0-1.nip.io"
-    tlsSecretName: ""
-    annotations: {}
-    path: "/"
-  api:
-    enabled: false
-    hostName: "api.clearml.127-0-0-1.nip.io"
-    tlsSecretName: ""
-    annotations: {}
-    path: "/"
-  files:
-    enabled: false
-    hostName: "files.clearml.127-0-0-1.nip.io"
-    tlsSecretName: ""
-    annotations: {}
-    path: "/"
-
-secret:
-  # -- If this is set, chart will not generate a secret but will use what is defined here
-  existingSecret: ""
-
-  # -- Set for http_session field
-  httpSession: "9Tw20RbhJ1bLBiHEOWXvhplKGUbTgLzAtwFN2oLQvWwS0uRpD5"
-  # -- Set for auth_token field
-  authToken: "1SCf0ov3Nm544Td2oZ0gXSrsNx5XhMWdVlKz1tOgcx158bD5RV"
-  credentials:
-    apiserver:
-      # -- Set for apiserver_key field
-      accessKey: "5442F3443MJMORWZA3ZH"
-      # -- Set for apiserver_secret field
-      secretKey: "BxapIRo9ZINi8x25CRxz8Wdmr2pQjzuWVB4PNASZqCtTyWgWVQ"
-    tests:
-      # -- Set for tests_user_key field
-      accessKey: "ENP39EQM4SLACGD5FXB7"
-      # -- Set for tests_user_secret field
-      secretKey: "lPcm0imbcBZ8mwgO7tpadutiS3gnJD05x9j7afwXPS35IKbpiQ"
+  # -- Api Server basic auth key
+  apiserverKey: GGS9F4M6XB2DXJ5AFT9F
+  # -- Api Server basic auth secret
+  apiserverSecret: 2oGujVFhPfaozhpuz2GzQfA5OyxmMsR3WVJpsCR5hrgHFs20PO
+  # -- File Server basic auth key
+  fileserverKey: XXCRJ123CEE2KSQ068WO
+  # -- File Server basic auth secret
+  fileserverSecret: YIy8EVAC7QCT4FtgitxAQGyW7xRHDZ4jpYlTE7HKiscpORl1hG
+  # -- Readiness probe basic auth key
+  readinessprobeKey: GK4PRTVT3706T25K6BA1
+  # -- Readiness probe basic auth secret
+  readinessprobeSecret: ymLh1ok5k5xNUQfS944Xdx9xjf0wueokqKM2dMZfHuH9ayItG2
+  # -- Secure Auth secret
+  secureAuthTokenSecret: ymLh1ok5k5xNUQfS944Xdx9xjf0wueokqKM2dMZfHuH9ayItG2
+  # -- Test Server basic auth key
+  testUserKey: "ENP39EQM4SLACGD5FXB7"
+  # -- Test File Server basic auth secret
+  testUserSecret: "lPcm0imbcBZ8mwgO7tpadutiS3gnJD05x9j7afwXPS35IKbpiQ"
+  # -- Override the API Urls displayed when showing an example of the SDK's clearml.conf configuration
+  clientConfigurationApiUrl: ""
+  # -- Override the Files Urls displayed when showing an example of the SDK's clearml.conf configuration
+  clientConfigurationFilesUrl: ""
 
+# -- Api Server configurations
 apiserver:
-  prepopulateEnabled: "true"
-  prepopulateZipFiles: "/opt/clearml/db-pre-populate"
-  prepopulateArtifactsPath: "/mnt/fileserver"
-  configDir: /opt/clearml/config
-
-  # -- Amount of seconds the authorization cookie will last in user browser
-  authCookiesMaxAge: 864000
-
+  # -- Enable/Disable component deployment
+  enabled: true
+  # -- Enable/Disable example data load
+  prepopulateEnabled: true
+  # -- Api Server image configuration
+  image:
+    repository: "allegroai/clearml"
+    pullPolicy: IfNotPresent
+    tag: "1.9.2-317"
+  # -- Api Server internal service configuration
   service:
-    # -- This will set to service's spec.type field
     type: NodePort
     port: 8008
     # -- If service.type set to NodePort, this will be set to service's nodePort field.
     # If service.type is set to others, this field will be ignored
     nodePort: 30008
-
-  livenessDelay: 60
-  readinessDelay: 60
-
+  # -- Api Server number of pods
   replicaCount: 1
+  # -- Ingress configuration for Api Server component
+  ingress:
+    # -- Enable/Disable ingress
+    enabled: false
+    # -- ClassName (must be defined if no default ingressClassName is available)
+    ingressClassName: ""
+    # -- Ingress hostname domain
+    hostName: "api.clearml.127-0-0-1.nip.io"
+    # -- Reference to secret containing TLS certificate. If set, it enables HTTPS on ingress rule.
+    tlsSecretName: ""
+    # -- Ingress annotations
+    annotations: {}
+    # -- Ingress root path url
+    path: "/"
+  # -- Api Server internal processes configuration
+  processes:
+    # -- Api Server internal listing processes
+    count: 8
+    # -- Api timeout (ms)
+    timeout: 24000
+    # -- Api Server maximum number of concurrent requests
+    maxRequests: 1000
+    # -- Api Server max jitter on api request
+    maxRequestsJitter: 300
+  # -- Api Server extra envrinoment variables
+  extraEnvs: []
+  # -- Number of additional replicas in Elasticsearch indexes
+  indexReplicas: 0
+    # -- Number of shards in Elasticsearch indexes
+  indexShards: 1
+  # -- specific annotation for Api Server pods
+  podAnnotations: {}
+  # -- Api Server resources per pod; these are minimal requirements, it's suggested to increase
+  # these values in production environments
+  resources:
+    requests:
+      cpu: 100m
+      memory: 256Mi
+    limits:
+      cpu: 2000m
+      memory: 1Gi
+  # -- Api Server nodeselector
+  nodeSelector: {}
+  # -- Api Server tolerations setup
+  tolerations: []
+  # -- Api Server affinity setup
+  affinity: {}
+  # -- Api Server pod security context
+  securityContext: {}
+  #   runAsUser: 1001
+  #   fsGroup: 1001
+  # -- reference for files declared in existing ConfigMap will be mounted and read by apiserver (examples in values.yaml)
+  existingAdditionalConfigsConfigMap: ""
+  # -- reference for files declared in existing Secret will be mounted and read by apiserver (examples in values.yaml) if not overridden by existingAdditionalConfigsConfigMap
+  existingAdditionalConfigsSecret: ""
+  # -- files declared in this parameter will be mounted and read by apiserver (examples in values.yaml) if not overridden by existingAdditionalConfigsSecret
+  additionalConfigs: {}
+  #   services.conf: |
+  #     tasks {
+  #       non_responsive_tasks_watchdog {
+  #         # In-progress tasks that haven't been updated for at least 'value' seconds will be stopped by the watchdog
+  #         threshold_sec: 21000
+  #         # Watchdog will sleep for this number of seconds after each cycle
+  #         watch_interval_sec: 900
+  #       }
+  #     }
+  #   apiserver.conf: |
+  #     auth {
+  #       fixed_users {
+  #         enabled: true
+  #         pass_hashed: false
+  #         users: [
+  #           {
+  #             username: "jane"
+  #             password: "12345678"
+  #             name: "Jane Doe"
+  #           },
+  #           {
+  #             username: "john"
+  #             password: "12345678"
+  #             name: "John Doe"
+  #           },
+  #         ]
+  #       }
+  #     }
 
+# -- File Server configurations
+fileserver:
+  # -- Enable/Disable component deployment
+  enabled: true
+  # -- File Server image configuration
   image:
     repository: "allegroai/clearml"
     pullPolicy: IfNotPresent
-    tag: "1.6.0"
-
-  extraEnvs: []
-
-  podAnnotations: {}
-
-  resources: {}
-    # We usually recommend not to specify default resources and to leave this as a conscious
-    # choice for the user. This also increases chances charts run on environments with little
-    # resources, such as Minikube. If you do want to specify resources, uncomment the following
-    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-    # limits:
-    #   cpu: 100m
-    #   memory: 128Mi
-    # requests:
-    #   cpu: 100m
-    #   memory: 128Mi
-
-  nodeSelector: {}
-
-  tolerations: []
-
-  affinity: {}
-
-  # -- additional configurations that can be used by api server; check examples in values.yaml file
-  configuration:
-    configRefName: ""
-    secretRefName: ""
-    additionalConfigs: {}
-      # services.conf: |
-      #   tasks {
-      #     non_responsive_tasks_watchdog {
-      #       # In-progress tasks that haven't been updated for at least 'value' seconds will be stopped by the watchdog
-      #       threshold_sec: 21000
-      #       # Watchdog will sleep for this number of seconds after each cycle
-      #       watch_interval_sec: 900
-      #     }
-      #   }
-      # apiserver.conf: |
-      #   auth {
-      #     fixed_users {
-      #       enabled: true
-      #       pass_hashed: false
-      #       users: [
-      #         {
-      #           username: "jane"
-      #           password: "12345678"
-      #           name: "Jane Doe"
-      #         },
-      #         {
-      #           username: "john"
-      #           password: "12345678"
-      #           name: "John Doe"
-      #         },
-      #       ]
-      #     }
-      #   }
-
-fileserver:
+    tag: "1.9.2-317"
+  # -- File Server internal service configuration
   service:
-    # -- This will set to service's spec.type field
     type: NodePort
     port: 8081
     # -- If service.type set to NodePort, this will be set to service's nodePort field.
     # If service.type is set to others, this field will be ignored
     nodePort: 30081
-
+  # -- File Server number of pods
   replicaCount: 1
+  # -- Ingress configuration for File Server component
+  ingress:
+    # -- Enable/Disable ingress
+    enabled: false
+    # -- ClassName (must be defined if no default ingressClassName is available)
+    ingressClassName: ""
+    # -- Ingress hostname domain
+    hostName: "files.clearml.127-0-0-1.nip.io"
+    # -- Reference to secret containing TLS certificate. If set, it enables HTTPS on ingress rule.
+    tlsSecretName: ""
+    # -- Ingress annotations
+    annotations: {}
+    # -- Ingress root path url
+    path: "/"
+  # -- File Server extra envrinoment variables
+  extraEnvs: []
+  # -- specific annotation for File Server pods
+  podAnnotations: {}
+  # -- File Server resources per pod; these are minimal requirements, it's suggested to increase
+  # these values in production environments
+  resources:
+    requests:
+      cpu: 100m
+      memory: 256Mi
+    limits:
+      cpu: 2000m
+      memory: 1Gi
+  # -- File Server nodeselector
+  nodeSelector: {}
+  # -- File Server tolerations setup
+  tolerations: []
+  # -- File Server affinity setup
+  affinity: {}
+  # -- File Server pod security context
+  securityContext: {}
+  #   runAsUser: 1001
+  #   fsGroup: 1001
+  # -- File server persistence settings
+  storage:
+    data:
+      # -- If set, it uses an already existing PVC instead of dynamic provisioning
+      existingPVC: ""
+      # -- Storage class (use default if empty)
+      class: ""
+      # -- Access mode (must be ReadWriteMany if fileserver replica > 1)
+      accessMode: ReadWriteOnce
+      size: 50Gi
 
+# -- Web Server configurations
+webserver:
+  # -- Enable/Disable component deployment
+  enabled: true
+  # -- Web Server image configuration
   image:
     repository: "allegroai/clearml"
     pullPolicy: IfNotPresent
-    tag: "1.6.0"
-
-  extraEnvs: []
-
-  podAnnotations: {}
-
-  resources: {}
-    # We usually recommend not to specify default resources and to leave this as a conscious
-    # choice for the user. This also increases chances charts run on environments with little
-    # resources, such as Minikube. If you do want to specify resources, uncomment the following
-    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-    # limits:
-    #   cpu: 100m
-    #   memory: 128Mi
-    # requests:
-    #   cpu: 100m
-    #   memory: 128Mi
-
-  nodeSelector: {}
-
-  tolerations: []
-
-  affinity: {}
-
-  storage:
-    data:
-      class: ""
-      size: 50Gi
-
-webserver:
-  extraEnvs: []
-
+    tag: "1.9.2-317"
+  # -- Web Server internal service configuration
   service:
-    # -- This will set to service's spec.type field
     type: NodePort
-    port: 80
+    port: 8080
     # -- If service.type set to NodePort, this will be set to service's nodePort field.
     # If service.type is set to others, this field will be ignored
     nodePort: 30080
-
+  # -- Web Server number of pods
   replicaCount: 1
-
-  image:
-    repository: "allegroai/clearml"
-    pullPolicy: IfNotPresent
-    tag: "1.6.0"
-
+  # -- Ingress configuration for Web Server component
+  ingress:
+    # -- Enable/Disable ingress
+    enabled: false
+    # -- ClassName (must be defined if no default ingressClassName is available)
+    ingressClassName: ""
+    # -- Ingress hostname domain
+    hostName: "app.clearml.127-0-0-1.nip.io"
+    # -- Reference to secret containing TLS certificate. If set, it enables HTTPS on ingress rule.
+    tlsSecretName: ""
+    # -- Ingress annotations
+    annotations: {}
+    # -- Ingress root path url
+    path: "/"
+  # -- Web Server extra envrinoment variables
+  extraEnvs: []
+  # -- specific annotation for Web Server pods
   podAnnotations: {}
-
-  resources: {}
-    # We usually recommend not to specify default resources and to leave this as a conscious
-    # choice for the user. This also increases chances charts run on environments with little
-    # resources, such as Minikube. If you do want to specify resources, uncomment the following
-    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-    # limits:
-    #   cpu: 100m
-    #   memory: 128Mi
-    # requests:
-    #   cpu: 100m
-    #   memory: 128Mi
-
+  # -- Web Server resources per pod; these are minimal requirements, it's suggested to increase
+  # these values in production environments
+  resources:
+    requests:
+      cpu: 100m
+      memory: 256Mi
+    limits:
+      cpu: 2000m
+      memory: 1Gi
+  # -- Web Server nodeselector
   nodeSelector: {}
-
+  # -- Web Server tolerations setup
   tolerations: []
-
+  # -- Web Server affinity setup
   affinity: {}
-
+  # -- Web Server pod security context
+  podSecurityContext: {}
+  #   runAsUser: 1001
+  #   fsGroup: 1001
+  # -- Additional specific webserver configurations
   additionalConfigs: {}
 
+# -- Definition of external services to use if not enabled as dependency charts here
 externalServices:
   # -- Existing ElasticSearch Hostname to use if elasticsearch.enabled is false
   elasticsearchHost: ""
   # -- Existing ElasticSearch Port to use if elasticsearch.enabled is false
   elasticsearchPort: 9200
-  # -- Existing MongoDB Hostname to use if elasticsearch.enabled is false
-  mongodbHost: ""
-  # -- Existing MongoDB Port to use if elasticsearch.enabled is false
-  mongodbPort: 27017
-  # -- Existing Redis Hostname to use if elasticsearch.enabled is false
+  # -- Existing MongoDB connection string for BACKEND to use if mongodb.enabled is false
+  mongodbConnectionStringAuth: ""
+  # -- Existing MongoDB connection string for AUTH to use if mongodb.enabled is false
+  mongodbConnectionStringBackend: ""
+  # -- Existing Redis Hostname to use if redis.enabled is false
   redisHost: ""
-  # -- Existing Redis Port to use if elasticsearch.enabled is false
+  # -- Existing Redis Port to use if redis.enabled is false
   redisPort: 6379
 
-redis:  # configuration from https://github.com/bitnami/charts/blob/master/bitnami/redis/values.yaml
+# -- Configuration from https://github.com/bitnami/charts/blob/master/bitnami/redis/values.yaml
+redis:
   enabled: true
   usePassword: false
   databaseNumber: 0
@@ -250,10 +302,13 @@ redis:  # configuration from https://github.com/bitnami/charts/blob/master/bitna
       accessModes:
         - ReadWriteOnce
       size: 5Gi
+      ## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner
+      storageClass: null
   cluster:
     enabled: false
 
-mongodb:  # configuration from https://github.com/bitnami/charts/blob/master/bitnami/mongodb/values.yaml
+# -- Configuration from https://github.com/bitnami/charts/blob/master/bitnami/mongodb/values.yaml
+mongodb:
   enabled: true
   architecture: standalone
   auth:
@@ -264,13 +319,11 @@ mongodb:  # configuration from https://github.com/bitnami/charts/blob/master/bit
     accessModes:
       - ReadWriteOnce
     size: 50Gi
-  service:
-    name: "{{ .Release.Name }}-mongodb"
-    type: ClusterIP
-    port: 27017
-    portName: mongo-service
+    ## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner
+    storageClass: null
 
-elasticsearch:  # configuration from https://github.com/elastic/helm-charts/blob/7.16/elasticsearch/values.yaml
+# -- Configuration from https://github.com/elastic/helm-charts/blob/7.16/elasticsearch/values.yaml
+elasticsearch:
   enabled: true
   httpPort: 9200
   roles:
@@ -306,16 +359,91 @@ elasticsearch:  # configuration from https://github.com/elastic/helm-charts/blob
       value: "false"
   resources:
     requests:
-      memory: "4Gi"
+      cpu: 100m
+      memory: 2Gi
     limits:
-      memory: "4Gi"
+      cpu: 2000m
+      memory: 4Gi
   persistence:
     enabled: true
   volumeClaimTemplate:
     accessModes: ["ReadWriteOnce"]
+    ## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner
+    storageClassName: null
     resources:
       requests:
         storage: 50Gi
   esConfig:
     elasticsearch.yml: |
       xpack.security.enabled: false
+
+# -- Enterprise features (work only with an Enterprise license)
+enterpriseFeatures:
+  # -- Enable/Disable Enterprise features
+  enabled: false
+  # -- Company ID
+  defaultCompanyGuid: "d1bd92a3b039400cbafc60a7a5b1e52b"
+  # -- Image tag override for apiserver enterprise version
+  apiserverImageTagOverride: "3.15.3-909"
+  # -- Image tag override for fileserver enterprise version
+  fileserverImageTagOverride: "3.15.3-909"
+  # -- Image tag override for webserver enterprise version
+  webserverImageTagOverride: "3.15.3-801"
+  # -- Air gapped documentation  configurations
+  airGappedDocumentation:
+    # -- Enable/Disable air gapped documentation deployment
+    enabled: false
+    # -- Air gapped documentation image configuration
+    image:
+      repository: ""
+      tag: "4"
+  # -- set this value AND overrideReferenceFileUrl if external endpoint exposure is in place (like a LoadBalancer)
+  # example: "https://api.clearml.local"
+  overrideReferenceApiUrl: ""
+  # -- set this value AND overrideReferenceAPIUrl if external endpoint exposure is in place (like a LoadBalancer)
+  # example: "https://files.clearml.local"
+  overrideReferenceFileUrl: ""
+  # -- extra index URL for Enterprise packages
+  extraIndexUrl: ""
+  # -- APPS configurations
+  clearmlApplications:
+    # -- Apps Server basic auth key
+    agentKey: GK4PRTVT3706T25K6BA1
+    # -- Apps Server basic auth secret
+    agentSecret: ymLh1ok5k5xNUQfS944Xdx9xjf0wueokqKM2dMZfHuH9ayItG2
+    # -- Apps Server Git user
+    gitAgentUser: "git_user"
+    # -- Apps Server Git password
+    gitAgentPass: "git_password"
+    # -- Enable/Disable component deployment
+    enabled: true
+    # -- APPS image configuration
+    image:
+      repository: ""
+      pullPolicy: IfNotPresent
+      tag: "1.24-57"
+    # -- APPS base spawning pods image
+    basePodImage:
+      repository: ""
+      tag: "app-1.1.1-47"
+    # -- APPS number of pods
+    replicaCount: 1
+    # -- APPS extra envrinoment variables
+    extraEnvs: []
+    # -- specific annotation for APPS pods
+    podAnnotations: {}
+    # -- APPS resources per pod; these are minimal requirements, it's suggested to increase
+    # these values in production environments
+    resources:
+      requests:
+        cpu: 100m
+        memory: 256Mi
+      limits:
+        cpu: 2000m
+        memory: 1Gi
+    # -- APPS nodeselector
+    nodeSelector: {}
+    # -- APPS tolerations setup
+    tolerations: []
+    # -- APPS affinity setup
+    affinity: {}

dependency_charts/elasticsearch/templates/poddisruptionbudget.yaml

@@ -1,6 +1,6 @@
 ---
 {{- if .Values.maxUnavailable }}
-apiVersion: policy/v1beta1
+apiVersion: policy/v1
 kind: PodDisruptionBudget
 metadata:
   name: "{{ template "elasticsearch.uname" . }}-pdb"

dependency_charts/elasticsearch/templates/podsecuritypolicy.yaml

@@ -1,6 +1,6 @@
 {{- if .Values.podSecurityPolicy.create -}}
 {{- $fullName := include "elasticsearch.uname" . -}}
-apiVersion: policy/v1beta1
+apiVersion: policy/v1
 kind: PodSecurityPolicy
 metadata:
   name: {{ default $fullName .Values.podSecurityPolicy.name | quote }}

dependency_charts/mongodb/templates/arbiter/pdb.yaml

@@ -1,5 +1,5 @@
 {{- if and (include "mongodb.arbiter.enabled" .) .Values.arbiter.pdb.create }}
-apiVersion: policy/v1beta1
+apiVersion: policy/v1
 kind: PodDisruptionBudget
 metadata:
   name: {{ include "mongodb.fullname" . }}-arbiter

dependency_charts/mongodb/templates/replicaset/pdb.yaml

@@ -1,5 +1,5 @@
 {{- if and (eq .Values.architecture "replicaset") .Values.pdb.create }}
-apiVersion: policy/v1beta1
+apiVersion: policy/v1
 kind: PodDisruptionBudget
 metadata:
   name: {{ include "mongodb.fullname" . }}

dependency_charts/redis/templates/_helpers.tpl

@@ -58,7 +58,7 @@ Return the appropriate apiVersion for PodSecurityPolicy.
 */}}
 {{- define "podSecurityPolicy.apiVersion" -}}
 {{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
-{{- print "policy/v1beta1" -}}
+{{- print "policy/v1" -}}
 {{- else -}}
 {{- print "extensions/v1beta1" -}}
 {{- end -}}

dependency_charts/redis/templates/pdb.yaml

@@ -1,5 +1,5 @@
 {{- if .Values.podDisruptionBudget.enabled }}
-apiVersion: policy/v1beta1
+apiVersion: policy/v1
 kind: PodDisruptionBudget
 metadata:
   name: {{ template "redis.fullname" . }}

platform-specific-configs/tanzu/rolebinding.yaml

@@ -0,0 +1,13 @@
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: clearml-tanzu-rolebinding
+  namespace: clearml
+roleRef:
+  kind: ClusterRole
+  name: psp:vmware-system-privileged
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+- kind: Group
+  apiGroup: rbac.authorization.k8s.io
+  name: system:serviceaccounts