Update apps agent (#175)

* Changed: apps agent version bump

* Changed: chart version bump

.github/workflows/ci.yaml

@@ -22,19 +22,18 @@ jobs:
     strategy:
       matrix:
         k8s:
-          - v1.22.13
-          - v1.23.10
-          - v1.24.4
-          - v1.25.0
+          - v1.24.7
+          - v1.25.3
+          - v1.26.0
     steps:
       - name: Checkout
         uses: actions/checkout@v1
       - name: Create kind ${{ matrix.k8s }} cluster
-        uses: helm/kind-action@v1.3.0
+        uses: helm/kind-action@v1.5.0
         with:
           node_image: kindest/node:${{ matrix.k8s }}
       - name: Set up chart-testing
-        uses: helm/chart-testing-action@v2.2.1
+        uses: helm/chart-testing-action@v2.3.1
       - name: Run chart-testing (list-changed)
         id: list-changed
         run: |

.github/workflows/inactive-issues.yaml

@@ -0,0 +1,22 @@
+name: Close inactive issues
+on:
+  schedule:
+    - cron: "30 1 * * *"
+
+jobs:
+  close-issues:
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+      pull-requests: write
+    steps:
+      - uses: actions/stale@v7
+        with:
+          days-before-issue-stale: 14
+          days-before-issue-close: 7
+          stale-issue-label: "stale"
+          stale-issue-message: "This issue is stale because it has been open for 14 days with no activity."
+          close-issue-message: "This issue was closed because it has been inactive for 7 days since being marked as stale."
+          days-before-pr-stale: -1
+          days-before-pr-close: -1
+          repo-token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/release.yaml

@@ -22,7 +22,7 @@ jobs:
           git config user.name "$GITHUB_ACTOR"
           git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
       - name: Run chart-releaser
-        uses: helm/chart-releaser-action@v1.2.1
+        uses: helm/chart-releaser-action@v1.5.0
         env:
           CR_TOKEN: '${{ secrets.CR_TOKEN }}'
         with:

INSTALL.md

@@ -0,0 +1,47 @@
+# ClearML Helm Charts Installation guide
+
+## Requirements
+
+* Set up a Kubernetes Cluster - for setting up Kubernetes on various platforms refer to the Kubernetes [getting started guide](http://kubernetes.io/docs/getting-started-guides/).
+  * Set up a single-node LOCAL Kubernetes on laptop/desktop - for setting up Kubernetes on your laptop/desktop, we suggest [kind](https://kind.sigs.k8s.io).
+  * For **Kubernetes Tanzu users** - see [prerequisites](https://github.com/allegroai/clearml-helm-charts/tree/main/platform-specific-configs/tanzu) 
+  for setting up ClearML on a Tanzu cluster 
+  * For **Kubernetes Openshift users** - see [prerequisites](https://github.com/allegroai/clearml-helm-charts/tree/main/platform-specific-configs/openshift) 
+  for setting up ClearML on an Openshift cluster, 
+
+* Install Helm - Helm is a tool for managing Kubernetes charts. Charts are packages of pre-configured Kubernetes 
+resources. To install Helm, refer to the [Helm install guide](https://github.com/helm/helm#install) and ensure that the `helm` binary is in the `PATH` of your shell.
+
+## Helm Charts Installation
+
+### Helm Repo
+
+```bash
+$ helm repo add allegroai https://allegroai.github.io/clearml-helm-charts
+$ helm repo update
+```
+### ClearML Server Ecosystem
+
+```bash
+$ helm install clearml allegroai/clearml
+```
+
+### ClearML Agent
+
+A ClearML Agent is always related to a ClearML server ecosystem (by default using the `app.clear.ml` hosted server, but 
+can be on the same or different Kubernetes cluster or a single server installation).
+
+In the ClearML UI, go to **Settings > Workspace** and click **Create New Credentials**. The dialog that pops up displays 
+the new credentials.
+
+In the Helm chart `install` command below:
+
+* Set `ACCESSKEY` to the new credentials' `access_key` value 
+* Set `SECRETKEY` to the new credentials' `secret_key` value
+* Set `APISERVERURL` to the new credentials' `api_server` value
+* Set `FILESSERVERURL` to the new credentials' `files_server` value
+* Set `WEBSERVERURL` to the new credentials' `web_server` value
+
+```bash
+$ helm install clearml-agent allegroai/clearml-agent --set clearml.agentk8sglueKey=ACCESSKEY --set clearml.agentk8sglueSecret=SECRETKEY --set agentk8sglue.apiServerUrlReference=APISERVERURL --set agentk8sglue.fileServerUrlReference=FILESERVERURL --set agentk8sglue.webServerUrlReference=WEBSERVERURL
+```

README.md

@@ -1,4 +1,4 @@
-# ClearML Helm Charts Library for Kubernetes
+# ClearML Helm Charts for Kubernetes
 
 ##  Auto-Magical Experiment Manager & Version Control for AI
 
@@ -23,57 +23,40 @@ Use this repository to deploy **clearml-server** on Kubernetes clusters.
 
 ## Provided in this repository
 
-### [All around Helm Chart](https://github.com/allegroai/clearml-helm-charts/tree/main/charts/clearml)
+### [ClearML server chart](https://github.com/allegroai/clearml-helm-charts/tree/main/charts/clearml)
+
+### [ClearML agent chart](https://github.com/allegroai/clearml-helm-charts/tree/main/charts/clearml-agent)
+
+### [ClearML serving chart](https://github.com/allegroai/clearml-helm-charts/tree/main/charts/clearml-serving)
 
 ## Who We Are
 
-ClearML is supported by the team behind *allegro.ai*,
-where we build deep learning pipelines and infrastructure for enterprise companies.
+ClearML is supported by you :heart: and the [clear.ml](https://clear.ml) team, which helps enterprise companies build 
+scalable MLOps.
 
 We built ClearML to track and control the glorious but messy process of training production-grade deep learning models.
 We are committed to vigorously supporting and expanding the capabilities of ClearML.
 
-We promise to always be backwardly compatible, making sure all your logs, data and pipelines 
+We promise to always be backwards compatible, making sure all your logs, data, and pipelines 
 will always upgrade with you.
 
 ## License
 
 Apache License, Version 2.0, (see the [LICENSE](https://www.apache.org/licenses/LICENSE-2.0) for more information)
 
-## Requirements
+## Installation Guide
 
-### Setup a Kubernetes Cluster
-
-For setting up Kubernetes on various platforms refer to the Kubernetes [getting started guide](http://kubernetes.io/docs/getting-started-guides/).
-
-### Setup a single node LOCAL Kubernetes on laptop/desktop
-
-For setting up Kubernetes on your laptop/desktop we suggest [kind](https://kind.sigs.k8s.io).
-
-### Install Helm
-
-Helm is a tool for managing Kubernetes charts. Charts are packages of pre-configured Kubernetes resources.
-
-To install Helm, refer to the [Helm install guide](https://github.com/helm/helm#install) and ensure that the `helm` binary is in the `PATH` of your shell.
-
-## Usage
-
-```bash
-$ helm repo add allegroai https://allegroai.github.io/clearml-helm-charts
-$ helm repo update
-$ helm search repo allegroai
-$ helm install <release-name> allegroai/<chart>
-```
+For installation instruction, follow related [Installation Guide](INSTALL.md).
 
 ## Documentation, Community & Support
 
-More information in the [official documentation](https://allegro.ai/clearml/docs) and [on YouTube](https://www.youtube.com/c/ClearML).
+See more information in the [official documentation](https://clear.ml/docs/latest/docs) and [on YouTube](https://www.youtube.com/c/ClearML).
 
-If you have any questions: post on our [Slack Channel](https://join.slack.com/t/clearml/shared_invite/zt-c0t13pty-aVUZZW1TSSSg2vyIGVPBhg), or tag your questions on [stackoverflow](https://stackoverflow.com/questions/tagged/clearml) with '**[clearml](https://stackoverflow.com/questions/tagged/clearml)**' tag (*previously [trains](https://stackoverflow.com/questions/tagged/trains) tag*).
+If you have any questions, post on our [Slack Channel](https://join.slack.com/t/clearml/shared_invite/zt-c0t13pty-aVUZZW1TSSSg2vyIGVPBhg), or tag your questions on [stackoverflow](https://stackoverflow.com/questions/tagged/clearml) with '**[clearml](https://stackoverflow.com/questions/tagged/clearml)**' tag (*previously [trains](https://stackoverflow.com/questions/tagged/trains) tag*).
 
 For feature requests or bug reports, please use [GitHub issues](https://github.com/allegroai/clearml-helm-charts/issues).
 
-Additionally, you can always find us at *clearml@allegro.ai*
+Additionally, you can always find us at *support@clear.ml*
 
 ## Contributing
 

charts/clearml-agent/Chart.yaml

@@ -1,10 +1,10 @@
 apiVersion: v2
 name: clearml-agent
-description: MLOps platform
+description: MLOps platform Task running agent
 type: application
-version: "2.0.2"
+version: "3.6.0"
 appVersion: "1.24"
-kubeVersion: ">= 1.19.0-0 < 1.26.0-0"
+kubeVersion: ">= 1.21.0-0 < 1.27.0-0"
 home: https://clear.ml
 icon: https://raw.githubusercontent.com/allegroai/clearml/master/docs/clearml-logo.svg
 sources:
@@ -17,3 +17,8 @@ keywords:
   - clearml
   - "machine learning"
   - mlops
+  - "task agent"
+annotations:
+  artifacthub.io/changes: |
+    - kind: added
+      description: support for priorityClass in task pod template

charts/clearml-agent/README.md

@@ -1,8 +1,8 @@
 # ClearML Kubernetes Agent
 
-![Version: 2.0.2](https://img.shields.io/badge/Version-2.0.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.24](https://img.shields.io/badge/AppVersion-1.24-informational?style=flat-square)
+![Version: 3.6.0](https://img.shields.io/badge/Version-3.6.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.24](https://img.shields.io/badge/AppVersion-1.24-informational?style=flat-square)
 
-MLOps platform
+MLOps platform Task running agent
 
 **Homepage:** <https://clear.ml>
 
@@ -24,31 +24,50 @@ It allows you to schedule distributed experiments on a Kubernetes cluster.
 
 ## Requirements
 
-Kubernetes: `>= 1.19.0-0 < 1.26.0-0`
+Kubernetes: `>= 1.21.0-0 < 1.27.0-0`
 
 ## Values
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| agentk8sglue | object | `{"apiServerUrlReference":"https://api.clear.ml","clearmlcheckCertificate":true,"defaultContainerImage":"ubuntu:18.04","extraEnvs":[],"fileServerUrlReference":"https://files.clear.ml","id":"k8s-agent","image":{"repository":"allegroai/clearml-agent-k8s-base","tag":"1.24-21"},"maxPods":10,"podTemplate":{"env":[],"nodeSelector":{},"resources":{},"tolerations":[],"volumeMounts":[],"volumes":[]},"queue":"default","replicaCount":1,"serviceAccountName":"default","webServerUrlReference":"https://app.clear.ml"}` | This agent will spawn queued experiments in new pods, a good use case is to combine this with GPU autoscaling nodes. https://github.com/allegroai/clearml-agent/tree/master/docker/k8s-glue |
+| agentk8sglue | object | `{"affinity":{},"annotations":{},"apiServerUrlReference":"https://api.clear.ml","basePodTemplate":{"affinity":{},"annotations":{},"env":[],"fileMounts":[],"hostAliases":[],"initContainers":[],"labels":{},"nodeSelector":{},"priorityClassName":"","resources":{},"schedulerName":"","securityContext":{},"tolerations":[],"volumeMounts":[],"volumes":[]},"clearmlcheckCertificate":true,"containerCustomBashScript":"","customBashScript":"","debugMode":false,"defaultContainerImage":"ubuntu:18.04","extraEnvs":[],"fileMounts":[],"fileServerUrlReference":"https://files.clear.ml","image":{"repository":"allegroai/clearml-agent-k8s-base","tag":"1.24-21"},"labels":{},"nodeSelector":{},"queue":"default","replicaCount":1,"securityContext":{},"serviceExistingAccountName":"","taskAsJob":false,"tolerations":[],"volumeMounts":[],"volumes":[],"webServerUrlReference":"https://app.clear.ml"}` | This agent will spawn queued experiments in new pods, a good use case is to combine this with GPU autoscaling nodes. https://github.com/allegroai/clearml-agent/tree/master/docker/k8s-glue |
+| agentk8sglue.affinity | object | `{}` | affinity setup for Agent pod (example in values.yaml comments) |
+| agentk8sglue.annotations | object | `{}` | annotations setup for Agent pod (example in values.yaml comments) |
 | agentk8sglue.apiServerUrlReference | string | `"https://api.clear.ml"` | Reference to Api server url |
+| agentk8sglue.basePodTemplate | object | `{"affinity":{},"annotations":{},"env":[],"fileMounts":[],"hostAliases":[],"initContainers":[],"labels":{},"nodeSelector":{},"priorityClassName":"","resources":{},"schedulerName":"","securityContext":{},"tolerations":[],"volumeMounts":[],"volumes":[]}` | base template for pods spawned to consume ClearML Task |
+| agentk8sglue.basePodTemplate.affinity | object | `{}` | affinity setup for pods spawned to consume ClearML Task |
+| agentk8sglue.basePodTemplate.annotations | object | `{}` | annotations setup for pods spawned to consume ClearML Task (example in values.yaml comments) |
+| agentk8sglue.basePodTemplate.env | list | `[]` | environment variables for pods spawned to consume ClearML Task (example in values.yaml comments) |
+| agentk8sglue.basePodTemplate.fileMounts | list | `[]` | file definition for pods spawned to consume ClearML Task (example in values.yaml comments) |
+| agentk8sglue.basePodTemplate.hostAliases | list | `[]` | hostAliases setup for pods spawned to consume ClearML Task (example in values.yaml comments) |
+| agentk8sglue.basePodTemplate.initContainers | list | `[]` | initContainers definition for pods spawned to consume ClearML Task (example in values.yaml comments) |
+| agentk8sglue.basePodTemplate.labels | object | `{}` | labels setup for pods spawned to consume ClearML Task (example in values.yaml comments) |
+| agentk8sglue.basePodTemplate.nodeSelector | object | `{}` | nodeSelector setup for pods spawned to consume ClearML Task (example in values.yaml comments) |
+| agentk8sglue.basePodTemplate.priorityClassName | string | `""` | priorityClassName setup for pods spawned to consume ClearML Task |
+| agentk8sglue.basePodTemplate.resources | object | `{}` | resources declaration for pods spawned to consume ClearML Task (example in values.yaml comments) |
+| agentk8sglue.basePodTemplate.schedulerName | string | `""` | schedulerName setup for pods spawned to consume ClearML Task |
+| agentk8sglue.basePodTemplate.securityContext | object | `{}` | securityContext setup for pods spawned to consume ClearML Task (example in values.yaml comments) |
+| agentk8sglue.basePodTemplate.tolerations | list | `[]` | tolerations setup for pods spawned to consume ClearML Task (example in values.yaml comments) |
+| agentk8sglue.basePodTemplate.volumeMounts | list | `[]` | volume mounts definition for pods spawned to consume ClearML Task (example in values.yaml comments) |
+| agentk8sglue.basePodTemplate.volumes | list | `[]` | volumes definition for pods spawned to consume ClearML Task (example in values.yaml comments) |
 | agentk8sglue.clearmlcheckCertificate | bool | `true` | Check certificates validity for evefry UrlReference below. |
+| agentk8sglue.containerCustomBashScript | string | `""` | Custom Bash script for the Task Pods ran by Glue Agent |
+| agentk8sglue.debugMode | bool | `false` | Enable Debugging logs for Agent pod |
 | agentk8sglue.defaultContainerImage | string | `"ubuntu:18.04"` | default container image for ClearML Task pod |
-| agentk8sglue.extraEnvs | list | `[]` | Environment variables to be exposed in the agentk8sglue pods |
+| agentk8sglue.extraEnvs | list | `[]` | Extra Environment variables for Glue Agent |
+| agentk8sglue.fileMounts | list | `[]` | file definition for Glue Agent (example in values.yaml comments) |
 | agentk8sglue.fileServerUrlReference | string | `"https://files.clear.ml"` | Reference to File server url |
-| agentk8sglue.id | string | `"k8s-agent"` | ClearML worker ID (must be unique across the entire ClearMLenvironment) |
 | agentk8sglue.image | object | `{"repository":"allegroai/clearml-agent-k8s-base","tag":"1.24-21"}` | Glue Agent image configuration |
-| agentk8sglue.maxPods | int | `10` | maximum concurrent consume ClearML Task pod |
-| agentk8sglue.podTemplate | object | `{"env":[],"nodeSelector":{},"resources":{},"tolerations":[],"volumeMounts":[],"volumes":[]}` | template for pods spawned to consume ClearML Task |
-| agentk8sglue.podTemplate.env | list | `[]` | environment variables for pods spawned to consume ClearML Task (example in values.yaml comments) |
-| agentk8sglue.podTemplate.nodeSelector | object | `{}` | nodeSelector setup for pods spawned to consume ClearML Task (example in values.yaml comments) |
-| agentk8sglue.podTemplate.resources | object | `{}` | resources declaration for pods spawned to consume ClearML Task (example in values.yaml comments) |
-| agentk8sglue.podTemplate.tolerations | list | `[]` | tolerations setup for pods spawned to consume ClearML Task (example in values.yaml comments) |
-| agentk8sglue.podTemplate.volumeMounts | list | `[]` | volumeMounts definition for pods spawned to consume ClearML Task (example in values.yaml comments) |
-| agentk8sglue.podTemplate.volumes | list | `[]` | volumes definition for pods spawned to consume ClearML Task (example in values.yaml comments) |
+| agentk8sglue.labels | object | `{}` | labels setup for Agent pod (example in values.yaml comments) |
+| agentk8sglue.nodeSelector | object | `{}` | nodeSelector setup for Agent pod (example in values.yaml comments) |
 | agentk8sglue.queue | string | `"default"` | ClearML queue this agent will consume |
 | agentk8sglue.replicaCount | int | `1` | Glue Agent number of pods |
-| agentk8sglue.serviceAccountName | string | `"default"` | serviceAccountName for pods spawned to consume ClearML Task |
+| agentk8sglue.securityContext | object | `{}` | Web Server pod security context |
+| agentk8sglue.serviceExistingAccountName | string | `""` | if set, don't create a serviceAccountName but use defined existing one |
+| agentk8sglue.taskAsJob | bool | `false` | ClearML spawn tasks as jobs instead of pods |
+| agentk8sglue.tolerations | list | `[]` | tolerations setup for Agent pod (example in values.yaml comments) |
+| agentk8sglue.volumeMounts | list | `[]` | volume mounts definition for Glue Agent (example in values.yaml comments) |
+| agentk8sglue.volumes | list | `[]` | volumes definition for Glue Agent (example in values.yaml comments) |
 | agentk8sglue.webServerUrlReference | string | `"https://app.clear.ml"` | Reference to Web server url |
 | clearml | object | `{"agentk8sglueKey":"ACCESSKEY","agentk8sglueSecret":"SECRETKEY","clearmlConfig":"sdk {\n}","existingAgentk8sglueSecret":"","existingClearmlConfigSecret":""}` | ClearMl generic configurations |
 | clearml.agentk8sglueKey | string | `"ACCESSKEY"` | Agent k8s Glue basic auth key |
@@ -56,6 +75,19 @@ Kubernetes: `>= 1.19.0-0 < 1.26.0-0`
 | clearml.clearmlConfig | string | `"sdk {\n}"` | ClearML configuration file |
 | clearml.existingAgentk8sglueSecret | string | `""` | If this is set, chart will not generate a secret but will use what is defined here |
 | clearml.existingClearmlConfigSecret | string | `""` | If this is set, chart will not generate a secret but will use what is defined here |
+| enterpriseFeatures | object | `{"agentImageTagOverride":"1.24-58","applyVaultEnvVars":true,"createQueues":false,"enabled":false,"maxPods":10,"monitoredResources":{"maxResources":0,"maxResourcesFieldName":"resources|limits|nvidia.com/gpu","minResourcesFieldName":"resources|limits|nvidia.com/gpu"},"queues":null,"serviceAccountClusterAccess":false,"useOwnerToken":true}` | Enterprise features (work only with an Enterprise license) |
+| enterpriseFeatures.agentImageTagOverride | string | `"1.24-58"` | Image tag override for enterprise version |
+| enterpriseFeatures.applyVaultEnvVars | bool | `true` | push env vars from Clear.ML Vault to task pods |
+| enterpriseFeatures.createQueues | bool | `false` | Create queues if they don't exist |
+| enterpriseFeatures.enabled | bool | `false` | Enable/Disable Enterprise features |
+| enterpriseFeatures.maxPods | int | `10` | maximum concurrent consume ClearML Task pod |
+| enterpriseFeatures.monitoredResources | object | `{"maxResources":0,"maxResourcesFieldName":"resources|limits|nvidia.com/gpu","minResourcesFieldName":"resources|limits|nvidia.com/gpu"}` | GPU resource general counters |
+| enterpriseFeatures.monitoredResources.maxResources | int | `0` | Maximum resources counter |
+| enterpriseFeatures.monitoredResources.maxResourcesFieldName | string | `"resources|limits|nvidia.com/gpu"` | Field name used by Agent to count maximum resources |
+| enterpriseFeatures.monitoredResources.minResourcesFieldName | string | `"resources|limits|nvidia.com/gpu"` | Field name used by Agent to count minimum resources |
+| enterpriseFeatures.queues | string | `nil` | ClearML queues and related template OVERRIDES used this agent will consume |
+| enterpriseFeatures.serviceAccountClusterAccess | bool | `false` | service account access every namespace flag |
+| enterpriseFeatures.useOwnerToken | bool | `true` | Agent must use owner Token |
 | imageCredentials | object | `{"email":"someone@host.com","enabled":false,"existingSecret":"","password":"pwd","registry":"docker.io","username":"someone"}` | Private image registry configuration |
 | imageCredentials.email | string | `"someone@host.com"` | Email |
 | imageCredentials.enabled | bool | `false` | Use private authentication mode |
@@ -63,6 +95,15 @@ Kubernetes: `>= 1.19.0-0 < 1.26.0-0`
 | imageCredentials.password | string | `"pwd"` | Registry password |
 | imageCredentials.registry | string | `"docker.io"` | Registry name |
 | imageCredentials.username | string | `"someone"` | Registry username |
+| sessions | object | `{"dynamicSvcs":false,"externalIP":"0.0.0.0","maxServices":20,"portModeEnabled":false,"setInteractiveQueuesTag":true,"startingPort":30000,"svcAnnotations":{},"svcType":"NodePort"}` | Sessions internal service configuration |
+| sessions.dynamicSvcs | bool | `false` | Enable/Disable dynamic svc for sessions pods |
+| sessions.externalIP | string | `"0.0.0.0"` | External IP sessions clients can connect to |
+| sessions.maxServices | int | `20` | maximum number of NodePorts exposed |
+| sessions.portModeEnabled | bool | `false` | Enable/Disable sessions portmode WARNING: only one Agent deployment can have this set to true |
+| sessions.setInteractiveQueuesTag | bool | `true` | set interactive queue tags |
+| sessions.startingPort | int | `30000` | starting range of exposed NodePorts |
+| sessions.svcAnnotations | object | `{}` | specific annotations for session services |
+| sessions.svcType | string | `"NodePort"` | service type ("NodePort" or "ClusterIP" or "LoadBalancer") |
 
 # Upgrading Chart
 

charts/clearml-agent/templates/_helpers.tpl

@@ -1,78 +1,65 @@
 {{/*
 Expand the name of the chart.
 */}}
-{{- define "clearml.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "clearml.fullname" -}}
-{{- if .Values.fullnameOverride }}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- $name := default .Chart.Name .Values.nameOverride }}
-{{- if contains $name .Release.Name }}
-{{- .Release.Name | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
-{{- end }}
-{{- end }}
+{{- define "clearmlAgent.name" -}}
+{{- .Release.Name | trunc 59 | trimSuffix "-" }}
 {{- end }}
 
 {{/*
 Create chart name and version as used by the chart label.
 */}}
-{{- define "clearml.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- define "clearmlAgent.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 59 | trimSuffix "-" }}
 {{- end }}
 
 {{/*
 Common labels
 */}}
-{{- define "clearml.labels" -}}
-helm.sh/chart: {{ include "clearml.chart" . }}
-{{ include "clearml.selectorLabels" . }}
+{{- define "clearmlAgent.labels" -}}
+helm.sh/chart: {{ include "clearmlAgent.chart" . }}
+{{ include "clearmlAgent.selectorLabels" . }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- if $.Values.agentk8sglue.labels }}
+{{ toYaml $.Values.agentk8sglue.labels }}
+{{- end }}
+{{- end }}
+
+{{/*
+Common annotations
+*/}}
+{{- define "clearmlAgent.annotations" -}}
+{{- if $.Values.agentk8sglue.annotations }}
+{{ toYaml $.Values.agentk8sglue.annotations }}
+{{- end }}
 {{- end }}
 
 {{/*
 Selector labels
 */}}
-{{- define "clearml.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "clearml.name" . }}
+{{- define "clearmlAgent.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "clearmlAgent.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
 
-{{/*
-Reference Name (agentk8sglue)
-*/}}
-{{- define "agentk8sglue.referenceName" -}}
-{{- include "clearml.fullname" . }}-agentk8sglue
-{{- end }}
-
 {{/*
 Selector labels (agentk8sglue)
 */}}
 {{- define "agentk8sglue.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "clearml.name" . }}
-app.kubernetes.io/instance: {{ include "agentk8sglue.referenceName" . }}
+app.kubernetes.io/name: {{ include "clearmlAgent.name" . }}
+app.kubernetes.io/instance: {{ include "clearmlAgent.name" . }}
 {{- end }}
 
 {{/*
 Create the name of the service account to use
 */}}
-{{- define "clearml.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
-{{- default (include "clearml.fullname" .) .Values.serviceAccount.name }}
+{{- define "clearmlAgent.serviceAccountName" -}}
+{{- if .Values.agentk8sglue.serviceExistingAccountName }}
+{{- .Values.agentk8sglue.serviceExistingAccountName }}
 {{- else }}
-{{- default "default" .Values.serviceAccount.name }}
+{{- include "clearmlAgent.name" . }}-sa
 {{- end }}
 {{- end }}
 
@@ -84,3 +71,158 @@ Create secret to access docker registry
 {{- printf "{\"auths\":{\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}}}" .registry .username .password .email (printf "%s:%s" .username .password | b64enc) | b64enc }}
 {{- end }}
 {{- end }}
+
+{{/*
+Create a queues parameter
+*/}}
+{{- define "agentk8sglue.createQueues" -}}
+{{- if .Values.enterpriseFeatures.createQueues }}
+{{- printf "%d" 1}}
+{{- else }}
+{{- printf "%d" 0 }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create a string composed by queue names
+*/}}
+{{- define "agentk8sglue.queues" -}}
+{{- $list := list }}
+{{- range $key, $value := .Values.enterpriseFeatures.queues }}
+{{- $list = append $list (printf "%s" $key) }}
+{{- end }}
+{{- join " " $list }}
+{{- end }}
+
+{{/*
+Create a task container template
+*/}}
+{{- define "taskContainer.containerTemplate" -}}
+{{- if .main.Values.imageCredentials.enabled }}
+imagePullSecrets:
+  - name: {{ .main.Values.imageCredentials.existingSecret | default (printf "%s-ark" (include "clearmlAgent.name" .main )) }}
+{{- end }}
+schedulerName: {{ .value.templateOverrides.schedulerName | default (.main.Values.agentk8sglue.basePodTemplate.schedulerName) }}
+restartPolicy: Never
+securityContext:
+  {{- .value.templateOverrides.securityContext | default .main.Values.agentk8sglue.basePodTemplate.securityContext | toYaml | nindent 2 }}
+hostAliases:
+  {{- .value.templateOverrides.hostAliases | default .main.Values.agentk8sglue.basePodTemplate.hostAliases | toYaml | nindent 2 }}
+volumes:
+  {{ $computedvolumes := (.value.templateOverrides.volumes | default .main.Values.agentk8sglue.basePodTemplate.volumes) }}
+  {{- if $computedvolumes }}{{- $computedvolumes | toYaml | nindent 2 }}{{- end }}
+  {{- if .value.templateOverrides.fileMounts }}
+  - name: filemounts
+    secret:
+      secretName: {{ include "clearmlAgent.name" .main }}-{{ .key }}-fm
+  {{- else if .main.Values.agentk8sglue.basePodTemplate.fileMounts }}
+  - name: filemounts
+    secret:
+      secretName: {{ include "clearmlAgent.name" .main }}-fm
+  {{- end }}
+{{- if not .main.Values.enterpriseFeatures.serviceAccountClusterAccess }}
+serviceAccountName: {{ include "clearmlAgent.serviceAccountName" .main }}
+{{- end }}
+initContainers:
+  {{- .value.templateOverrides.initContainers | default .main.Values.agentk8sglue.basePodTemplate.initContainers | toYaml | nindent 2 }}
+priorityClassName: {{ .value.templateOverrides.priorityClassName | default .main.Values.agentk8sglue.basePodTemplate.priorityClassName }}
+containers:
+- resources:
+    {{- .value.templateOverrides.resources | default .main.Values.agentk8sglue.basePodTemplate.resources | toYaml | nindent 4 }}
+  ports:
+    - containerPort: 10022
+  volumeMounts:
+    {{ $computedvolumemounts := (.value.templateOverrides.volumeMounts | default .main.Values.agentk8sglue.basePodTemplate.volumeMounts) }}
+    {{- if $computedvolumemounts }}{{- $computedvolumemounts | toYaml | nindent 4 }}{{- end }}
+    {{- if .value.templateOverrides.fileMounts }}
+    {{- range .value.templateOverrides.fileMounts }}
+    - name: filemounts
+      mountPath: "{{ .folderPath }}/{{ .name }}"
+      subPath: "{{ .name }}"
+      readOnly: true
+    {{- end }}
+    {{- else if .main.Values.agentk8sglue.basePodTemplate.fileMounts }}
+    {{- range .main.Values.agentk8sglue.basePodTemplate.fileMounts }}
+    - name: filemounts
+      mountPath: "{{ .folderPath }}/{{ .name }}"
+      subPath: "{{ .name }}"
+      readOnly: true
+    {{- end }}
+    {{- end }}
+  env:
+    - name: CLEARML_API_HOST
+      value: {{ .main.Values.agentk8sglue.apiServerUrlReference }}
+    - name: CLEARML_WEB_HOST
+      value: {{ .main.Values.agentk8sglue.webServerUrlReference }}
+    - name: CLEARML_FILES_HOST
+      value: {{ .main.Values.agentk8sglue.fileServerUrlReference }}
+    {{- if not .main.Values.enterpriseFeatures.useOwnerToken }}
+    - name: CLEARML_API_ACCESS_KEY
+      valueFrom:
+        secretKeyRef:
+          name: {{ .main.Values.clearml.existingAgentk8sglueSecret | default (printf "%s-ac" (include "clearmlAgent.name" .main )) }}
+          key: agentk8sglue_key
+    - name: CLEARML_API_SECRET_KEY
+      valueFrom:
+        secretKeyRef:
+          name: {{ .main.Values.clearml.existingAgentk8sglueSecret | default (printf "%s-ac" (include "clearmlAgent.name" .main )) }}
+          key: agentk8sglue_secret
+    {{- end }}
+    - name: PYTHONUNBUFFERED
+      value: "x"
+    {{- if not .main.Values.agentk8sglue.clearmlcheckCertificate }}
+    - name: CLEARML_API_HOST_VERIFY_CERT
+      value: "false"
+    {{- end }}
+    {{ $computedenvs := (.value.templateOverrides.env| default .main.Values.agentk8sglue.basePodTemplate.env) }}
+    {{- if $computedenvs }}{{- $computedenvs | toYaml | nindent 4 }}{{- end }}
+nodeSelector:
+  {{ .value.templateOverrides.nodeSelector | default .main.Values.agentk8sglue.basePodTemplate.nodeSelector | toYaml | nindent 2 }}
+tolerations:
+  {{ .value.templateOverrides.tolerations | default .main.Values.agentk8sglue.basePodTemplate.tolerations | toYaml | nindent 2 }}
+affinity:
+  {{ .value.templateOverrides.affinity | default .main.Values.agentk8sglue.basePodTemplate.affinity | toYaml | nindent 2 }}
+{{- end }}
+
+{{/*
+Create a task container template
+*/}}
+{{- define "taskContainer.podTemplate" -}}
+{{- range $key, $value := $.Values.enterpriseFeatures.queues }}
+{{ $key }}:
+  apiVersion: v1
+  kind: Pod
+  metadata:
+    namespace: {{ $.Release.Namespace }}
+    labels:
+      {{ $value.templateOverrides.labels | default $.Values.agentk8sglue.basePodTemplate.labels | toYaml }}
+    annotations:
+      {{ $value.templateOverrides.annotations | default $.Values.agentk8sglue.basePodTemplate.annotations | toYaml }}
+  spec:
+    {{- $data := dict "main" $ "key" $key "value" $value -}}
+    {{- include "taskContainer.containerTemplate" $data | nindent 4}}
+{{- end }}
+{{- end }}
+
+{{/*
+Create a task container template
+*/}}
+{{- define "taskContainer.jobTemplate" -}}
+{{- range $key, $value := $.Values.enterpriseFeatures.queues }}
+{{ $key }}:
+  apiVersion: batch/v1
+  kind: Job
+  metadata:
+    namespace: {{ $.Release.Namespace }}
+    labels:
+      {{ $value.templateOverrides.labels | default $.Values.agentk8sglue.basePodTemplate.labels | toYaml }}
+    annotations:
+      {{ $value.templateOverrides.annotations | default $.Values.agentk8sglue.basePodTemplate.annotations | toYaml }}
+  spec:
+    template:
+      spec:
+        {{- $data := dict "main" $ "key" $key "value" $value -}}
+        {{- include "taskContainer.containerTemplate" $data | nindent 8 }}
+    backoffLimit: 0
+{{- end }}
+{{- end }}

charts/clearml-agent/templates/agentk8sglue-configmap.yaml

@@ -1,32 +1,54 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: {{ include "agentk8sglue.referenceName" . }}-k8sagent-pod-template
+  name: {{ include "clearmlAgent.name" . }}-pt
 data:
+{{- if .Values.enterpriseFeatures.enabled }}
+  template.yaml: |
+    {{- if .Values.agentk8sglue.taskAsJob }}
+    {{ include "taskContainer.jobTemplate" . | nindent 4}}
+    {{- else }}
+    {{ include "taskContainer.podTemplate" . | nindent 4}}
+    {{- end }}
+  secrets.yaml: |
+    {{- range $key, $value := $.Values.enterpriseFeatures.queues }}
+    {{ $key }}:
+      {{- if $value.templateOverrides.fileMounts }}
+        - {{ include "clearmlAgent.name" $ }}-{{ $key }}-fm
+      {{- else if $.Values.agentk8sglue.basePodTemplate.fileMounts }}
+        - {{ include "clearmlAgent.name" $ }}-fm
+      {{- end }}
+    {{- end }}
+{{- else }}
   template.yaml: |
     apiVersion: v1
     metadata:
       namespace: {{ .Release.Namespace }}
+      labels:
+      {{- toYaml $.Values.agentk8sglue.basePodTemplate.labels | nindent 8 }}
+      annotations:
+      {{- toYaml $.Values.agentk8sglue.basePodTemplate.annotations | nindent 8 }}
     spec:
       {{- if .Values.imageCredentials.enabled }}
       imagePullSecrets:
       {{- if .Values.imageCredentials.existingSecret }}
-      - name: {{.Values.imageCredentials.existingSecret}}
+      - name: {{ .Values.imageCredentials.existingSecret }}
       {{- else }}
-      - name: {{ include "agentk8sglue.referenceName" . }}-clearml-agent-registry-key
+      - name: name: {{ include "clearmlAgent.name" $ }}-ark
       {{- end }}
       {{- end }}
-      serviceAccountName: {{ .Values.agentk8sglue.serviceAccountName }}
-      {{- with .Values.agentk8sglue.podTemplate.volumes }}
+      {{- with .Values.agentk8sglue.basePodTemplate.volumes }}
       volumes:
       {{- toYaml . | nindent 8 }}
       {{- end }}
+      serviceAccountName: {{ include "clearmlAgent.serviceAccountName" $ }}
+      priorityClassName: {{ .Values.agentk8sglue.basePodTemplate.priorityClassName }}
       containers:
       - resources:
-          {{- toYaml .Values.agentk8sglue.podTemplate.resources | nindent 10 }}
+          {{- toYaml .Values.agentk8sglue.basePodTemplate.resources | nindent 10 }}
         ports:
         - containerPort: 10022
-        {{- with .Values.agentk8sglue.podTemplate.volumeMounts }}
+        {{- with .Values.agentk8sglue.basePodTemplate.volumeMounts }}
         volumeMounts:
         {{- toYaml . | nindent 10 }}
         {{- end }}
@@ -43,7 +65,7 @@ data:
               {{- if .Values.clearml.existingAgentk8sglueSecret }}
               name: {{ .Values.clearml.existingAgentk8sglueSecret }}
               {{- else }}
-              name: {{ include "agentk8sglue.referenceName" . }}-clearml-agent-k8sglue
+              name: {{ include "clearmlAgent.name" . }}-ac
               {{- end }}
               key: agentk8sglue_key
         - name: CLEARML_API_SECRET_KEY
@@ -52,17 +74,52 @@ data:
               {{- if .Values.clearml.existingAgentk8sglueSecret }}
               name: {{ .Values.clearml.existingAgentk8sglueSecret }}
               {{- else }}
-              name: {{ include "agentk8sglue.referenceName" . }}-clearml-agent-k8sglue
+              name: {{ include "clearmlAgent.name" . }}-ac
               {{- end }}
               key: agentk8sglue_secret
-        {{- if .Values.agentk8sglue.podTemplate.env }}
-        {{ toYaml .Values.agentk8sglue.podTemplate.env | nindent 8 }}
+        {{- if .Values.agentk8sglue.basePodTemplate.env }}
+        {{ toYaml .Values.agentk8sglue.basePodTemplate.env | nindent 8 }}
         {{- end }}
-        {{- with .Values.agentk8sglue.podTemplate.nodeSelector}}
+        {{- with .Values.agentk8sglue.basePodTemplate.nodeSelector}}
       nodeSelector:
           {{- toYaml . | nindent 8 }}
         {{- end }}
-        {{- with .Values.agentk8sglue.podTemplate.tolerations }}
+        {{- with .Values.agentk8sglue.basePodTemplate.tolerations }}
       tolerations:
           {{- toYaml . | nindent 8 }}
         {{- end }}
+        {{- with .Values.agentk8sglue.basePodTemplate.affinity }}
+      affinity:
+          {{- toYaml . | nindent 8 }}
+        {{- end }}
+{{- end }}
+{{- if .Values.sessions.portModeEnabled }}
+{{- range untilStep 1 ( ( add .Values.sessions.maxServices 1 ) | int ) 1 }}
+  services-{{ . }}.yaml: |
+    apiVersion: v1
+    kind: Service
+    metadata:
+      name: clearml-session-{{ . }}
+      labels:
+        {{- include "clearmlAgent.labels" $ | nindent 8 }}
+      {{- with $.Values.sessions.svcAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+    spec:
+      type: {{ $.Values.sessions.svcType }}
+      ports:
+        - targetPort: 10022
+          {{- if eq $.Values.sessions.svcType "NodePort" }}
+          port: 10022
+          {{- else }}
+          port: {{ add $.Values.sessions.startingPort . }}
+          {{- end }}
+          protocol: TCP
+          {{- if eq $.Values.sessions.svcType "NodePort" }}
+          nodePort: {{ add $.Values.sessions.startingPort . }}
+          {{- end }}
+      selector:
+        ai.allegro.agent.serial: pod-{{ . }}
+{{- end }}
+{{- end }}

charts/clearml-agent/templates/agentk8sglue-deployment.yaml

@@ -1,9 +1,11 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: {{ include "agentk8sglue.referenceName" . }}
+  name: {{ include "clearmlAgent.name" . }}
   labels:
-    {{- include "clearml.labels" . | nindent 4 }}
+    {{- include "clearmlAgent.labels" . | nindent 4 }}
+  annotations:
+    {{- include "clearmlAgent.annotations" . | nindent 4 }}
 spec:
   replicas: {{ .Values.agentk8sglue.replicaCount }}
   selector:
@@ -12,32 +14,77 @@ spec:
   template:
     metadata:
       annotations:
-        checksum/config: {{ printf "%s%s" .Values.clearml .Values.agentk8sglue | sha256sum }}
+        checksum/config: {{ printf "%s" .Values | sha256sum }}
+        {{- include "clearmlAgent.annotations" . | nindent 8 }}
       labels:
-        {{- include "agentk8sglue.selectorLabels" . | nindent 8 }}
+        {{- include "clearmlAgent.labels" . | nindent 8 }}
     spec:
       {{- if .Values.imageCredentials.enabled }}
       imagePullSecrets:
       {{- if .Values.imageCredentials.existingSecret }}
-      - name: "{{.Values.imageCredentials.existingSecret}}"
+      - name: {{ .Values.imageCredentials.existingSecret }}
       {{- else }}
-      - name: {{ include "agentk8sglue.referenceName" . }}-clearml-agent-registry-key
+      - name: {{ include "clearmlAgent.name" . }}-ark
       {{- end }}
       {{- end }}
+      serviceAccountName: {{ include "clearmlAgent.serviceAccountName" . }}
+      securityContext: {{ toYaml .Values.agentk8sglue.securityContext | nindent 8 }}
+      initContainers:
+      - name: init-k8s-glue
+        {{- if .Values.enterpriseFeatures.enabled }}
+        image: "{{ .Values.agentk8sglue.image.repository }}:{{ .Values.enterpriseFeatures.agentImageTagOverride }}"
+        {{- else }}
+        image: "{{ .Values.agentk8sglue.image.repository }}:{{ .Values.agentk8sglue.image.tag }}"
+        {{- end }}
+        command:
+          - /bin/sh
+          - -c
+          - >
+            set -x;
+            while [ $(curl {{ if not .Values.agentk8sglue.clearmlcheckCertificate }}--insecure{{ end }} -sw '%{http_code}' "{{.Values.agentk8sglue.apiServerUrlReference}}/debug.ping" -o /dev/null) -ne 200 ] ; do
+              echo "waiting for apiserver" ;
+              sleep 5 ;
+            done;
+            while [[ $(curl {{ if not .Values.agentk8sglue.clearmlcheckCertificate }}--insecure{{ end }} -sw '%{http_code}' "{{.Values.agentk8sglue.fileServerUrlReference}}/" -o /dev/null) =~ 403|405 ]] ; do
+              echo "waiting for fileserver" ;
+              sleep 5 ;
+            done;
+            while [ $(curl {{ if not .Values.agentk8sglue.clearmlcheckCertificate }}--insecure{{ end }} -sw '%{http_code}' "{{.Values.agentk8sglue.webServerUrlReference}}/" -o /dev/null) -ne 200 ] ; do
+              echo "waiting for webserver" ;
+              sleep 5 ;
+            done
       containers:
       - name: k8s-glue
+        {{- if .Values.enterpriseFeatures.enabled }}
+        image: "{{ .Values.agentk8sglue.image.repository }}:{{ .Values.enterpriseFeatures.agentImageTagOverride }}"
+        {{- else }}
         image: "{{ .Values.agentk8sglue.image.repository }}:{{ .Values.agentk8sglue.image.tag }}"
+        {{- end }}
         imagePullPolicy: IfNotPresent
-        command: ["/bin/bash", "-c", "export PATH=$PATH:$HOME/bin; source /root/.bashrc && /root/entrypoint.sh"]
+        command:
+          - /bin/bash
+          - -c
+          - >
+            export PATH=$PATH:$HOME/bin;
+            source /root/.bashrc && /root/entrypoint.sh
         volumeMounts:
-          - name: {{ include "agentk8sglue.referenceName" . }}-k8sagent-pod-template
+          - name: {{ include "clearmlAgent.name" . }}-pt
             mountPath: /root/template
-          {{- if or .Values.clearml.clearmlConfig .Values.clearml.existingClearmlConfigSecret }}
+          {{ if .Values.clearml.clearmlConfig }}
           - name: k8sagent-clearml-conf-volume
             mountPath: /root/clearml.conf
             subPath: clearml.conf
             readOnly: true
           {{- end }}
+          {{- if .Values.agentk8sglue.volumeMounts }}
+          {{- toYaml .Values.agentk8sglue.volumeMounts | nindent 10 }}
+          {{- end }}
+          {{- range .Values.agentk8sglue.fileMounts }}
+          - name: filemounts
+            mountPath: "{{ .folderPath }}/{{ .name }}"
+            subPath: "{{ .name }}"
+            readOnly: true
+          {{- end }}
         env:
           - name: CLEARML_API_HOST
             value: "{{.Values.agentk8sglue.apiServerUrlReference}}"
@@ -45,56 +92,129 @@ spec:
             value: "{{.Values.agentk8sglue.webServerUrlReference}}"
           - name: CLEARML_FILES_HOST
             value: "{{.Values.agentk8sglue.fileServerUrlReference}}"
-          - name: K8S_GLUE_MAX_PODS
-            value: "{{.Values.agentk8sglue.maxPods}}"
-          - name: K8S_GLUE_QUEUE
-            value: "{{.Values.agentk8sglue.queue}}"
+          {{- if not .Values.agentk8sglue.clearmlcheckCertificate }}
+          - name: CLEARML_API_HOST_VERIFY_CERT
+            value: "false"
+          {{- end }}
+          {{- if .Values.sessions.portModeEnabled }}
           - name: K8S_GLUE_EXTRA_ARGS
-            value: "--namespace {{ .Release.Namespace }} --template-yaml /root/template/template.yaml"
+            value: "--namespace {{ .Release.Namespace }} --template-yaml /root/template/template.yaml \
+                    --ports-mode --num-of-services {{ .Values.sessions.maxServices }} \
+                    --base-port {{ .Values.sessions.startingPort }} \
+                    --gateway-address {{ .Values.sessions.externalIP }}{{ if .Values.enterpriseFeatures.enabled }}{{ if .Values.enterpriseFeatures.useOwnerToken }} --use-owner-token{{ end }}{{ end }}"
+          {{- if .Values.sessions.dynamicSvcs }}
+          - name: CLEARML_K8S_GLUE_POD_POST_APPLY_CMD
+            value: "kubectl -n {namespace} apply -f ~/template/services-{pod_number}.yaml ; kubectl -n {namespace} label svc clearml-session-{pod_number} service-for={pod_name}"
+          - name: CLEARML_K8S_GLUE_POD_POST_DELETE_CMD
+            value: "kubectl -n {namespace} delete svc -l service-for={pod_name}"
+          {{- end }}
+          {{- else}}
+          - name: K8S_GLUE_EXTRA_ARGS
+            value: "--namespace {{ .Release.Namespace }} --template-yaml /root/template/template.yaml \
+                    --max-pods {{.Values.enterpriseFeatures.maxPods}}{{ if .Values.enterpriseFeatures.enabled }}{{ if .Values.enterpriseFeatures.useOwnerToken }} --use-owner-token{{ end }}{{ end }}"
+          {{- end }}
+          {{- if .Values.clearml.clearmlConfig }}
+          - name: CLEARML_CONFIG_FILE
+            value: /root/clearml.conf
+          {{- end }}
+          - name: CLEARML_K8S_GLUE_LIMIT_POD_LABEL
+            value: "ai.allegro.agent.serial=pod-{pod_number}"
+          - name: CLEARML_K8S_SECRETS_LIST_FILE
+            value: /root/template/secrets.yaml
           - name: K8S_DEFAULT_NAMESPACE
             value: "{{ .Release.Namespace }}"
           - name: CLEARML_API_ACCESS_KEY
             valueFrom:
               secretKeyRef:
-                {{- if .Values.clearml.existingAgentk8sglueSecret }}
-                name: {{ .Values.clearml.existingAgentk8sglueSecret }}
-                {{- else }}
-                name: {{ include "agentk8sglue.referenceName" . }}-clearml-agent-k8sglue
-                {{- end }}
+                name: {{ include "clearmlAgent.name" . }}-ac
                 key: agentk8sglue_key
           - name: CLEARML_API_SECRET_KEY
             valueFrom:
               secretKeyRef:
-                {{- if .Values.clearml.existingAgentk8sglueSecret }}
-                name: {{ .Values.clearml.existingAgentk8sglueSecret }}
-                {{- else }}
-                name: {{ include "agentk8sglue.referenceName" . }}-clearml-agent-k8sglue
-                {{- end }}
+                name: {{ include "clearmlAgent.name" . }}-ac
                 key: agentk8sglue_secret
           - name: CLEARML_WORKER_ID
-            value: "{{.Values.agentk8sglue.id}}"
+            value: {{ include "clearmlAgent.name" . }}
           - name: CLEARML_AGENT_UPDATE_REPO
             value: ""
           - name: FORCE_CLEARML_AGENT_REPO
-            value: ""
+            value: "" 
           - name: CLEARML_DOCKER_IMAGE
             value: "{{.Values.agentk8sglue.defaultContainerImage}}"
+          {{ if .Values.agentk8sglue.customBashScript }}
+          - name: CLEARML_K8S_GLUE_EXTRA_BASH_SCRIPT
+            value: "{{.Values.agentk8sglue.customBashScript}}"
+          {{- end }}
+          {{ if .Values.agentk8sglue.containerCustomBashScript }}
+          - name: CLEARML_K8S_GLUE_POD_BASH_SCRIPT
+            value: "{{.Values.agentk8sglue.containerCustomBashScript}}"
+          {{- end }}
+          {{- if .Values.agentk8sglue.debugMode }}
+          - name: "CLEARML_K8S_GLUE_DEBUG"
+            value: "1"
+          {{- end }}
           {{- if .Values.agentk8sglue.extraEnvs }}
           {{ toYaml .Values.agentk8sglue.extraEnvs | nindent 10 }}
           {{- end }}
+          {{- if  .Values.sessions.portModeEnabled }}
+          {{- if  .Values.sessions.setInteractiveQueuesTag }}
+          - name: "CLEARML_K8S_GLUE_SET_QUEUE_SYSTEM_TAGS"
+            value: "interactive"
+          {{- end }}
+          {{- end }}
+          {{- if .Values.agentk8sglue.taskAsJob }}
+          - name: "CLEARML_K8S_GLUE_KIND"
+            value: "job"
+          {{- else }}
+          - name: "CLEARML_K8S_GLUE_KIND"
+            value: "pod"
+          {{- end }}
+          {{- if .Values.enterpriseFeatures.enabled }}
+          - name: K8S_GLUE_QUEUE
+            value: {{ include "agentk8sglue.queues" . | quote }}
+          - name: CLEARML_K8S_GLUE_CREATE_QUEUE
+            value: {{ include "agentk8sglue.createQueues" . | quote }}
+          - name: CLEARML_K8S_GLUE_APPLY_VAULT_ENV_VARS
+            value: {{ .Values.enterpriseFeatures.applyVaultEnvVars | quote }}
+          - name: "CLEARML_K8S_GLUE_POD_MIN_RES_FIELD"
+            value: {{ .Values.enterpriseFeatures.monitoredResources.minResourcesFieldName }}
+          - name: "CLEARML_K8S_GLUE_MAX_RESOURCES"
+            value: "{{.Values.enterpriseFeatures.monitoredResources.maxResources}}"
+          - name: "CLEARML_K8S_GLUE_POD_MAX_RES_FIELD"
+            value: {{ .Values.enterpriseFeatures.monitoredResources.maxResourcesFieldName }}
+          {{- else }}
+          - name: K8S_GLUE_QUEUE
+            value: {{ .Values.agentk8sglue.queue }}
+          {{- end }}
+      {{- with .Values.agentk8sglue.nodeSelector}}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.agentk8sglue.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.agentk8sglue.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
       volumes:
-        - name: {{ include "agentk8sglue.referenceName" . }}-k8sagent-pod-template
-          configMap: 
-            name: {{ include "agentk8sglue.referenceName" . }}-k8sagent-pod-template
-        {{- if or .Values.clearml.clearmlConfig .Values.clearml.existingClearmlConfigSecret }}
+        - name: {{ include "clearmlAgent.name" . }}-pt
+          configMap:
+            name: {{ include "clearmlAgent.name" . }}-pt
+        {{ if .Values.clearml.clearmlConfig }}
         - name: k8sagent-clearml-conf-volume
           secret:
-            {{- if .Values.clearml.existingClearmlConfigSecret }}
-            secretName: {{ .Values.clearml.existingClearmlConfigSecret }}
-            {{- else }}
-            secretName: {{ include "agentk8sglue.referenceName" . }}-clearml-agent-conf
-            {{- end }}
+            secretName: {{ include "clearmlAgent.name" . }}-ac
             items:
             - key: clearml.conf
               path: clearml.conf
         {{ end }}
+        {{- if .Values.agentk8sglue.volumes }}
+        {{- toYaml .Values.agentk8sglue.volumes | nindent 8 }}
+        {{- end }}
+        {{ if .Values.agentk8sglue.fileMounts }}
+        - name: filemounts
+          secret:
+            secretName: {{ include "clearmlAgent.name" . }}-afm
+        {{- end }}

charts/clearml-agent/templates/agentk8sglue-rbac.yaml

@@ -1,23 +1,88 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
+{{- if not .Values.agentk8sglue.serviceExistingAccountName }}
+apiVersion: v1
+kind: ServiceAccount
 metadata:
-  name: {{ include "agentk8sglue.referenceName" . }}-k8sagent-pods-access
+  name: {{ include "clearmlAgent.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- if .Values.enterpriseFeatures.serviceAccountClusterAccess }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "clearmlAgent.name" . }}-kpa
 rules:
   - apiGroups:
       - ""
     resources:
       - pods
+      - secrets
+      - services
     verbs: ["get", "list", "watch", "create", "patch", "delete"]
+  - apiGroups:
+      - ""
+    resources:
+      - namespaces
+    verbs: ["list"]
+  {{- if .Values.agentk8sglue.taskAsJob }}
+  - apiGroups:
+      - batch
+      - extensions
+    resources:
+      - jobs
+    verbs: ["get", "list", "watch", "create", "patch", "delete"]
+  {{- end }} 
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "clearmlAgent.name" . }}-kpa
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "clearmlAgent.serviceAccountName" . }}
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "clearmlAgent.name" . }}-kpa
+{{- else }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ include "clearmlAgent.name" . }}-kpa
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+      - secrets
+      - services
+    verbs: ["get", "list", "watch", "create", "patch", "delete"]
+  - apiGroups:
+      - ""
+    resources:
+      - namespaces
+    verbs: ["list"]
+  {{- if .Values.agentk8sglue.taskAsJob }}
+  - apiGroups:
+      - batch
+      - extensions
+    resources:
+      - jobs
+    verbs: ["get", "list", "watch", "create", "patch", "delete"]
+  {{- end }}    
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
-  name: {{ include "agentk8sglue.referenceName" . }}-k8sagent-pods-access
+  name: {{ include "clearmlAgent.name" . }}-kpa
 subjects:
   - kind: ServiceAccount
-    name: default
+    name: {{ include "clearmlAgent.serviceAccountName" . }}
     namespace: {{ .Release.Namespace }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
-  name: {{ include "agentk8sglue.referenceName" . }}-k8sagent-pods-access
+  name: {{ include "clearmlAgent.name" . }}-kpa
+{{- end }}

charts/clearml-agent/templates/clearml-secrets.yaml

@@ -1,28 +1,18 @@
-{{- if not .Values.clearml.existingAgentk8sglueSecret }}
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ include "agentk8sglue.referenceName" . }}-clearml-agent-k8sglue
+  name: {{ include "clearmlAgent.name" . }}-ac
 data:
   agentk8sglue_key: {{ .Values.clearml.agentk8sglueKey | b64enc }}
   agentk8sglue_secret: {{ .Values.clearml.agentk8sglueSecret | b64enc }}
-{{- end }}
----
-{{- if not .Values.clearml.existingClearmlConfigSecret }}
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ include "agentk8sglue.referenceName" . }}-clearml-agent-conf
-data:
   clearml.conf: {{ .Values.clearml.clearmlConfig | b64enc }}
 ---
-{{- end }}
 {{- if .Values.imageCredentials.enabled }}
 {{- if not .Values.imageCredentials.existingSecret }}
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ include "agentk8sglue.referenceName" . }}-clearml-agent-registry-key
+  name: {{ include "clearmlAgent.name" . }}-ark
 type: kubernetes.io/dockerconfigjson
 data:
   .dockerconfigjson: {{ template "imagePullSecret" . }}

charts/clearml-agent/templates/service-secret.yaml

@@ -0,0 +1,37 @@
+{{ if .Values.agentk8sglue.fileMounts }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "clearmlAgent.name" . }}-afm
+data:
+  {{- range .Values.agentk8sglue.fileMounts }}
+  {{ .name }}: {{ .fileContent | b64enc }}
+  {{- end }}
+{{ end }}
+---
+{{- if .Values.enterpriseFeatures.enabled }}
+{{ if .Values.agentk8sglue.basePodTemplate.fileMounts }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "clearmlAgent.name" . }}-fm
+data:
+  {{- range .Values.agentk8sglue.basePodTemplate.fileMounts }}
+  {{ .name }}: {{ .fileContent | b64enc }}
+  {{- end }}
+{{ end }}
+---
+{{- range $key, $value := $.Values.agentk8sglue.queues }}
+{{ if .templateOverrides.fileMounts }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "clearmlAgent.name" $ }}-{{ $key }}-fm
+data:
+  {{- range .templateOverrides.fileMounts }}
+  {{ .name }}: {{ .fileContent | b64enc }}
+  {{- end }}
+{{ end }}
+---
+{{- end }}
+{{- end }}

charts/clearml-agent/templates/service-sessions.yaml

@@ -0,0 +1,32 @@
+{{- if .Values.sessions.portModeEnabled }}
+{{- if not .Values.sessions.dynamicSvcs }}
+{{- range untilStep 1 ( ( add .Values.sessions.maxServices 1 ) | int ) 1 }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: clearml-session-{{ . }}
+  labels:
+    {{- include "clearmlAgent.labels" $ | nindent 4 }}
+  {{- with $.Values.sessions.svcAnnotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  type: {{ $.Values.sessions.svcType }}
+  ports:
+    - targetPort: 10022
+      {{- if eq $.Values.sessions.svcType "NodePort" }}
+      port: 10022
+      {{- else }}
+      port: {{ add $.Values.sessions.startingPort . }}
+      {{- end }}
+      protocol: TCP
+      {{- if eq $.Values.sessions.svcType "NodePort" }}
+      nodePort: {{ add $.Values.sessions.startingPort . }}
+      {{- end }}
+  selector:
+    ai.allegro.agent.serial: pod-{{ . }}
+{{- end }}
+{{- end }}
+{{- end }}

charts/clearml-agent/values.yaml

@@ -41,9 +41,15 @@ agentk8sglue:
   # -- Glue Agent number of pods
   replicaCount: 1
 
+  # -- if set, don't create a serviceAccountName but use defined existing one
+  serviceExistingAccountName: ""
+
   # -- Check certificates validity for evefry UrlReference below.
   clearmlcheckCertificate: true
 
+  # -- Enable Debugging logs for Agent pod
+  debugMode: false
+
   # -- Reference to Api server url
   apiServerUrlReference: "https://api.clear.ml"
   # -- Reference to File server url
@@ -51,32 +57,99 @@ agentk8sglue:
   # -- Reference to Web server url
   webServerUrlReference: "https://app.clear.ml"
 
-  # -- serviceAccountName for pods spawned to consume ClearML Task
-  serviceAccountName: default
-  # -- maximum concurrent consume ClearML Task pod
-  maxPods: 10
   # -- default container image for ClearML Task pod
   defaultContainerImage: ubuntu:18.04
   # -- ClearML queue this agent will consume
   queue: default
-
-  # -- ClearML worker ID (must be unique across the entire ClearMLenvironment)
-  id: k8s-agent
-
-  # -- Environment variables to be exposed in the agentk8sglue pods
+  # -- ClearML spawn tasks as jobs instead of pods
+  taskAsJob: false
+  # -- Custom Bash script for the Glue Agent
+  # -- labels setup for Agent pod (example in values.yaml comments)
+  labels: {}
+    # schedulerName: scheduler
+  # -- annotations setup for Agent pod (example in values.yaml comments)
+  annotations: {}
+    # key1: value1
+  customBashScript: ""
+  # -- Custom Bash script for the Task Pods ran by Glue Agent
+  containerCustomBashScript: ""
+  # -- Extra Environment variables for Glue Agent
   extraEnvs: []
+    # - name: PYTHONPATH
+    #   value: "somepath"
+    # -- Web Server pod security context
+  securityContext: {}
+    #  runAsUser: 1001
+    #  fsGroup: 1001
+  # -- nodeSelector setup for Agent pod (example in values.yaml comments)
+  nodeSelector: {}
+    # fleet: agent-nodes
+  # -- tolerations setup for Agent pod (example in values.yaml comments)
+  tolerations: []
+  # -- affinity setup for Agent pod (example in values.yaml comments)
+  affinity: {}
+  # -- volumes definition for Glue Agent (example in values.yaml comments)
+  volumes: []
+    # - name: "yourvolume"
+    #   nfs:
+    #    server: 192.168.0.1
+    #    path: /var/nfs/mount
+  # -- volume mounts definition for Glue Agent (example in values.yaml comments)
+  volumeMounts: []
+    # - name: yourvolume
+    #   mountPath: /yourpath
+    #   subPath: userfolder
 
-  # -- template for pods spawned to consume ClearML Task
-  podTemplate:
+  # -- file definition for Glue Agent (example in values.yaml comments)
+  fileMounts: []
+    # - name: "integration.py"
+    #   folderPath: "/mnt/python"
+    #   fileContent: |-
+    #     def get_template(*args, **kwargs):
+    #       print("args: {}".format(args))
+    #       print("kwargs: {}".format(kwargs))
+    #       return {
+    #           "template": {
+    #           }
+    #       }
+
+  # -- base template for pods spawned to consume ClearML Task
+  basePodTemplate:
+    # -- labels setup for pods spawned to consume ClearML Task (example in values.yaml comments)
+    labels: {}
+      # schedulerName: scheduler
+    # -- annotations setup for pods spawned to consume ClearML Task (example in values.yaml comments)
+    annotations: {}
+      # key1: value1
+    # -- initContainers definition for pods spawned to consume ClearML Task (example in values.yaml comments)
+    initContainers: []
+      # - name: volume-dirs-init-cntr
+      #   image: busybox:1.35
+      #  command:
+      #    - /bin/bash
+      #    - -c
+      #    - >
+      #      /bin/echo "this is an init";
+    # -- schedulerName setup for pods spawned to consume ClearML Task
+    schedulerName: ""
     # -- volumes definition for pods spawned to consume ClearML Task (example in values.yaml comments)
     volumes: []
       # - name: "yourvolume"
-      #   persistentVolumeClaim:
-      #     claimName: "yourvolume"
-    # -- volumeMounts definition for pods spawned to consume ClearML Task (example in values.yaml comments)
+      #   nfs:
+      #    server: 192.168.0.1
+      #    path: /var/nfs/mount
+    # -- volume mounts definition for pods spawned to consume ClearML Task (example in values.yaml comments)
     volumeMounts: []
-      # - name: "yourvolume"
-      #   mountPath: "/yourpath"
+      # - name: yourvolume
+      #   mountPath: /yourpath
+      #   subPath: userfolder
+    # -- file definition for pods spawned to consume ClearML Task (example in values.yaml comments)
+    fileMounts: []
+      # - name: "mounted-file.txt"
+      #   folderPath: "/mnt/"
+      #   fileContent: |-
+      #     this is a test file
+      #     with test content
     # -- environment variables for pods spawned to consume ClearML Task (example in values.yaml comments)
     env: []
       # # to setup access to private repo, setup secret with git credentials:
@@ -87,15 +160,91 @@ agentk8sglue:
       #     secretKeyRef:
       #       name: git-password
       #       key: git-password
+      # - name: CURL_CA_BUNDLE
+      #   value: ""
+      # - name: PYTHONWARNINGS
+      #   value: "ignore:Unverified HTTPS request"
     # -- resources declaration for pods spawned to consume ClearML Task (example in values.yaml comments)
     resources: {}
       # limits:
       #   nvidia.com/gpu: 1
+    # -- priorityClassName setup for pods spawned to consume ClearML Task
+    priorityClassName: ""
+    # -- nodeSelector setup for pods spawned to consume ClearML Task (example in values.yaml comments)
+    nodeSelector: {}
+      # fleet: gpu-nodes
     # -- tolerations setup for pods spawned to consume ClearML Task (example in values.yaml comments)
     tolerations: []
       # - key: "nvidia.com/gpu"
       #   operator: Exists
       #   effect: "NoSchedule"
-    # -- nodeSelector setup for pods spawned to consume ClearML Task (example in values.yaml comments)
-    nodeSelector: {}
-      # fleet: gpu-nodes
+    # -- affinity setup for pods spawned to consume ClearML Task
+    affinity: {}
+    # -- securityContext setup for pods spawned to consume ClearML Task (example in values.yaml comments)
+    securityContext: {}
+      #  runAsUser: 1001
+      #  fsGroup: 1001
+    # -- hostAliases setup for pods spawned to consume ClearML Task (example in values.yaml comments)
+    hostAliases: []
+    # - ip: "127.0.0.1"
+    #   hostnames:
+    #   - "foo.local"
+    #   - "bar.local"
+
+# -- Sessions internal service configuration
+sessions:
+  # -- Enable/Disable sessions portmode WARNING: only one Agent deployment can have this set to true
+  portModeEnabled: false
+  # -- Enable/Disable dynamic svc for sessions pods
+  dynamicSvcs: false
+  # -- specific annotations for session services
+  svcAnnotations: {}
+  # -- service type ("NodePort" or "ClusterIP" or "LoadBalancer")
+  svcType: "NodePort"
+  # -- External IP sessions clients can connect to
+  externalIP: 0.0.0.0
+  # -- starting range of exposed NodePorts
+  startingPort: 30000
+  # -- maximum number of NodePorts exposed
+  maxServices: 20
+  # -- set interactive queue tags
+  setInteractiveQueuesTag: true
+
+# -- Enterprise features (work only with an Enterprise license)
+enterpriseFeatures:
+  # -- Enable/Disable Enterprise features
+  enabled: false
+  # -- Image tag override for enterprise version
+  agentImageTagOverride: "1.24-58"
+  # -- service account access every namespace flag
+  serviceAccountClusterAccess: false
+  # -- push env vars from Clear.ML Vault to task pods
+  applyVaultEnvVars: true
+  # -- GPU resource general counters
+  monitoredResources:
+    # -- Field name used by Agent to count minimum resources
+    minResourcesFieldName: "resources|limits|nvidia.com/gpu"
+    # -- Maximum resources counter
+    maxResources: 0
+    # -- Field name used by Agent to count maximum resources
+    maxResourcesFieldName: "resources|limits|nvidia.com/gpu"
+  # -- maximum concurrent consume ClearML Task pod
+  maxPods: 10
+  # -- Agent must use owner Token
+  useOwnerToken: true
+  # -- Create queues if they don't exist
+  createQueues: false
+  # -- ClearML queues and related template OVERRIDES used this agent will consume
+  queues:
+    # -- name of the queue will be used for this template
+    # default:
+      # -- overrides of the base template for this queue (must be declared even if empty!)
+      # templateOverrides: {}
+    ## -- name of the queue will be used for this template
+    # default-gpu:
+    #  # -- overrides of the base template for this queue
+    #  templateOverrides:
+    #     # -- resources declaration for pods spawned to consume ClearML Task
+    #    resources:
+    #      limits:
+    #        nvidia.com/gpu: 1

charts/clearml/Chart.yaml

@@ -2,9 +2,9 @@ apiVersion: v2
 name: clearml
 description: MLOps platform
 type: application
-version: "5.0.0"
-appVersion: "1.9.0"
-kubeVersion: ">= 1.21.0-0 < 1.26.0-0"
+version: "5.7.1"
+appVersion: "1.9.2"
+kubeVersion: ">= 1.21.0-0 < 1.27.0-0"
 home: https://clear.ml
 icon: https://raw.githubusercontent.com/allegroai/clearml/master/docs/clearml-logo.svg
 sources:
@@ -30,3 +30,7 @@ dependencies:
     version: "7.16.2"
     repository: "file://../../dependency_charts/elasticsearch"
     condition: elasticsearch.enabled
+annotations:
+  artifacthub.io/changes: |
+    - kind: added
+      description: fileserver support for emptyDir

charts/clearml/README.md

@@ -1,6 +1,6 @@
 # ClearML Ecosystem for Kubernetes
 
-![Version: 5.0.0](https://img.shields.io/badge/Version-5.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.9.0](https://img.shields.io/badge/AppVersion-1.9.0-informational?style=flat-square)
+![Version: 5.7.1](https://img.shields.io/badge/Version-5.7.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.9.2](https://img.shields.io/badge/AppVersion-1.9.2-informational?style=flat-square)
 
 MLOps platform
 
@@ -130,7 +130,7 @@ For detailed instructions, see the [Optional Configuration](https://github.com/a
 
 ## Requirements
 
-Kubernetes: `>= 1.21.0-0 < 1.26.0-0`
+Kubernetes: `>= 1.21.0-0 < 1.27.0-0`
 
 | Repository | Name | Version |
 |------------|------|---------|
@@ -142,18 +142,21 @@ Kubernetes: `>= 1.21.0-0 < 1.26.0-0`
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| apiserver | object | `{"additionalConfigs":{},"affinity":{},"enabled":true,"extraEnvs":[],"image":{"pullPolicy":"IfNotPresent","repository":"allegroai/clearml","tag":"1.9.1-312"},"indexReplicas":0,"indexShards":1,"ingress":{"annotations":{},"enabled":false,"hostName":"api.clearml.127-0-0-1.nip.io","path":"/","tlsSecretName":""},"nodeSelector":{},"podAnnotations":{},"prepopulateEnabled":true,"processes":{"count":8,"maxRequests":1000,"maxRequestsJitter":300,"timeout":24000},"replicaCount":1,"resources":{"limits":{"cpu":"2000m","memory":"1Gi"},"requests":{"cpu":"100m","memory":"256Mi"}},"service":{"nodePort":30008,"port":8008,"type":"NodePort"},"tolerations":[]}` | Api Server configurations |
-| apiserver.additionalConfigs | object | `{}` | files declared in this parameter will be mounted and read by apiserver (examples in values.yaml) |
+| apiserver | object | `{"additionalConfigs":{},"affinity":{},"enabled":true,"existingAdditionalConfigsConfigMap":"","existingAdditionalConfigsSecret":"","extraEnvs":[],"image":{"pullPolicy":"IfNotPresent","repository":"allegroai/clearml","tag":"1.9.2-317"},"indexReplicas":0,"indexShards":1,"ingress":{"annotations":{},"enabled":false,"hostName":"api.clearml.127-0-0-1.nip.io","ingressClassName":"","path":"/","tlsSecretName":""},"nodeSelector":{},"podAnnotations":{},"prepopulateEnabled":true,"processes":{"count":8,"maxRequests":1000,"maxRequestsJitter":300,"timeout":24000},"replicaCount":1,"resources":{"limits":{"cpu":"2000m","memory":"1Gi"},"requests":{"cpu":"100m","memory":"256Mi"}},"securityContext":{},"service":{"nodePort":30008,"port":8008,"type":"NodePort"},"tolerations":[]}` | Api Server configurations |
+| apiserver.additionalConfigs | object | `{}` | files declared in this parameter will be mounted and read by apiserver (examples in values.yaml) if not overridden by existingAdditionalConfigsSecret |
 | apiserver.affinity | object | `{}` | Api Server affinity setup |
 | apiserver.enabled | bool | `true` | Enable/Disable component deployment |
+| apiserver.existingAdditionalConfigsConfigMap | string | `""` | reference for files declared in existing ConfigMap will be mounted and read by apiserver (examples in values.yaml) |
+| apiserver.existingAdditionalConfigsSecret | string | `""` | reference for files declared in existing Secret will be mounted and read by apiserver (examples in values.yaml) if not overridden by existingAdditionalConfigsConfigMap |
 | apiserver.extraEnvs | list | `[]` | Api Server extra envrinoment variables |
-| apiserver.image | object | `{"pullPolicy":"IfNotPresent","repository":"allegroai/clearml","tag":"1.9.1-312"}` | Api Server image configuration |
+| apiserver.image | object | `{"pullPolicy":"IfNotPresent","repository":"allegroai/clearml","tag":"1.9.2-317"}` | Api Server image configuration |
 | apiserver.indexReplicas | int | `0` | Number of additional replicas in Elasticsearch indexes |
 | apiserver.indexShards | int | `1` | Number of shards in Elasticsearch indexes |
-| apiserver.ingress | object | `{"annotations":{},"enabled":false,"hostName":"api.clearml.127-0-0-1.nip.io","path":"/","tlsSecretName":""}` | Ingress configuration for Api Server component |
+| apiserver.ingress | object | `{"annotations":{},"enabled":false,"hostName":"api.clearml.127-0-0-1.nip.io","ingressClassName":"","path":"/","tlsSecretName":""}` | Ingress configuration for Api Server component |
 | apiserver.ingress.annotations | object | `{}` | Ingress annotations |
 | apiserver.ingress.enabled | bool | `false` | Enable/Disable ingress |
 | apiserver.ingress.hostName | string | `"api.clearml.127-0-0-1.nip.io"` | Ingress hostname domain |
+| apiserver.ingress.ingressClassName | string | `""` | ClassName (must be defined if no default ingressClassName is available) |
 | apiserver.ingress.path | string | `"/"` | Ingress root path url |
 | apiserver.ingress.tlsSecretName | string | `""` | Reference to secret containing TLS certificate. If set, it enables HTTPS on ingress rule. |
 | apiserver.nodeSelector | object | `{}` | Api Server nodeselector |
@@ -166,6 +169,7 @@ Kubernetes: `>= 1.21.0-0 < 1.26.0-0`
 | apiserver.processes.timeout | int | `24000` | Api timeout (ms) |
 | apiserver.replicaCount | int | `1` | Api Server number of pods |
 | apiserver.resources | object | `{"limits":{"cpu":"2000m","memory":"1Gi"},"requests":{"cpu":"100m","memory":"256Mi"}}` | Api Server resources per pod; these are minimal requirements, it's suggested to increase these values in production environments |
+| apiserver.securityContext | object | `{}` | Api Server pod security context |
 | apiserver.service | object | `{"nodePort":30008,"port":8008,"type":"NodePort"}` | Api Server internal service configuration |
 | apiserver.service.nodePort | int | `30008` | If service.type set to NodePort, this will be set to service's nodePort field. If service.type is set to others, this field will be ignored |
 | apiserver.tolerations | list | `[]` | Api Server tolerations setup |
@@ -185,20 +189,21 @@ Kubernetes: `>= 1.21.0-0 < 1.26.0-0`
 | clearml.testUserKey | string | `"ENP39EQM4SLACGD5FXB7"` | Test Server basic auth key |
 | clearml.testUserSecret | string | `"lPcm0imbcBZ8mwgO7tpadutiS3gnJD05x9j7afwXPS35IKbpiQ"` | Test File Server basic auth secret |
 | elasticsearch | object | `{"clusterHealthCheckParams":"wait_for_status=yellow&timeout=1s","clusterName":"clearml-elastic","enabled":true,"esConfig":{"elasticsearch.yml":"xpack.security.enabled: false\n"},"esJavaOpts":"-Xmx2g -Xms2g","extraEnvs":[{"name":"bootstrap.memory_lock","value":"false"},{"name":"cluster.routing.allocation.node_initial_primaries_recoveries","value":"500"},{"name":"cluster.routing.allocation.disk.watermark.low","value":"500mb"},{"name":"cluster.routing.allocation.disk.watermark.high","value":"500mb"},{"name":"cluster.routing.allocation.disk.watermark.flood_stage","value":"500mb"},{"name":"http.compression_level","value":"7"},{"name":"reindex.remote.whitelist","value":"*.*"},{"name":"xpack.monitoring.enabled","value":"false"},{"name":"xpack.security.enabled","value":"false"}],"httpPort":9200,"minimumMasterNodes":1,"persistence":{"enabled":true},"replicas":1,"resources":{"limits":{"cpu":"2000m","memory":"4Gi"},"requests":{"cpu":"100m","memory":"2Gi"}},"roles":{"data":"true","ingest":"true","master":"true","remote_cluster_client":"true"},"volumeClaimTemplate":{"accessModes":["ReadWriteOnce"],"resources":{"requests":{"storage":"50Gi"}},"storageClassName":null}}` | Configuration from https://github.com/elastic/helm-charts/blob/7.16/elasticsearch/values.yaml |
-| enterpriseFeatures | object | `{"airGappedDocumentation":{"enabled":false,"image":{"repository":"","tag":""}},"clearmlApplications":{"affinity":{},"agentKey":"GK4PRTVT3706T25K6BA1","agentSecret":"ymLh1ok5k5xNUQfS944Xdx9xjf0wueokqKM2dMZfHuH9ayItG2","basePodImage":{"repository":"","tag":""},"enabled":true,"extraEnvs":[],"gitAgentPass":"git_password","gitAgentUser":"git_user","image":{"pullPolicy":"IfNotPresent","repository":"","tag":""},"nodeSelector":{},"podAnnotations":{},"replicaCount":1,"resources":{"limits":{"cpu":"2000m","memory":"1Gi"},"requests":{"cpu":"100m","memory":"256Mi"}},"tolerations":[]},"defaultCompanyGuid":"d1bd92a3b039400cbafc60a7a5b1e52b","enabled":false,"extraIndexUrl":"","overrideReferenceApiUrl":"","overrideReferenceFileUrl":""}` | Enterprise features (work only with an Enterprise license) |
-| enterpriseFeatures.airGappedDocumentation | object | `{"enabled":false,"image":{"repository":"","tag":""}}` | Air gapped documentation  configurations |
+| enterpriseFeatures | object | `{"airGappedDocumentation":{"enabled":false,"image":{"repository":"","tag":"4"}},"apiserverImageTagOverride":"3.15.3-909","clearmlApplications":{"affinity":{},"agentKey":"GK4PRTVT3706T25K6BA1","agentSecret":"ymLh1ok5k5xNUQfS944Xdx9xjf0wueokqKM2dMZfHuH9ayItG2","basePodImage":{"repository":"","tag":"app-1.1.1-47"},"enabled":true,"extraEnvs":[],"gitAgentPass":"git_password","gitAgentUser":"git_user","image":{"pullPolicy":"IfNotPresent","repository":"","tag":"1.24-58"},"nodeSelector":{},"podAnnotations":{},"replicaCount":1,"resources":{"limits":{"cpu":"2000m","memory":"1Gi"},"requests":{"cpu":"100m","memory":"256Mi"}},"tolerations":[]},"defaultCompanyGuid":"d1bd92a3b039400cbafc60a7a5b1e52b","enabled":false,"extraIndexUrl":"","fileserverImageTagOverride":"3.15.3-909","overrideReferenceApiUrl":"","overrideReferenceFileUrl":"","webserverImageTagOverride":"3.15.3-801"}` | Enterprise features (work only with an Enterprise license) |
+| enterpriseFeatures.airGappedDocumentation | object | `{"enabled":false,"image":{"repository":"","tag":"4"}}` | Air gapped documentation  configurations |
 | enterpriseFeatures.airGappedDocumentation.enabled | bool | `false` | Enable/Disable air gapped documentation deployment |
-| enterpriseFeatures.airGappedDocumentation.image | object | `{"repository":"","tag":""}` | Air gapped documentation image configuration |
-| enterpriseFeatures.clearmlApplications | object | `{"affinity":{},"agentKey":"GK4PRTVT3706T25K6BA1","agentSecret":"ymLh1ok5k5xNUQfS944Xdx9xjf0wueokqKM2dMZfHuH9ayItG2","basePodImage":{"repository":"","tag":""},"enabled":true,"extraEnvs":[],"gitAgentPass":"git_password","gitAgentUser":"git_user","image":{"pullPolicy":"IfNotPresent","repository":"","tag":""},"nodeSelector":{},"podAnnotations":{},"replicaCount":1,"resources":{"limits":{"cpu":"2000m","memory":"1Gi"},"requests":{"cpu":"100m","memory":"256Mi"}},"tolerations":[]}` | APPS configurations |
+| enterpriseFeatures.airGappedDocumentation.image | object | `{"repository":"","tag":"4"}` | Air gapped documentation image configuration |
+| enterpriseFeatures.apiserverImageTagOverride | string | `"3.15.3-909"` | Image tag override for apiserver enterprise version |
+| enterpriseFeatures.clearmlApplications | object | `{"affinity":{},"agentKey":"GK4PRTVT3706T25K6BA1","agentSecret":"ymLh1ok5k5xNUQfS944Xdx9xjf0wueokqKM2dMZfHuH9ayItG2","basePodImage":{"repository":"","tag":"app-1.1.1-47"},"enabled":true,"extraEnvs":[],"gitAgentPass":"git_password","gitAgentUser":"git_user","image":{"pullPolicy":"IfNotPresent","repository":"","tag":"1.24-58"},"nodeSelector":{},"podAnnotations":{},"replicaCount":1,"resources":{"limits":{"cpu":"2000m","memory":"1Gi"},"requests":{"cpu":"100m","memory":"256Mi"}},"tolerations":[]}` | APPS configurations |
 | enterpriseFeatures.clearmlApplications.affinity | object | `{}` | APPS affinity setup |
 | enterpriseFeatures.clearmlApplications.agentKey | string | `"GK4PRTVT3706T25K6BA1"` | Apps Server basic auth key |
 | enterpriseFeatures.clearmlApplications.agentSecret | string | `"ymLh1ok5k5xNUQfS944Xdx9xjf0wueokqKM2dMZfHuH9ayItG2"` | Apps Server basic auth secret |
-| enterpriseFeatures.clearmlApplications.basePodImage | object | `{"repository":"","tag":""}` | APPS base spawning pods image |
+| enterpriseFeatures.clearmlApplications.basePodImage | object | `{"repository":"","tag":"app-1.1.1-47"}` | APPS base spawning pods image |
 | enterpriseFeatures.clearmlApplications.enabled | bool | `true` | Enable/Disable component deployment |
 | enterpriseFeatures.clearmlApplications.extraEnvs | list | `[]` | APPS extra envrinoment variables |
 | enterpriseFeatures.clearmlApplications.gitAgentPass | string | `"git_password"` | Apps Server Git password |
 | enterpriseFeatures.clearmlApplications.gitAgentUser | string | `"git_user"` | Apps Server Git user |
-| enterpriseFeatures.clearmlApplications.image | object | `{"pullPolicy":"IfNotPresent","repository":"","tag":""}` | APPS image configuration |
+| enterpriseFeatures.clearmlApplications.image | object | `{"pullPolicy":"IfNotPresent","repository":"","tag":"1.24-58"}` | APPS image configuration |
 | enterpriseFeatures.clearmlApplications.nodeSelector | object | `{}` | APPS nodeselector |
 | enterpriseFeatures.clearmlApplications.podAnnotations | object | `{}` | specific annotation for APPS pods |
 | enterpriseFeatures.clearmlApplications.replicaCount | int | `1` | APPS number of pods |
@@ -207,34 +212,40 @@ Kubernetes: `>= 1.21.0-0 < 1.26.0-0`
 | enterpriseFeatures.defaultCompanyGuid | string | `"d1bd92a3b039400cbafc60a7a5b1e52b"` | Company ID |
 | enterpriseFeatures.enabled | bool | `false` | Enable/Disable Enterprise features |
 | enterpriseFeatures.extraIndexUrl | string | `""` | extra index URL for Enterprise packages |
+| enterpriseFeatures.fileserverImageTagOverride | string | `"3.15.3-909"` | Image tag override for fileserver enterprise version |
 | enterpriseFeatures.overrideReferenceApiUrl | string | `""` | set this value AND overrideReferenceFileUrl if external endpoint exposure is in place (like a LoadBalancer) example: "https://api.clearml.local" |
 | enterpriseFeatures.overrideReferenceFileUrl | string | `""` | set this value AND overrideReferenceAPIUrl if external endpoint exposure is in place (like a LoadBalancer) example: "https://files.clearml.local" |
-| externalServices | object | `{"elasticsearchHost":"","elasticsearchPort":9200,"mongodbConnectionString":"","redisHost":"","redisPort":6379}` | Definition of external services to use if not enabled as dependency charts here |
-| externalServices.elasticsearchHost | string | `""` | Existing ElasticSearch Hostname to use if elasticsearch.enabled is false |
-| externalServices.elasticsearchPort | int | `9200` | Existing ElasticSearch Port to use if elasticsearch.enabled is false |
-| externalServices.mongodbConnectionString | string | `""` | Existing MongoDB connection string to use if mongodb.enabled is false |
+| enterpriseFeatures.webserverImageTagOverride | string | `"3.15.3-801"` | Image tag override for webserver enterprise version |
+| externalServices | object | `{"elasticsearchConnectionString":"","mongodbConnectionStringAuth":"","mongodbConnectionStringBackend":"","redisHost":"","redisPort":6379}` | Definition of external services to use if not enabled as dependency charts here |
+| externalServices.elasticsearchConnectionString | string | `""` | Existing ElasticSearch connectionstring if elasticsearch.enabled is false (example in values.yaml) |
+| externalServices.mongodbConnectionStringAuth | string | `""` | Existing MongoDB connection string for BACKEND to use if mongodb.enabled is false |
+| externalServices.mongodbConnectionStringBackend | string | `""` | Existing MongoDB connection string for AUTH to use if mongodb.enabled is false |
 | externalServices.redisHost | string | `""` | Existing Redis Hostname to use if redis.enabled is false |
 | externalServices.redisPort | int | `6379` | Existing Redis Port to use if redis.enabled is false |
-| fileserver | object | `{"affinity":{},"enabled":true,"extraEnvs":[],"image":{"pullPolicy":"IfNotPresent","repository":"allegroai/clearml","tag":"1.9.1-312"},"ingress":{"annotations":{},"enabled":false,"hostName":"files.clearml.127-0-0-1.nip.io","path":"/","tlsSecretName":""},"nodeSelector":{},"podAnnotations":{},"replicaCount":1,"resources":{"limits":{"cpu":"2000m","memory":"1Gi"},"requests":{"cpu":"100m","memory":"256Mi"}},"service":{"nodePort":30081,"port":8081,"type":"NodePort"},"storage":{"data":{"accessMode":"ReadWriteOnce","class":"","size":"50Gi"}},"tolerations":[]}` | File Server configurations |
+| fileserver | object | `{"affinity":{},"enabled":true,"extraEnvs":[],"image":{"pullPolicy":"IfNotPresent","repository":"allegroai/clearml","tag":"1.9.2-317"},"ingress":{"annotations":{},"enabled":false,"hostName":"files.clearml.127-0-0-1.nip.io","ingressClassName":"","path":"/","tlsSecretName":""},"nodeSelector":{},"podAnnotations":{},"replicaCount":1,"resources":{"limits":{"cpu":"2000m","memory":"1Gi"},"requests":{"cpu":"100m","memory":"256Mi"}},"securityContext":{},"service":{"nodePort":30081,"port":8081,"type":"NodePort"},"storage":{"data":{"accessMode":"ReadWriteOnce","class":"","existingPVC":"","size":"50Gi"},"enabled":true},"tolerations":[]}` | File Server configurations |
 | fileserver.affinity | object | `{}` | File Server affinity setup |
 | fileserver.enabled | bool | `true` | Enable/Disable component deployment |
 | fileserver.extraEnvs | list | `[]` | File Server extra envrinoment variables |
-| fileserver.image | object | `{"pullPolicy":"IfNotPresent","repository":"allegroai/clearml","tag":"1.9.1-312"}` | File Server image configuration |
-| fileserver.ingress | object | `{"annotations":{},"enabled":false,"hostName":"files.clearml.127-0-0-1.nip.io","path":"/","tlsSecretName":""}` | Ingress configuration for File Server component |
+| fileserver.image | object | `{"pullPolicy":"IfNotPresent","repository":"allegroai/clearml","tag":"1.9.2-317"}` | File Server image configuration |
+| fileserver.ingress | object | `{"annotations":{},"enabled":false,"hostName":"files.clearml.127-0-0-1.nip.io","ingressClassName":"","path":"/","tlsSecretName":""}` | Ingress configuration for File Server component |
 | fileserver.ingress.annotations | object | `{}` | Ingress annotations |
 | fileserver.ingress.enabled | bool | `false` | Enable/Disable ingress |
 | fileserver.ingress.hostName | string | `"files.clearml.127-0-0-1.nip.io"` | Ingress hostname domain |
+| fileserver.ingress.ingressClassName | string | `""` | ClassName (must be defined if no default ingressClassName is available) |
 | fileserver.ingress.path | string | `"/"` | Ingress root path url |
 | fileserver.ingress.tlsSecretName | string | `""` | Reference to secret containing TLS certificate. If set, it enables HTTPS on ingress rule. |
 | fileserver.nodeSelector | object | `{}` | File Server nodeselector |
 | fileserver.podAnnotations | object | `{}` | specific annotation for File Server pods |
 | fileserver.replicaCount | int | `1` | File Server number of pods |
 | fileserver.resources | object | `{"limits":{"cpu":"2000m","memory":"1Gi"},"requests":{"cpu":"100m","memory":"256Mi"}}` | File Server resources per pod; these are minimal requirements, it's suggested to increase these values in production environments |
+| fileserver.securityContext | object | `{}` | File Server pod security context |
 | fileserver.service | object | `{"nodePort":30081,"port":8081,"type":"NodePort"}` | File Server internal service configuration |
 | fileserver.service.nodePort | int | `30081` | If service.type set to NodePort, this will be set to service's nodePort field. If service.type is set to others, this field will be ignored |
-| fileserver.storage | object | `{"data":{"accessMode":"ReadWriteOnce","class":"","size":"50Gi"}}` | File server persistence settings |
+| fileserver.storage | object | `{"data":{"accessMode":"ReadWriteOnce","class":"","existingPVC":"","size":"50Gi"},"enabled":true}` | File server persistence settings |
 | fileserver.storage.data.accessMode | string | `"ReadWriteOnce"` | Access mode (must be ReadWriteMany if fileserver replica > 1) |
 | fileserver.storage.data.class | string | `""` | Storage class (use default if empty) |
+| fileserver.storage.data.existingPVC | string | `""` | If set, it uses an already existing PVC instead of dynamic provisioning |
+| fileserver.storage.enabled | bool | `true` | If set to false no PVC is created and emptyDir is used |
 | fileserver.tolerations | list | `[]` | File Server tolerations setup |
 | imageCredentials | object | `{"email":"someone@host.com","enabled":false,"existingSecret":"","password":"pwd","registry":"docker.io","username":"someone"}` | Container registry configuration |
 | imageCredentials.email | string | `"someone@host.com"` | Email |
@@ -245,20 +256,22 @@ Kubernetes: `>= 1.21.0-0 < 1.26.0-0`
 | imageCredentials.username | string | `"someone"` | Registry username |
 | mongodb | object | `{"architecture":"standalone","auth":{"enabled":false},"enabled":true,"persistence":{"accessModes":["ReadWriteOnce"],"enabled":true,"size":"50Gi","storageClass":null},"replicaCount":1}` | Configuration from https://github.com/bitnami/charts/blob/master/bitnami/mongodb/values.yaml |
 | redis | object | `{"cluster":{"enabled":false},"databaseNumber":0,"enabled":true,"master":{"name":"{{ .Release.Name }}-redis-master","persistence":{"accessModes":["ReadWriteOnce"],"enabled":true,"size":"5Gi","storageClass":null},"port":6379},"usePassword":false}` | Configuration from https://github.com/bitnami/charts/blob/master/bitnami/redis/values.yaml |
-| webserver | object | `{"additionalConfigs":{},"affinity":{},"enabled":true,"extraEnvs":[],"image":{"pullPolicy":"IfNotPresent","repository":"allegroai/clearml","tag":"1.9.1-312"},"ingress":{"annotations":{},"enabled":false,"hostName":"app.clearml.127-0-0-1.nip.io","path":"/","tlsSecretName":""},"nodeSelector":{},"podAnnotations":{},"replicaCount":1,"resources":{"limits":{"cpu":"2000m","memory":"1Gi"},"requests":{"cpu":"100m","memory":"256Mi"}},"service":{"nodePort":30080,"port":8080,"type":"NodePort"},"tolerations":[]}` | Web Server configurations |
+| webserver | object | `{"additionalConfigs":{},"affinity":{},"enabled":true,"extraEnvs":[],"image":{"pullPolicy":"IfNotPresent","repository":"allegroai/clearml","tag":"1.9.2-317"},"ingress":{"annotations":{},"enabled":false,"hostName":"app.clearml.127-0-0-1.nip.io","ingressClassName":"","path":"/","tlsSecretName":""},"nodeSelector":{},"podAnnotations":{},"podSecurityContext":{},"replicaCount":1,"resources":{"limits":{"cpu":"2000m","memory":"1Gi"},"requests":{"cpu":"100m","memory":"256Mi"}},"service":{"nodePort":30080,"port":8080,"type":"NodePort"},"tolerations":[]}` | Web Server configurations |
 | webserver.additionalConfigs | object | `{}` | Additional specific webserver configurations |
 | webserver.affinity | object | `{}` | Web Server affinity setup |
 | webserver.enabled | bool | `true` | Enable/Disable component deployment |
 | webserver.extraEnvs | list | `[]` | Web Server extra envrinoment variables |
-| webserver.image | object | `{"pullPolicy":"IfNotPresent","repository":"allegroai/clearml","tag":"1.9.1-312"}` | Web Server image configuration |
-| webserver.ingress | object | `{"annotations":{},"enabled":false,"hostName":"app.clearml.127-0-0-1.nip.io","path":"/","tlsSecretName":""}` | Ingress configuration for Web Server component |
+| webserver.image | object | `{"pullPolicy":"IfNotPresent","repository":"allegroai/clearml","tag":"1.9.2-317"}` | Web Server image configuration |
+| webserver.ingress | object | `{"annotations":{},"enabled":false,"hostName":"app.clearml.127-0-0-1.nip.io","ingressClassName":"","path":"/","tlsSecretName":""}` | Ingress configuration for Web Server component |
 | webserver.ingress.annotations | object | `{}` | Ingress annotations |
 | webserver.ingress.enabled | bool | `false` | Enable/Disable ingress |
 | webserver.ingress.hostName | string | `"app.clearml.127-0-0-1.nip.io"` | Ingress hostname domain |
+| webserver.ingress.ingressClassName | string | `""` | ClassName (must be defined if no default ingressClassName is available) |
 | webserver.ingress.path | string | `"/"` | Ingress root path url |
 | webserver.ingress.tlsSecretName | string | `""` | Reference to secret containing TLS certificate. If set, it enables HTTPS on ingress rule. |
 | webserver.nodeSelector | object | `{}` | Web Server nodeselector |
 | webserver.podAnnotations | object | `{}` | specific annotation for Web Server pods |
+| webserver.podSecurityContext | object | `{}` | Web Server pod security context |
 | webserver.replicaCount | int | `1` | Web Server number of pods |
 | webserver.resources | object | `{"limits":{"cpu":"2000m","memory":"1Gi"},"requests":{"cpu":"100m","memory":"256Mi"}}` | Web Server resources per pod; these are minimal requirements, it's suggested to increase these values in production environments |
 | webserver.service | object | `{"nodePort":30080,"port":8080,"type":"NodePort"}` | Web Server internal service configuration |

charts/clearml/templates/_helpers.tpl

@@ -141,21 +141,24 @@ Create readiness probe auth token
 Elasticsearch Service name
 */}}
 {{- define "elasticsearch.servicename" -}}
-{{- if .Values.elasticsearch.enabled }}
 {{- .Values.elasticsearch.clusterName }}-master
-{{- else }}
-{{- .Values.externalServices.elasticsearchHost }}
-{{- end }}
 {{- end }}
 
 {{/*
 Elasticsearch Service port
 */}}
 {{- define "elasticsearch.serviceport" -}}
-{{- if .Values.elasticsearch.enabled }}
 {{- .Values.elasticsearch.httpPort }}
+{{- end }}
+
+{{/*
+Elasticsearch Comnnection string
+*/}}
+{{- define "elasticsearch.connectionstring" -}}
+{{- if .Values.elasticsearch.enabled }}
+{{- printf "[{\"host\":\"%s\",\"port\":%s}]" (include "elasticsearch.servicename" .) (include "elasticsearch.serviceport" .) | quote }}
 {{- else }}
-{{- .Values.externalServices.elasticsearchPort }}
+{{- .Values.externalServices.elasticsearchConnectionString | quote }}
 {{- end }}
 {{- end }}
 
@@ -163,7 +166,6 @@ Elasticsearch Service port
 MongoDB Comnnection string
 */}}
 {{- define "mongodb.connectionstring" -}}
-{{- if .Values.mongodb.enabled }}
 {{- if eq .Values.mongodb.architecture "standalone" }}
 {{- printf "%s%s%s" "mongodb://" .Release.Name "-mongodb:27017" }}
 {{- else }}
@@ -173,9 +175,6 @@ MongoDB Comnnection string
 {{- end }}
 {{- printf "%s" ( trimSuffix "," $connectionString ) }}
 {{- end }}
-{{- else }}
-{{- .Values.externalServices.mongodbConnectionString }}
-{{- end }}
 {{- end }}
 
 {{/*
@@ -206,11 +205,11 @@ clientConfiguration string compose
 {{- define "clearml.clientConfiguration" -}}
 {{- $clientConfiguration := "" }}
 {{- if and (.Values.clearml.clientConfigurationApiUrl) .Values.clearml.clientConfigurationFilesUrl }}
-{{- $clientConfiguration = "{\"apiServer\":\"{{ .Values.clearml.clientConfigurationApiUrl }}\",\"filesServer\":\"{{ .Values.clearml.clientConfigurationFilesUrl }}\"}" }}
+{{- $clientConfiguration = printf "%s%s%s%s%s" "{\"apiServer\":\"" .Values.clearml.clientConfigurationApiUrl "\",\"filesServer\":\"" .Values.clearml.clientConfigurationFilesUrl "\"}" }}
 {{- else if .Values.clearml.clientConfigurationApiUrl }}
-{{- $clientConfiguration = "{\"apiServer\":\"{{ .Values.clearml.clientConfigurationApiUrl }}\"}" }}
+{{- $clientConfiguration = printf "%s%s%s" "{\"apiServer\":\"" .Values.clearml.clientConfigurationApiUrl "\"}" }}
 {{- else if .Values.clearml.clientConfigurationFilesUrl }}
-{{- $clientConfiguration = "{\"filesServer\":\"{{ .Values.clearml.clientConfigurationFilesUrl }}\"}" }}
+{{- $clientConfiguration = printf "%s%s%s" "{\"filesServer\":\"" .Values.clearml.clientConfigurationFilesUrl "\"}" }}
 {{- end }}
 {{- $clientConfiguration }}
 {{- end }}

charts/clearml/templates/apiserver-deployment.yaml

@@ -22,55 +22,97 @@ spec:
       {{- if .Values.imageCredentials.enabled }}
       imagePullSecrets:
       {{- if .Values.imageCredentials.existingSecret }}
-      - name: .Values.imageCredentials.existingSecret
+      - name: {{ .Values.imageCredentials.existingSecret }}
       {{- else }}
       - name: clearml-registry-key
       {{- end }}
       {{- end }}
-      {{- if .Values.apiserver.additionalConfigs }}
-      volumes:  
+      {{- if or .Values.apiserver.additionalConfigs .Values.apiserver.existingAdditionalConfigsConfigMap  .Values.apiserver.existingAdditionalConfigsSecret }}
+      volumes:
         - name: apiserver-config
+          {{- if or .Values.apiserver.existingAdditionalConfigsConfigMap }}
+          configMap:
+            name: {{ .Values.apiserver.existingAdditionalConfigsConfigMap }}
+          {{- else if or .Values.apiserver.existingAdditionalConfigsSecret }}
+          secret:
+            secretName: {{ .Values.apiserver.existingAdditionalConfigsSecret }}
+          {{- else if or .Values.apiserver.additionalConfigs }}
           configMap:
             name: "{{ include "apiserver.referenceName" . }}-configmap"
+          {{- end }}
       {{- end }}
+      securityContext: {{ toYaml .Values.apiserver.podSecurityContext | nindent 8 }}
       initContainers:
         - name: init-apiserver
-          image: "{{ .Values.apiserver.image.repository }}:{{ .Values.apiserver.image.tag | default .Chart.AppVersion }}"
+          {{- if .Values.enterpriseFeatures.enabled }}
+          image: "{{ .Values.apiserver.image.repository }}:{{ .Values.enterpriseFeatures.apiserverImageTagOverride }}"
+          {{- else }}
+          image: "{{ .Values.apiserver.image.repository }}:{{ .Values.apiserver.image.tag }}"
+          {{- end }}
           command:
             - /bin/sh
             - -c
             - >
               set -x;
+              {{- if .Values.elasticsearch.enabled }}
               while [ $(curl -sw '%{http_code}' "http://{{ include "elasticsearch.servicename" . }}:{{ include "elasticsearch.serviceport" . }}/_cluster/health" -o /dev/null) -ne 200 ] ; do
                 echo "waiting for elasticsearch" ;
                 sleep 5 ;
-              done
+              done ;
+              {{- end }}
+              {{- if .Values.mongodb.enabled }}
+              while [ $(curl --telnet-option BOGUS --connect-timeout 2 -s "telnet://{{ .Release.Name }}-mongodb:27017" -o /dev/null; echo $?) -ne 49 ] ; do
+                echo "waiting for mongodb" ;
+                sleep 5 ;
+              done ;
+              {{- end }}
+              {{- if .Values.redis.enabled }}
+              while [ $(curl --telnet-option BOGUS --connect-timeout 2 -s "telnet://{{ include "redis.servicename" . }}:{{ include "redis.serviceport" . }}" -o /dev/null; echo $?) -ne 49 ] ; do
+                echo "waiting for redis" ;
+                sleep 5 ;
+              done ;
+              {{- end }}
       containers:
         - name: clearml-apiserver
-          image: "{{ .Values.apiserver.image.repository }}:{{ .Values.apiserver.image.tag | default .Chart.AppVersion }}"
+          {{- if .Values.enterpriseFeatures.enabled }}
+          image: "{{ .Values.apiserver.image.repository }}:{{ .Values.enterpriseFeatures.apiserverImageTagOverride }}"
+          {{- else }}
+          image: "{{ .Values.apiserver.image.repository }}:{{ .Values.apiserver.image.tag }}"
+          {{- end }}
           imagePullPolicy: {{ .Values.apiserver.image.pullPolicy }}
           ports:
             - name: http
               containerPort: 8008
               protocol: TCP
           env:
-          - name: CLEARML_ELASTIC_SERVICE_HOST
-            value: {{ include "elasticsearch.servicename" . }}
-          - name: CLEARML_ELASTIC_SERVICE_PORT
-            value: "{{ include "elasticsearch.serviceport" . }}"
+          - name: CLEARML__HOSTS__ELASTIC__WORKERS__HOSTS
+            value: {{ include "elasticsearch.connectionstring" . }}
+          - name: CLEARML__HOSTS__ELASTIC__EVENTS__HOSTS
+            value: {{ include "elasticsearch.connectionstring" . }}
+          - name: CLEARML__HOSTS__ELASTIC__DATASETS__HOSTS
+            value: {{ include "elasticsearch.connectionstring" . }}
+          - name: CLEARML__HOSTS__ELASTIC__LOGS__HOSTS
+            value: {{ include "elasticsearch.connectionstring" . }}
+          {{- if .Values.mongodb.enabled }}
           - name: CLEARML_MONGODB_SERVICE_CONNECTION_STRING
             value: {{ include "mongodb.connectionstring" . | quote }}
+          {{- else }}
+          - name: CLEARML__HOSTS__MONGO__BACKEND__HOST
+            value: {{ .Values.externalServices.mongodbConnectionStringBackend | quote }}
+          - name: CLEARML__HOSTS__MONGO__AUTH__HOST
+            value: {{ .Values.externalServices.mongodbConnectionStringAuth | quote }}
+          {{- end }}
           - name: CLEARML_REDIS_SERVICE_HOST
             value: {{ include "redis.servicename" . }}
           - name: CLEARML_REDIS_SERVICE_PORT
             value: "{{ include "redis.serviceport" . }}"
           - name: CLEARML_CONFIG_PATH
-            value: /opt/clearml/config/default
-          - name: CLEARML__apiserver__default_company
+            value: /opt/clearml/config
+          - name: CLEARML__apiserver__default_company_name
             value: "{{ .Values.clearml.defaultCompany }}"
-          {{- if not (eq .Values.clearml.cookieDomain "") }}
           - name: CLEARML__APISERVER__AUTH__SESSION_AUTH_COOKIE_NAME
             value: {{ .Values.clearml.cookieName }}
+          {{- if .Values.clearml.cookieDomain }}
           - name: CLEARML__APISERVER__AUTH__COOKIES__DOMAIN
             value: ".{{ .Values.clearml.cookieDomain }}"
           {{- end }}
@@ -84,26 +126,6 @@ spec:
               secretKeyRef:
                 name: clearml-conf
                 key: apiserver_secret
-          - name: CLEARML__secure__credentials__fileserver__user_key
-            valueFrom:
-              secretKeyRef:
-                name: clearml-conf
-                key: fileserver_key
-          - name: CLEARML__secure__credentials__fileserver__user_secret
-            valueFrom:
-              secretKeyRef:
-                name: clearml-conf
-                key: fileserver_secret
-          - name: CLEARML__secure__applications__agents_credentials__apps_agent__user_key
-            valueFrom:
-              secretKeyRef:
-                name: clearml-conf
-                key: apps_agent_key
-          - name: CLEARML__secure__applications__agents_credentials__apps_agent__user_secret
-            valueFrom:
-              secretKeyRef:
-                name: clearml-conf
-                key: apps_agent_secret
           - name: CLEARML__secure__auth__token_secret
             valueFrom:
               secretKeyRef:
@@ -120,8 +142,6 @@ spec:
             value: "{{ .Values.enterpriseFeatures.defaultCompanyGuid }}"
           - name: APPLY_ES_MAPPINGS
             value: "false"
-          - name: CLEARML__HOSTS__ELASTIC__LOGS__HOSTS
-            value: "[\"http://{{ include "elasticsearch.servicename" . }}:{{ include "elasticsearch.serviceport" . }}\"]"
           - name: NUMBER_OF_GUNICORN_WORKERS
             value: "{{ .Values.apiserver.processes.count }}"
           - name: GUNICORN_TIMEOUT
@@ -158,8 +178,28 @@ spec:
             value: {{ .Values.apiserver.indexShards | quote }}
           - name: CLEARML__APISERVER__LOG_CALLS
             value: "false"
-          - name: CLEARML_ENV
+          - name: ALLEGRO_ENV
             value: "onprem_k8s"
+          - name: CLEARML__secure__credentials__fileserver__user_key
+            valueFrom:
+              secretKeyRef:
+                name: clearml-conf
+                key: fileserver_key
+          - name: CLEARML__secure__credentials__fileserver__user_secret
+            valueFrom:
+              secretKeyRef:
+                name: clearml-conf
+                key: fileserver_secret
+          - name: CLEARML__secure__applications__agents_credentials__apps_agent__user_key
+            valueFrom:
+              secretKeyRef:
+                name: clearml-conf
+                key: apps_agent_key
+          - name: CLEARML__secure__applications__agents_credentials__apps_agent__user_secret
+            valueFrom:
+              secretKeyRef:
+                name: clearml-conf
+                key: apps_agent_secret
           {{- else }}
           - name: CLEARML__SECURE__CREDENTIALS__TESTS__USER_KEY
             valueFrom:
@@ -199,10 +239,14 @@ spec:
               httpHeaders:
                 - name: Authorization
                   value: Basic {{ include "readinessProbeAuth" . }}
-          {{- if .Values.apiserver.additionalConfigs }}
+          {{- if or .Values.apiserver.additionalConfigs .Values.apiserver.existingAdditionalConfigsConfigMap  .Values.apiserver.existingAdditionalConfigsSecret }}
           volumeMounts:  
             - name: apiserver-config
+              {{- if .Values.enterpriseFeatures.enabled }}
               mountPath: /opt/clearml/config/default
+              {{- else }}
+              mountPath: /opt/clearml/config
+              {{- end }}
           {{- end }}
           resources:
             {{- toYaml .Values.apiserver.resources | nindent 12 }}

charts/clearml/templates/apiserver-ingress.yaml

@@ -20,6 +20,9 @@ metadata:
     {{- toYaml $annotations | nindent 4 }}
 
 spec:
+  {{- if .Values.apiserver.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.apiserver.ingress.ingressClassName }}
+  {{- end }}
   {{- if .Values.apiserver.ingress.tlsSecretName }}
   tls:
     - hosts:

charts/clearml/templates/apps-configmap.yaml

@@ -0,0 +1,32 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "clearml.name" . }}-apps-pt
+data:
+  template.yaml: |
+    apps_queue:
+      apiVersion: v1
+      metadata:
+        namespace: {{ $.Release.Namespace }}
+      spec:
+        {{- if $.Values.imageCredentials.enabled }}
+        imagePullSecrets:
+        {{- if $.Values.imageCredentials.existingSecret }}
+          - name: {{ $.Values.imageCredentials.existingSecret }}
+        {{- else }}
+          - name: clearml-registry-key
+        {{- end }}
+        {{- end }}
+        serviceAccountName: "clearml-apps-sa"
+        containers:
+        - resources:
+          ports:
+            - containerPort: 10022
+          volumeMounts:
+          env:
+          - name: CLEARML_API_HOST
+            value: "http://{{ include "apiserver.referenceName" . }}:{{ .Values.apiserver.service.port }}"
+          - name: CLEARML_FILES_HOST
+            value: "http://{{ include "fileserver.referenceName" . }}:{{ .Values.fileserver.service.port }}"
+          - name: CLEARML_WEB_HOST
+            value: "http://{{ include "webserver.referenceName" . }}:{{ .Values.webserver.service.port }}"

charts/clearml/templates/apps-deployment.yaml

@@ -23,13 +23,16 @@ spec:
       {{- if .Values.imageCredentials.enabled }}
       imagePullSecrets:
       {{- if .Values.imageCredentials.existingSecret }}
-      - name: .Values.imageCredentials.existingSecret
+      - name: {{ .Values.imageCredentials.existingSecret }}
       {{- else }}
       - name: clearml-registry-key
       {{- end }}
       {{- end }}
+      volumes:
+        - name: {{ include "clearml.name" . }}-apps-pt
+          configMap:
+            name: {{ include "clearml.name" . }}-apps-pt
       {{- if .Values.enterpriseFeatures.clearmlApplications.additionalConfigs }}
-      volumes:  
         - name: apps-config
           configMap:
             name: "{{ include "clearmlApplications.referenceName" . }}-configmap"
@@ -68,8 +71,9 @@ spec:
             value: "apps-agent-1"
           - name: CLEARML_NO_DEFAULT_SERVER
             value: "true"
-          - name: CLEARML_AGENT_DAEMON_OPTIONS
-            value: "--foreground --create-queue --use-owner-token --child-report-tags application --services-mode=5"
+          - name: K8S_GLUE_EXTRA_ARGS
+            value: "--namespace {{ .Release.Namespace }} --template-yaml /root/template/template.yaml \
+                    --child-report-tags application --max-pods 5 --use-owner-token"
           - name: K8S_GLUE_QUEUE
             value: "apps_queue"
           - name: CLEARML_AGENT_DISABLE_SSH_MOUNT
@@ -97,8 +101,10 @@ spec:
           {{- if .Values.enterpriseFeatures.clearmlApplications.extraEnvs }}
           {{ toYaml .Values.enterpriseFeatures.clearmlApplications.extraEnvs | nindent 10 }}
           {{- end }}
+          volumeMounts:
+          - name: {{ include "clearml.name" . }}-apps-pt
+            mountPath: /root/template
           {{- if .Values.enterpriseFeatures.clearmlApplications.additionalConfigs }}
-          volumeMounts:  
             - name: apps-config
               mountPath: /opt/clearml/config/default
           {{- end }}

charts/clearml/templates/apps-rbac.yaml

@@ -7,31 +7,6 @@ metadata:
   namespace: {{ .Release.Namespace }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: {{ include "clearmlApplications.referenceName" . }}-kpa
-rules:
-  - apiGroups:
-      - ""
-    resources:
-      - pods
-    verbs: ["get", "list", "watch", "create", "patch", "delete"]
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: {{ include "clearmlApplications.referenceName" . }}-kpa
-subjects:
-  - kind: ServiceAccount
-    name: "clearml-apps-sa"
-    namespace: {{ .Release.Namespace }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: {{ include "clearmlApplications.referenceName" . }}-kpa
-{{- else }}
----
-apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
   name: {{ include "clearmlApplications.referenceName" . }}-kpa

charts/clearml/templates/fileserver-deployment.yaml

@@ -22,18 +22,34 @@ spec:
       {{- if .Values.imageCredentials.enabled }}
       imagePullSecrets:
       {{- if .Values.imageCredentials.existingSecret }}
-      - name: .Values.imageCredentials.existingSecret
+      - name: {{ .Values.imageCredentials.existingSecret }}
       {{- else }}
       - name: clearml-registry-key
       {{- end }}
       {{- end }}
       volumes:
+        {{- if .Values.fileserver.storage.enabled }}
+        {{- if .Values.fileserver.storage.data.existingPVC }}
+        - name: fileserver-data
+          persistentVolumeClaim:
+            claimName: {{ .Values.fileserver.storage.data.existingPVC | quote }}
+        {{- else }}
         - name: fileserver-data
           persistentVolumeClaim:
             claimName: {{ include "fileserver.referenceName" . }}-data
+        {{- end }}
+        {{- else }}
+        - name: fileserver-data
+          emptyDir: {}
+        {{- end }}
+      securityContext: {{ toYaml .Values.fileserver.podSecurityContext | nindent 8 }}
       initContainers:
           - name: init-fileserver
-            image: "{{ .Values.fileserver.image.repository }}:{{ .Values.fileserver.image.tag | default .Chart.AppVersion }}"
+            {{- if .Values.enterpriseFeatures.enabled }}
+            image: "{{ .Values.fileserver.image.repository }}:{{ .Values.enterpriseFeatures.fileserverImageTagOverride }}"
+            {{- else }}
+            image: "{{ .Values.fileserver.image.repository }}:{{ .Values.fileserver.image.tag }}"
+            {{- end }}
             command:
               - /bin/sh
               - -c
@@ -45,7 +61,11 @@ spec:
                 done
       containers:
         - name: clearml-fileserver
-          image: "{{ .Values.fileserver.image.repository }}:{{ .Values.fileserver.image.tag | default .Chart.AppVersion }}"
+          {{- if .Values.enterpriseFeatures.enabled }}
+          image: "{{ .Values.fileserver.image.repository }}:{{ .Values.enterpriseFeatures.fileserverImageTagOverride }}"
+          {{- else }}
+          image: "{{ .Values.fileserver.image.repository }}:{{ .Values.fileserver.image.tag }}"
+          {{- end }}
           imagePullPolicy: {{ .Values.fileserver.image.pullPolicy }}
           ports:
             - name: http

charts/clearml/templates/fileserver-ingress.yaml

@@ -19,6 +19,9 @@ metadata:
   annotations:
     {{- toYaml $annotations | nindent 4 }}
 spec:
+  {{- if .Values.fileserver.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.fileserver.ingress.ingressClassName }}
+  {{- end }}
   {{- if .Values.fileserver.ingress.tlsSecretName }}
   tls:
     - hosts:

charts/clearml/templates/fileserver-pvc.yaml

@@ -1,4 +1,6 @@
 {{- if .Values.fileserver.enabled }}
+{{- if .Values.fileserver.storage.enabled }}
+{{- if not .Values.fileserver.storage.data.existingPVC }}
 kind: PersistentVolumeClaim
 apiVersion: v1
 metadata:
@@ -11,7 +13,9 @@ spec:
   resources:
     requests:
       storage: {{ .Values.fileserver.storage.data.size | quote }}
-  {{- if .Values.fileserver.storage.data.class -}}
+  {{- if .Values.fileserver.storage.data.class }}
   storageClassName: {{ .Values.fileserver.storage.data.class | quote }}
   {{- end -}}
 {{- end }}
+{{- end }}
+{{- end }}

charts/clearml/templates/webserver-configmap.yaml

@@ -17,7 +17,7 @@ data:
       },
       "docsLink": "https://clear.ml/docs/",
       "applicationsBackground": "ui-assets/apps-message.svg"
-      {{- if and .Values.webserver.overrideReferenceApiUrl .Values.enterpriseFeatures.overrideReferenceFileUrl }}
+      {{- if and .Values.enterpriseFeatures.overrideReferenceApiUrl .Values.enterpriseFeatures.overrideReferenceFileUrl }}
       ,
       "fileBaseUrl": "{{ .Values.enterpriseFeatures.overrideReferenceFileUrl }}",
       "apiBaseUrl": "{{ .Values.enterpriseFeatures.overrideReferenceApiUrl }}"

charts/clearml/templates/webserver-deployment.yaml

@@ -22,7 +22,7 @@ spec:
       {{- if .Values.imageCredentials.enabled }}
       imagePullSecrets:
       {{- if .Values.imageCredentials.existingSecret }}
-      - name: .Values.imageCredentials.existingSecret
+      - name: {{ .Values.imageCredentials.existingSecret }}
       {{- else }}
       - name: clearml-registry-key
       {{- end }}
@@ -35,6 +35,7 @@ spec:
         - name: documentation
           emptyDir: {}
         {{- end }}
+      securityContext: {{ toYaml .Values.webserver.podSecurityContext | nindent 8 }}
       initContainers:
         {{- if .Values.enterpriseFeatures.airGappedDocumentation.enabled }}
         - name: init-airgap-docs
@@ -52,7 +53,11 @@ spec:
             {{- end }}
         {{- end }}
         - name: init-webserver
-          image: "{{ .Values.webserver.image.repository }}:{{ .Values.webserver.image.tag | default .Chart.AppVersion }}"
+          {{- if .Values.enterpriseFeatures.enabled }}
+          image: "{{ .Values.webserver.image.repository }}:{{ .Values.enterpriseFeatures.webserverImageTagOverride }}"
+          {{- else }}
+          image: "{{ .Values.webserver.image.repository }}:{{ .Values.webserver.image.tag }}"
+          {{- end }}
           command:
             - /bin/sh
             - -c
@@ -64,7 +69,11 @@ spec:
               done
       containers:
         - name: clearml-webserver
-          image: "{{ .Values.webserver.image.repository }}:{{ .Values.webserver.image.tag | default .Chart.AppVersion }}"
+          {{- if .Values.enterpriseFeatures.enabled }}
+          image: "{{ .Values.webserver.image.repository }}:{{ .Values.enterpriseFeatures.webserverImageTagOverride }}"
+          {{- else }}
+          image: "{{ .Values.webserver.image.repository }}:{{ .Values.webserver.image.tag }}"
+          {{- end }}
           imagePullPolicy: {{ .Values.webserver.image.pullPolicy }}
           ports:
             - name: http

charts/clearml/templates/webserver-ingress.yaml

@@ -19,6 +19,9 @@ metadata:
   annotations:
     {{- toYaml $annotations | nindent 4 }}
 spec:
+  {{- if .Values.webserver.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.webserver.ingress.ingressClassName }}
+  {{- end }}
   {{- if .Values.webserver.ingress.tlsSecretName }}
   tls:
     - hosts:

charts/clearml/values-production.yaml

@@ -16,6 +16,28 @@ webserver:
   ingress:
     enabled: true
     hostName: "app.clearml.127-0-0-1.nip.io"
+redis:
+  master:
+    name: "{{ .Release.Name }}-redis"
+    persistence:
+      enabled: true
+      accessModes:
+        - ReadWriteOnce
+      size: 5Gi
+      ## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner
+      storageClass: null
+  slave:
+    persistence:
+      enabled: true
+      accessModes:
+        - ReadWriteOnce
+      size: 5Gi
+      ## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner
+      storageClass: null
+  cluster:
+    enabled: true
+  sentinel:
+    enabled: true
 mongodb:
   enabled: true
   architecture: replicaset

charts/clearml/values.yaml

@@ -54,7 +54,7 @@ apiserver:
   image:
     repository: "allegroai/clearml"
     pullPolicy: IfNotPresent
-    tag: "1.9.1-312"
+    tag: "1.9.2-317"
   # -- Api Server internal service configuration
   service:
     type: NodePort
@@ -68,6 +68,8 @@ apiserver:
   ingress:
     # -- Enable/Disable ingress
     enabled: false
+    # -- ClassName (must be defined if no default ingressClassName is available)
+    ingressClassName: ""
     # -- Ingress hostname domain
     hostName: "api.clearml.127-0-0-1.nip.io"
     # -- Reference to secret containing TLS certificate. If set, it enables HTTPS on ingress rule.
@@ -109,7 +111,15 @@ apiserver:
   tolerations: []
   # -- Api Server affinity setup
   affinity: {}
-  # -- files declared in this parameter will be mounted and read by apiserver (examples in values.yaml)
+  # -- Api Server pod security context
+  securityContext: {}
+  #   runAsUser: 1001
+  #   fsGroup: 1001
+  # -- reference for files declared in existing ConfigMap will be mounted and read by apiserver (examples in values.yaml)
+  existingAdditionalConfigsConfigMap: ""
+  # -- reference for files declared in existing Secret will be mounted and read by apiserver (examples in values.yaml) if not overridden by existingAdditionalConfigsConfigMap
+  existingAdditionalConfigsSecret: ""
+  # -- files declared in this parameter will be mounted and read by apiserver (examples in values.yaml) if not overridden by existingAdditionalConfigsSecret
   additionalConfigs: {}
   #   services.conf: |
   #     tasks {
@@ -148,7 +158,7 @@ fileserver:
   image:
     repository: "allegroai/clearml"
     pullPolicy: IfNotPresent
-    tag: "1.9.1-312"
+    tag: "1.9.2-317"
   # -- File Server internal service configuration
   service:
     type: NodePort
@@ -162,6 +172,8 @@ fileserver:
   ingress:
     # -- Enable/Disable ingress
     enabled: false
+    # -- ClassName (must be defined if no default ingressClassName is available)
+    ingressClassName: ""
     # -- Ingress hostname domain
     hostName: "files.clearml.127-0-0-1.nip.io"
     # -- Reference to secret containing TLS certificate. If set, it enables HTTPS on ingress rule.
@@ -189,9 +201,17 @@ fileserver:
   tolerations: []
   # -- File Server affinity setup
   affinity: {}
+  # -- File Server pod security context
+  securityContext: {}
+  #   runAsUser: 1001
+  #   fsGroup: 1001
   # -- File server persistence settings
   storage:
+    # -- If set to false no PVC is created and emptyDir is used
+    enabled: true
     data:
+      # -- If set, it uses an already existing PVC instead of dynamic provisioning
+      existingPVC: ""
       # -- Storage class (use default if empty)
       class: ""
       # -- Access mode (must be ReadWriteMany if fileserver replica > 1)
@@ -206,7 +226,7 @@ webserver:
   image:
     repository: "allegroai/clearml"
     pullPolicy: IfNotPresent
-    tag: "1.9.1-312"
+    tag: "1.9.2-317"
   # -- Web Server internal service configuration
   service:
     type: NodePort
@@ -220,6 +240,8 @@ webserver:
   ingress:
     # -- Enable/Disable ingress
     enabled: false
+    # -- ClassName (must be defined if no default ingressClassName is available)
+    ingressClassName: ""
     # -- Ingress hostname domain
     hostName: "app.clearml.127-0-0-1.nip.io"
     # -- Reference to secret containing TLS certificate. If set, it enables HTTPS on ingress rule.
@@ -247,17 +269,22 @@ webserver:
   tolerations: []
   # -- Web Server affinity setup
   affinity: {}
+  # -- Web Server pod security context
+  podSecurityContext: {}
+  #   runAsUser: 1001
+  #   fsGroup: 1001
   # -- Additional specific webserver configurations
   additionalConfigs: {}
 
 # -- Definition of external services to use if not enabled as dependency charts here
 externalServices:
-  # -- Existing ElasticSearch Hostname to use if elasticsearch.enabled is false
-  elasticsearchHost: ""
-  # -- Existing ElasticSearch Port to use if elasticsearch.enabled is false
-  elasticsearchPort: 9200
-  # -- Existing MongoDB connection string to use if mongodb.enabled is false
-  mongodbConnectionString: ""
+  # -- Existing ElasticSearch connectionstring if elasticsearch.enabled is false (example in values.yaml)
+  elasticsearchConnectionString: ""
+  #    [{"host":"hostname1","port":9200},{"host":"hostname2","port":9200},{"host":"hostname3","port":9200}]
+  # -- Existing MongoDB connection string for BACKEND to use if mongodb.enabled is false
+  mongodbConnectionStringAuth: ""
+  # -- Existing MongoDB connection string for AUTH to use if mongodb.enabled is false
+  mongodbConnectionStringBackend: ""
   # -- Existing Redis Hostname to use if redis.enabled is false
   redisHost: ""
   # -- Existing Redis Port to use if redis.enabled is false
@@ -357,6 +384,12 @@ enterpriseFeatures:
   enabled: false
   # -- Company ID
   defaultCompanyGuid: "d1bd92a3b039400cbafc60a7a5b1e52b"
+  # -- Image tag override for apiserver enterprise version
+  apiserverImageTagOverride: "3.15.3-909"
+  # -- Image tag override for fileserver enterprise version
+  fileserverImageTagOverride: "3.15.3-909"
+  # -- Image tag override for webserver enterprise version
+  webserverImageTagOverride: "3.15.3-801"
   # -- Air gapped documentation  configurations
   airGappedDocumentation:
     # -- Enable/Disable air gapped documentation deployment
@@ -364,7 +397,7 @@ enterpriseFeatures:
     # -- Air gapped documentation image configuration
     image:
       repository: ""
-      tag: ""
+      tag: "4"
   # -- set this value AND overrideReferenceFileUrl if external endpoint exposure is in place (like a LoadBalancer)
   # example: "https://api.clearml.local"
   overrideReferenceApiUrl: ""
@@ -389,11 +422,11 @@ enterpriseFeatures:
     image:
       repository: ""
       pullPolicy: IfNotPresent
-      tag: ""
+      tag: "1.24-58"
     # -- APPS base spawning pods image
     basePodImage:
       repository: ""
-      tag: ""
+      tag: "app-1.1.1-47"
     # -- APPS number of pods
     replicaCount: 1
     # -- APPS extra envrinoment variables

platform-specific-configs/openshift/README.md

@@ -0,0 +1,3 @@
+# Openshift specific configuration
+
+Use override files when deploying ClearML. Proposed files in this folder require setup of `<USER>` and `<FSUSER>` values to uids accepted by specific openshift configuration.

platform-specific-configs/openshift/values-clearml-agent.yaml

@@ -0,0 +1,7 @@
+agentk8sglue:
+  securityContext:
+    fsGroup: <FSUSER>
+    runAsUser: <USER>
+  basePodTemplate:
+    securityContext:
+      runAsUser: 0

platform-specific-configs/openshift/values-clearml.yaml

@@ -0,0 +1,36 @@
+apiserver:
+  securityContext:
+    fsGroup: <FSUSER>
+    runAsUser: <USER>
+    runAsNonRoot: true
+fileserver:
+  securityContext:
+    fsGroup: <FSUSER>
+    runAsUser: <USER>
+    runAsNonRoot: true
+webserver:
+  securityContext:
+    fsGroup: <FSUSER>
+    runAsUser: <USER>
+    runAsNonRoot: true
+elasticsearch:
+  securityContext:
+    runAsUser: <USER>
+  podSecurityContext:
+    fsGroup: <FSUSER>
+    runAsUser: <USER>    
+  sysctlInitContainer:
+    enabled: false
+  volumeClaimTemplate:
+redis:
+  securityContext:
+    fsGroup: <FSUSER>
+    runAsUser: <USER>
+mongodb:
+  podSecurityContext:
+    enabled: true
+    fsGroup: <FSUSER>
+  containerSecurityContext:
+    enabled: true
+    runAsUser: <USER>
+    runAsNonRoot: true

platform-specific-configs/tanzu/README.md

@@ -0,0 +1,3 @@
+# Tanzu specific configuration
+
+Before installing any ClearML chart, apply `rolebinding.yaml` file after setting needed `<NAMESPACE>` in it.

platform-specific-configs/tanzu/rolebinding.yaml

@@ -2,7 +2,7 @@ kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: clearml-tanzu-rolebinding
-  namespace: clearml
+  namespace: <NAMESPACE>
 roleRef:
   kind: ClusterRole
   name: psp:vmware-system-privileged