mirror of
synced 2025-03-03 18:52:27 +00:00
* Changed: update dependency charts * Changed: update values for dependencies * Added: major release update instructions * Changed: version update * Added: dep repos * Changed: improved securityContexts * Added: security context for enterprise apps * Changed: agent split securityContexts * Added: custom start scripts for apps * Fixed: missing description * Changed: updated images * Added: non-privileged/non-root configs * Fixed: title level * CHanged: changelog update * Added: global registry setting * Added: services annotations * Fixed: non-root enterprise reference
488 lines
16 KiB
488 lines
16 KiB
# -- Global parameters section
# -- Images registry
imageRegistry: "docker.io"
# -- Container registry configuration
# -- Use private authentication mode
enabled: false
# -- If this is set, chart will not generate a secret but will use what is defined here
existingSecret: ""
# -- Registry name
registry: docker.io
# -- Registry username
username: someone
# -- Registry password
password: pwd
# -- Email
email: someone@host.com
# -- ClearMl generic configurations
# -- Name fo the UI cookie
cookieName: "clearml-token-k8s"
# -- Cookie domain to be left empty if not exposed with an ingress
cookieDomain: ""
# -- Company name
defaultCompany: "d1bd92a3b039400cbafc60a7a5b1e52b"
# -- Api Server basic auth key
apiserverKey: GGS9F4M6XB2DXJ5AFT9F
# -- Api Server basic auth secret
apiserverSecret: 2oGujVFhPfaozhpuz2GzQfA5OyxmMsR3WVJpsCR5hrgHFs20PO
# -- File Server basic auth key
fileserverKey: XXCRJ123CEE2KSQ068WO
# -- File Server basic auth secret
fileserverSecret: YIy8EVAC7QCT4FtgitxAQGyW7xRHDZ4jpYlTE7HKiscpORl1hG
# -- Readiness probe basic auth key
readinessprobeKey: GK4PRTVT3706T25K6BA1
# -- Readiness probe basic auth secret
readinessprobeSecret: ymLh1ok5k5xNUQfS944Xdx9xjf0wueokqKM2dMZfHuH9ayItG2
# -- Secure Auth secret
secureAuthTokenSecret: ymLh1ok5k5xNUQfS944Xdx9xjf0wueokqKM2dMZfHuH9ayItG2
# -- Test Server basic auth key
testUserKey: "ENP39EQM4SLACGD5FXB7"
# -- Test File Server basic auth secret
testUserSecret: "lPcm0imbcBZ8mwgO7tpadutiS3gnJD05x9j7afwXPS35IKbpiQ"
# -- Override the API Urls displayed when showing an example of the SDK's clearml.conf configuration
clientConfigurationApiUrl: ""
# -- Override the Files Urls displayed when showing an example of the SDK's clearml.conf configuration
clientConfigurationFilesUrl: ""
# -- Api Server configurations
# -- Enable/Disable component deployment
enabled: true
# -- Enable/Disable example data load
prepopulateEnabled: true
# -- Api Server image configuration
registry: ""
repository: "allegroai/clearml"
pullPolicy: IfNotPresent
tag: "1.9.2-317"
# -- Api Server internal service configuration
# -- specific annotation for Api Server service
annotations: {}
type: NodePort
port: 8008
# -- If service.type set to NodePort, this will be set to service's nodePort field.
# If service.type is set to others, this field will be ignored
nodePort: 30008
# -- Api Server number of pods
replicaCount: 1
# -- Ingress configuration for Api Server component
# -- Enable/Disable ingress
enabled: false
# -- ClassName (must be defined if no default ingressClassName is available)
ingressClassName: ""
# -- Ingress hostname domain
hostName: "api.clearml.127-0-0-1.nip.io"
# -- Reference to secret containing TLS certificate. If set, it enables HTTPS on ingress rule.
tlsSecretName: ""
# -- Ingress annotations
annotations: {}
# -- Ingress root path url
path: "/"
# -- Api Server internal processes configuration
# -- Api Server internal listing processes
count: 8
# -- Api timeout (ms)
timeout: 24000
# -- Api Server maximum number of concurrent requests
maxRequests: 1000
# -- Api Server max jitter on api request
maxRequestsJitter: 300
# -- Api Server extra envrinoment variables
extraEnvs: []
# -- Number of additional replicas in Elasticsearch indexes
indexReplicas: 0
# -- Number of shards in Elasticsearch indexes
indexShards: 1
# -- specific annotation for Api Server pods
podAnnotations: {}
# -- Api Server resources per pod; these are minimal requirements, it's suggested to increase
# these values in production environments
cpu: 100m
memory: 256Mi
cpu: 2000m
memory: 1Gi
# -- Api Server nodeselector
nodeSelector: {}
# -- Api Server tolerations setup
tolerations: []
# -- Api Server affinity setup
affinity: {}
# -- Api Server pod security context
podSecurityContext: {}
# -- Api Server containers security context
containerSecurityContext: {}
# runAsUser: 1001
# fsGroup: 1001
# -- reference for files declared in existing ConfigMap will be mounted and read by apiserver (examples in values.yaml)
existingAdditionalConfigsConfigMap: ""
# -- reference for files declared in existing Secret will be mounted and read by apiserver (examples in values.yaml) if not overridden by existingAdditionalConfigsConfigMap
existingAdditionalConfigsSecret: ""
# -- files declared in this parameter will be mounted and read by apiserver (examples in values.yaml) if not overridden by existingAdditionalConfigsSecret
additionalConfigs: {}
# services.conf: |
# tasks {
# non_responsive_tasks_watchdog {
# # In-progress tasks that haven't been updated for at least 'value' seconds will be stopped by the watchdog
# threshold_sec: 21000
# # Watchdog will sleep for this number of seconds after each cycle
# watch_interval_sec: 900
# }
# }
# apiserver.conf: |
# auth {
# fixed_users {
# enabled: true
# pass_hashed: false
# users: [
# {
# username: "jane"
# password: "12345678"
# name: "Jane Doe"
# },
# {
# username: "john"
# password: "12345678"
# name: "John Doe"
# },
# ]
# }
# }
# -- File Server configurations
# -- Enable/Disable component deployment
enabled: true
# -- File Server image configuration
registry: ""
repository: "allegroai/clearml"
pullPolicy: IfNotPresent
tag: "1.9.2-317"
# -- File Server internal service configuration
# -- specific annotation for File Server service
annotations: {}
type: NodePort
port: 8081
# -- If service.type set to NodePort, this will be set to service's nodePort field.
# If service.type is set to others, this field will be ignored
nodePort: 30081
# -- File Server number of pods
replicaCount: 1
# -- Ingress configuration for File Server component
# -- Enable/Disable ingress
enabled: false
# -- ClassName (must be defined if no default ingressClassName is available)
ingressClassName: ""
# -- Ingress hostname domain
hostName: "files.clearml.127-0-0-1.nip.io"
# -- Reference to secret containing TLS certificate. If set, it enables HTTPS on ingress rule.
tlsSecretName: ""
# -- Ingress annotations
annotations: {}
# -- Ingress root path url
path: "/"
# -- File Server extra envrinoment variables
extraEnvs: []
# -- specific annotation for File Server pods
podAnnotations: {}
# -- File Server resources per pod; these are minimal requirements, it's suggested to increase
# these values in production environments
cpu: 100m
memory: 256Mi
cpu: 2000m
memory: 1Gi
# -- File Server nodeselector
nodeSelector: {}
# -- File Server tolerations setup
tolerations: []
# -- File Server affinity setup
affinity: {}
# -- File Server pod security context
podSecurityContext: {}
# -- File Server containers security context
containerSecurityContext: {}
# runAsUser: 1001
# fsGroup: 1001
# -- File server persistence settings
# -- If set to false no PVC is created and emptyDir is used
enabled: true
# -- If set, it uses an already existing PVC instead of dynamic provisioning
existingPVC: ""
# -- Storage class (use default if empty)
class: ""
# -- Access mode (must be ReadWriteMany if fileserver replica > 1)
accessMode: ReadWriteOnce
size: 50Gi
# -- Web Server configurations
# -- Enable/Disable component deployment
enabled: true
# -- Web Server image configuration
registry: ""
repository: "allegroai/clearml"
pullPolicy: IfNotPresent
tag: "1.9.2-317"
# -- Web Server internal service configuration
# -- specific annotation for Web Server service
annotations: {}
type: NodePort
port: 8080
# -- If service.type set to NodePort, this will be set to service's nodePort field.
# If service.type is set to others, this field will be ignored
nodePort: 30080
# -- Web Server number of pods
replicaCount: 1
# -- Ingress configuration for Web Server component
# -- Enable/Disable ingress
enabled: false
# -- ClassName (must be defined if no default ingressClassName is available)
ingressClassName: ""
# -- Ingress hostname domain
hostName: "app.clearml.127-0-0-1.nip.io"
# -- Reference to secret containing TLS certificate. If set, it enables HTTPS on ingress rule.
tlsSecretName: ""
# -- Ingress annotations
annotations: {}
# -- Ingress root path url
path: "/"
# -- Web Server extra envrinoment variables
extraEnvs: []
# -- specific annotation for Web Server pods
podAnnotations: {}
# -- Web Server resources per pod; these are minimal requirements, it's suggested to increase
# these values in production environments
cpu: 100m
memory: 256Mi
cpu: 2000m
memory: 1Gi
# -- Web Server nodeselector
nodeSelector: {}
# -- Web Server tolerations setup
tolerations: []
# -- Web Server affinity setup
affinity: {}
# -- Web Server pod security context
podSecurityContext: {}
# -- Web Server containers security context
containerSecurityContext: {}
# runAsUser: 1001
# fsGroup: 1001
# -- Additional specific webserver configurations
additionalConfigs: {}
# -- Definition of external services to use if not enabled as dependency charts here
# -- Existing ElasticSearch connectionstring if elasticsearch.enabled is false (example in values.yaml)
elasticsearchConnectionString: ""
# [{"host":"hostname1","port":9200},{"host":"hostname2","port":9200},{"host":"hostname3","port":9200}]
# -- Existing MongoDB connection string for BACKEND to use if mongodb.enabled is false
mongodbConnectionStringAuth: ""
# -- Existing MongoDB connection string for AUTH to use if mongodb.enabled is false
mongodbConnectionStringBackend: ""
# -- Existing Redis Hostname to use if redis.enabled is false
redisHost: ""
# -- Existing Redis Port to use if redis.enabled is false
redisPort: 6379
# -- Configuration from https://github.com/bitnami/charts/blob/master/bitnami/redis/values.yaml
enabled: true
enabled: false
databaseNumber: 0
name: "{{ .Release.Name }}-redis-master"
port: 6379
enabled: true
- ReadWriteOnce
size: 5Gi
## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner
storageClass: null
architecture: standalone
# -- Configuration from https://github.com/bitnami/charts/blob/master/bitnami/mongodb/values.yaml
enabled: true
architecture: standalone
enabled: false
replicaCount: 1
enabled: true
- ReadWriteOnce
size: 50Gi
## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner
storageClass: null
# -- Configuration from https://github.com/elastic/helm-charts/blob/7.16/elasticsearch/values.yaml
enabled: true
httpPort: 9200
master: "true"
ingest: "true"
data: "true"
remote_cluster_client: "true"
replicas: 1
# Readiness probe hack for a single-node cluster (where status will never be green). Should be removed if using replicas > 1
clusterHealthCheckParams: "wait_for_status=yellow&timeout=1s"
minimumMasterNodes: 1
clusterName: clearml-elastic
esJavaOpts: "-Xmx2g -Xms2g"
- name: bootstrap.memory_lock
value: "false"
- name: cluster.routing.allocation.node_initial_primaries_recoveries
value: "500"
- name: cluster.routing.allocation.disk.watermark.low
value: 500mb
- name: cluster.routing.allocation.disk.watermark.high
value: 500mb
- name: cluster.routing.allocation.disk.watermark.flood_stage
value: 500mb
- name: http.compression_level
value: "7"
- name: reindex.remote.whitelist
value: '*.*'
- name: xpack.monitoring.enabled
value: "false"
- name: xpack.security.enabled
value: "false"
cpu: 100m
memory: 2Gi
cpu: 2000m
memory: 4Gi
enabled: true
accessModes: ["ReadWriteOnce"]
## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner
storageClassName: null
storage: 50Gi
elasticsearch.yml: |
xpack.security.enabled: false
# -- Enterprise features (work only with an Enterprise license)
# -- Enable/Disable Enterprise features
enabled: false
# -- Company ID
defaultCompanyGuid: "d1bd92a3b039400cbafc60a7a5b1e52b"
# -- Image tag override for apiserver enterprise version
apiserverImageTagOverride: "3.16.0-959"
# -- Image tag override for fileserver enterprise version
fileserverImageTagOverride: "3.16.0-959"
# -- Image tag override for webserver enterprise version
webserverImageTagOverride: "3.16-922"
# -- Air gapped documentation configurations
# -- Enable/Disable air gapped documentation deployment
enabled: false
# -- Air gapped documentation image configuration
registry: ""
repository: ""
tag: "4"
# -- set this value AND overrideReferenceFileUrl if external endpoint exposure is in place (like a LoadBalancer)
# example: "https://api.clearml.local"
overrideReferenceApiUrl: ""
# -- set this value AND overrideReferenceAPIUrl if external endpoint exposure is in place (like a LoadBalancer)
# example: "https://files.clearml.local"
overrideReferenceFileUrl: ""
# -- extra index URL for Enterprise packages
extraIndexUrl: ""
# -- APPS configurations
# -- Apps Server basic auth key
agentKey: GK4PRTVT3706T25K6BA1
# -- Apps Server basic auth secret
agentSecret: ymLh1ok5k5xNUQfS944Xdx9xjf0wueokqKM2dMZfHuH9ayItG2
# -- Apps Server Git user
gitAgentUser: "git_user"
# -- Apps Server Git password
gitAgentPass: "git_password"
# -- Enable/Disable component deployment
enabled: true
# -- APPS image configuration
repository: ""
pullPolicy: IfNotPresent
tag: "1.24-58"
# -- APPS base spawning pods image
repository: ""
tag: "app-1.1.1-47"
# -- APPS number of pods
replicaCount: 1
# -- APPS extra envrinoment variables
extraEnvs: []
# -- additional existing ClusterRoleBindings
additionalClusterRoleBindings: []
# - privileged
# -- additional existing RoleBindings
additionalRoleBindings: []
# - privileged
# -- Custom Bash script for the APPS Agent pod ran by Glue Agent
customBashScript: ""
# -- Custom Bash script for the APPS Task Pods ran by Glue Agent
containerCustomBashScript: ""
# -- APPS pod security context
podSecurityContext: {}
# -- APPS containers security context
containerSecurityContext: {}
# -- file definition
fileMounts: []
# -- specific annotation for APPS pods
podAnnotations: {}
# -- APPS resources per pod; these are minimal requirements, it's suggested to increase
# these values in production environments
cpu: 100m
memory: 256Mi
cpu: 2000m
memory: 1Gi
# -- APPS nodeselector
nodeSelector: {}
# -- APPS tolerations setup
tolerations: []
# -- APPS affinity setup
affinity: {}