diff --git a/charts/operator-wandb/Chart.lock b/charts/operator-wandb/Chart.lock index c0727699..5fe45c51 100644 --- a/charts/operator-wandb/Chart.lock +++ b/charts/operator-wandb/Chart.lock @@ -47,5 +47,8 @@ dependencies: - name: yace repository: file://charts/yace version: 0.1.0 -digest: sha256:c3cd39db4bfcb9f25b1e666b9786d28b5045d3337bfdd98a6d9a1be2c6b075b5 -generated: "2024-11-20T14:26:55.38318-08:00" +- name: wandb-base + repository: file://../wandb-base + version: 0.1.1 +digest: sha256:af1ce94a6c5f99cc9d9df3d10db200ab45b976fd24bd65f85d37e5a32517c5b8 +generated: "2024-12-02T09:48:06.166674-06:00" diff --git a/charts/operator-wandb/Chart.yaml b/charts/operator-wandb/Chart.yaml index 7a2ec08b..85381df5 100644 --- a/charts/operator-wandb/Chart.yaml +++ b/charts/operator-wandb/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: operator-wandb description: A Helm chart for deploying W&B to Kubernetes type: application -version: 0.19.3 +version: 0.20.0 appVersion: 1.0.0 icon: https://wandb.ai/logo.svg @@ -76,3 +76,8 @@ dependencies: version: "*.*.*" repository: file://charts/yace condition: yace.install + - name: wandb-base + alias: glue + condition: global.beta.glue.enabled + repository: file://../wandb-base + version: "*.*.*" diff --git a/charts/operator-wandb/charts/app/templates/_deployment.tpl b/charts/operator-wandb/charts/app/templates/_deployment.tpl deleted file mode 100644 index b1b7ec33..00000000 --- a/charts/operator-wandb/charts/app/templates/_deployment.tpl +++ /dev/null @@ -1,349 +0,0 @@ -{{/* -This template is used to generate the deployment for the app, and is used for both the non-glue and glue deployments. -*/}} -{{- define "app.deployment" -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "app.fullname" . }}{{ .suffix }} - labels: - {{- include "wandb.commonLabels" . | nindent 4 }} - {{- include "app.commonLabels" . | nindent 4 }} - {{- include "app.labels" . | nindent 4 }} - {{- if .Values.deployment.labels }} - {{- toYaml .Values.deployment.labels | nindent 4 }} - {{- end }} - annotations: - {{- include "wandb.deploymentAnnotations" . | nindent 4 }} - {{- if .Values.deployment.annotations }} - {{- toYaml .Values.deployment.annotations | nindent 4 }} - {{- end }} -spec: - replicas: 1 - selector: - matchLabels: - {{- include "wandb.selectorLabels" . | nindent 6 }} - {{- include "app.labels" . | nindent 6 }} - template: - metadata: - labels: - {{- include "wandb.podLabels" . | nindent 8 }} - {{- include "app.commonLabels" . | nindent 8 }} - {{- include "app.podLabels" . | nindent 8 }} - {{- include "app.labels" . | nindent 8 }} - annotations: - checksum/secret: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }} - {{- if .Values.pod.annotations }} - {{- toYaml .Values.pod.annotations | nindent 8 }} - {{- end }} - spec: - serviceAccountName: {{ include "app.serviceAccountName" . }} - {{- if .tolerations }} - tolerations: - {{- toYaml .tolerations | nindent 8 }} - {{- end }} - {{- include "wandb.nodeSelector" . | nindent 6 }} - {{- include "wandb.priorityClassName" . | nindent 6 }} - {{- include "wandb.podSecurityContext" .Values.pod.securityContext | nindent 6 }} - terminationGracePeriodSeconds: 60 - initContainers: - - name: init-db - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - env: - - name: MYSQL_PORT - value: "{{ include "wandb.mysql.port" . }}" - - name: MYSQL_HOST - value: "{{ include "wandb.mysql.host" . }}" - - name: MYSQL_DATABASE - value: "{{ include "wandb.mysql.database" . }}" - - name: MYSQL_USER - value: "{{ include "wandb.mysql.user" . }}" - - name: MYSQL_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "wandb.mysql.passwordSecret" . }} - key: {{ .Values.global.mysql.passwordSecret.passwordKey }} - command: ['bash', '-c', "until mysql -h$MYSQL_HOST -u$MYSQL_USER -p$MYSQL_PASSWORD -D$MYSQL_DATABASE -P$MYSQL_PORT --execute=\"SELECT 1\"; do echo waiting for db; sleep 2; done"] - containers: - - name: {{ .Chart.Name }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - {{- include "wandb.containerSecurityContext" .Values.container.securityContext | nindent 10 }} - volumeMounts: - {{- if ne (include "wandb.redis.caCert" .) "" }} - - name: {{ include "app.fullname" . }}-redis-ca - mountPath: /etc/ssl/certs/redis_ca.pem - subPath: redis_ca.pem - {{- end }} - {{- if .Values.global.caCertsConfigMap }} - - name: wandb-ca-certs-user - mountPath: /usr/local/share/ca-certificates/ - {{- end }} - {{- if .Values.global.customCACerts }} - {{- range $index, $v := .Values.global.customCACerts }} - - name: wandb-ca-certs - mountPath: /usr/local/share/ca-certificates/customCA{{$index}}.crt - subPath: customCA{{$index}}.crt - {{- end }} - {{- end }} - ports: - - name: http - containerPort: 8080 - protocol: TCP - - name: prometheus - containerPort: 8181 - protocol: TCP - - name: gorilla-statsd - containerPort: 8125 - protocol: TCP - env: - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - resource: limits.memory - - name: GLUE_ENABLED - value: "{{ .glueSingletonEnabled }}" - {{- if .onlyService }} - - name: ONLY_SERVICE - value: {{ .onlyService }} - {{- end }} - - name: HOST - value: "{{ .Values.global.host }}" - {{- if .Values.extraCors }} - - name: GORILLA_CORS_ORIGINS - value: "{{ join "," .Values.extraCors }}" - {{- end }} - - name: MYSQL_PORT - value: "{{ include "wandb.mysql.port" . }}" - - name: MYSQL_HOST - value: "{{ include "wandb.mysql.host" . }}" - - name: MYSQL_DATABASE - value: "{{ include "wandb.mysql.database" . }}" - - name: MYSQL_USER - value: "{{ include "wandb.mysql.user" . }}" - - name: MYSQL_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "wandb.mysql.passwordSecret" . }} - key: {{ .Values.global.mysql.passwordSecret.passwordKey }} - - name: MYSQL - value: "mysql://$(MYSQL_USER):$(MYSQL_PASSWORD)@$(MYSQL_HOST):$(MYSQL_PORT)/$(MYSQL_DATABASE)" - - name: WEAVE_SERVICE - value: "{{ .Release.Name }}-weave:9994" - - name: PARQUET_HOST - value: "http://{{ .Release.Name }}-parquet:8087" - - name: PARQUET_ENABLED - value: "true" - {{- if index .Values.global "weave-trace" "enabled" }} - - name: WEAVE_TRACES_ENABLED - value: "true" - {{- end }} - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "wandb.redis.passwordSecret" . }} - optional: true - key: {{ .Values.global.redis.secretKey }} - - name: REDIS_PORT - value: "{{ include "wandb.redis.port" . }}" - - name: REDIS_HOST - value: "{{ include "wandb.redis.host" . }}" - - name: REDIS - value: "{{ include "app.redis" . | trim }}" - - name: SLACK_CLIENT_ID - value: {{ .Values.global.slack.clientId | quote }} - - name: SLACK_SECRET - valueFrom: - secretKeyRef: - name: {{ include "app.fullname" . }}-config - key: SLACK_SECRET - optional: true - {{- if ne .Values.global.email.smtp.host "" }} - - name: GORILLA_EMAIL_SINK - value: "smtp://{{ .Values.global.email.smtp.user }}:{{ .Values.global.email.smtp.password }}@{{ .Values.global.email.smtp.host }}:{{ .Values.global.email.smtp.port }}" - {{- end }} - {{- if and .Values.global.licenseSecret.name .Values.global.licenseSecret.key }} - - name: LICENSE - valueFrom: - secretKeyRef: - name: {{ .Values.global.licenseSecret.name }} - key: {{ .Values.global.licenseSecret.key }} - optional: true - - name: GORILLA_LICENSE - valueFrom: - secretKeyRef: - name: {{ .Values.global.licenseSecret.name }} - key: {{ .Values.global.licenseSecret.key }} - optional: true - {{- else }} - - name: LICENSE - valueFrom: - secretKeyRef: - name: {{ include "app.fullname" . }}-config - key: LICENSE - optional: true - - name: GORILLA_LICENSE - valueFrom: - secretKeyRef: - name: {{ include "app.fullname" . }}-config - key: LICENSE - optional: true - {{- end }} - {{- if ne .Values.global.auth.oidc.clientId "" }} - - name: OIDC_CLIENT_ID - value: {{ .Values.global.auth.oidc.clientId }} - - name: OIDC_AUTH_METHOD - value: {{ .Values.global.auth.oidc.authMethod }} - - name: OIDC_ISSUER - value: {{ .Values.global.auth.oidc.issuer }} - - name: OIDC_CLIENT_SECRET - value: {{ .Values.global.auth.oidc.secret }} - {{- end }} - - name: GORILLA_SESSION_LENGTH - value: "{{ .Values.global.auth.sessionLengthHours }}h" - {{- if and .Values.global .Values.global.observability }} - {{- if eq (default "custom" .Values.global.observability.mode) "otel" }} - - name: GORILLA_STATSD_PORT - value: "8125" - - name: GORILLA_STATSD_HOST - value: "0.0.0.0" - {{- end }} - {{- end }} - - name: BUCKET - value: {{ include "app.bucket" . | quote}} - - name: AWS_REGION - value: {{ .Values.global.bucket.region | default .Values.global.defaultBucket.region }} - - name: AWS_S3_KMS_ID - value: "{{ .Values.global.bucket.kmsKey | default .Values.global.defaultBucket.kmsKey }}" - - name: OPERATOR_ENABLED - value: 'true' - - name: LOGGING_ENABLED - value: 'true' - - name: AZURE_STORAGE_KEY - valueFrom: - secretKeyRef: - name: "{{ include "wandb.bucket.secret" . }}" - key: {{ .Values.global.bucket.accessKeyName }} - optional: true - - name: GORILLA_CUSTOMER_SECRET_STORE_K8S_CONFIG_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: G_HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: BANNERS - value: {{ toJson .Values.global.banners | quote }} - {{- if ne .Values.traceRatio 0.0 }} - - name: GORILLA_TRACER - value: "otlp+grpc://{{ .Release.Name }}-otel-daemonset:4317?trace_ratio={{ .Values.traceRatio }}" - {{- end }} - - name: OVERFLOW_BUCKET_ADDR - value: {{ include "app.bucket" . | quote }} - {{- if not .Values.global.pubSub.enabled}} - - name: KAFKA_BROKER_HOST - value: "{{ include "wandb.kafka.brokerHost" . }}" - - name: KAFKA_BROKER_PORT - value: "{{ include "wandb.kafka.brokerPort" . }}" - - name: KAFKA_CLIENT_USER - value: "{{ include "wandb.kafka.user" . }}" - - name: KAFKA_CLIENT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "wandb.kafka.passwordSecret" . }} - key: KAFKA_CLIENT_PASSWORD - - name: KAFKA_TOPIC_RUN_UPDATE_SHADOW_QUEUE - value: {{ include "wandb.kafka.runUpdatesShadowTopic" .}} - - name: KAFKA_RUN_UPDATE_SHADOW_QUEUE_NUM_PARTITIONS - value: "{{ include "wandb.kafka.runUpdatesShadowNumPartitions" .}}" - {{- end }} - - name: GORILLA_RUN_UPDATE_SHADOW_QUEUE - value: > - { - "overflow-bucket": { - "store": {{ include "app.bucket" . | quote}}, - "name": "wandb", - "prefix": "wandb-overflow" - }, - "addr": {{ include "app.runUpdateShadowTopic" . | quote }} - } - - name: GORILLA_SETTINGS_CACHE - value: "{{ include "app.redis" . | trim }}" - - name: GORILLA_METADATA_CACHE - value: "{{ include "app.redis" . | trim }}" - - name: GORILLA_HISTORY_STORE - value: {{ include "app.historyStore" . | quote }} - - name: GORILLA_PARQUET_LIVE_HISTORY_STORE - value: {{ include "app.liveHistoryStore" . | quote }} - - name: GORILLA_FILE_STREAM_STORE_ADDRESS - value: {{ include "app.fileStreamStore" . | quote }} - - name: GORILLA_ARTIFACTS_GC_BATCH_SIZE - value: {{ .Values.artifactsGc.BatchSize | quote }} - - name: GORILLA_ARTIFACTS_GC_NUM_WORKERS - value: {{ .Values.artifactsGc.NumWorkers | quote }} - - name: GORILLA_ARTIFACTS_GC_DELETE_FILES_NUM_WORKERS - value: {{ .Values.artifactsGc.DeleteFilesNumWorkers | quote }} - - {{- if .Values.global.executor.enabled }} - - name: GORILLA_TASK_QUEUE - value: "{{ include "app.redis" . | trim }}" - - name: GORILLA_TASK_QUEUE_MONITOR_PORT - value: "10000" - - name: GORILLA_TASK_QUEUE_WORKER_ENABLED - value: "false" - - name: GORILLA_CLEAR_TASK_DEDUPE_KEY_ENABLED - value: "false" - {{- end }} - - {{- if index .Values.global "weave-trace" "enabled" }} - - name: GORILLA_INTERNAL_JWT_SUBJECTS_TO_ISSUERS - value: {{ tpl (include "app.internalJWTMap" .) . }} - {{- end }} - - {{- include "app.extraEnv" (dict "global" $.Values.global "local" .Values) | nindent 12 }} - {{- include "wandb.extraEnvFrom" (dict "root" $ "local" .) | nindent 12 }} - {{- if .healthCheckEnabled }} - livenessProbe: - httpGet: - path: /healthz - port: http - readinessProbe: - httpGet: - path: /ready - port: http - initialDelaySeconds: 20 - periodSeconds: 5 - startupProbe: - httpGet: - path: /ready - port: http - initialDelaySeconds: 20 - periodSeconds: 5 - failureThreshold: 120 - lifecycle: - preStop: - exec: - command: ["sleep", "25"] - {{- end }} - resources: - {{- toYaml .Values.resources | nindent 12 }} - volumes: - {{- if ne (include "wandb.redis.caCert" .) "" }} - - name: {{ include "app.fullname" . }}-redis-ca - secret: - secretName: "{{ .Release.Name }}-redis" - items: - - key: REDIS_CA_CERT - path: redis_ca.pem - {{- end }} - {{- if .Values.global.caCertsConfigMap }} - - name: wandb-ca-certs-user - configMap: - name: {{ .Values.global.caCertsConfigMap }} - {{- end }} - {{- if .Values.global.customCACerts }} - - name: wandb-ca-certs - configMap: - name: {{ include "wandb.fullname" . }}-ca-certs - {{- end }} -{{- end }} diff --git a/charts/operator-wandb/charts/app/templates/deployment.yaml b/charts/operator-wandb/charts/app/templates/deployment.yaml index c7d97c51..230e2ec4 100644 --- a/charts/operator-wandb/charts/app/templates/deployment.yaml +++ b/charts/operator-wandb/charts/app/templates/deployment.yaml @@ -1,36 +1,344 @@ {{- if .Values.enabled }} -{{- $glueSingletonEnabled := .Values.glueSingleton.enabled }} -{{- $notGlueSingletonEnabled := not $glueSingletonEnabled }} +{{- $imageCfg := dict "global" $.Values.global.image "local" $.Values.image -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "app.fullname" . }} + labels: + {{- include "wandb.commonLabels" . | nindent 4 }} + {{- include "app.commonLabels" . | nindent 4 }} + {{- include "app.labels" . | nindent 4 }} + {{- if .Values.deployment.labels -}} + {{- toYaml .Values.deployment.labels | nindent 4 }} + {{- end }} + annotations: + {{- include "wandb.deploymentAnnotations" $ | nindent 4 }} + {{- if .Values.deployment.annotations -}} + {{- toYaml .Values.deployment.annotations | nindent 4 }} + {{- end }} +spec: + replicas: 1 + selector: + matchLabels: + {{- include "wandb.selectorLabels" $ | nindent 6 }} + {{- include "app.labels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "wandb.podLabels" . | nindent 8 }} + {{- include "app.commonLabels" . | nindent 8 }} + {{- include "app.podLabels" . | nindent 8 }} + {{- include "app.labels" . | nindent 8 }} + annotations: + checksum/secret: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }} + {{- if .Values.pod.annotations -}} + {{- toYaml .Values.pod.annotations | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ include "app.serviceAccountName" . }} + {{- if .tolerations }} + tolerations: + {{- toYaml .tolerations | nindent 8 }} + {{- end }} + {{- include "wandb.nodeSelector" . | nindent 6 }} + {{- include "wandb.priorityClassName" . | nindent 6 }} + {{- include "wandb.podSecurityContext" .Values.pod.securityContext | nindent 6 }} + # Extend the pods shutdown grace period from the default of 30s to 60s. + # This goes in the pod template spec. + terminationGracePeriodSeconds: 60 + initContainers: + - name: init-db + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + env: + - name: MYSQL_PORT + value: "{{ include "wandb.mysql.port" . }}" + - name: MYSQL_HOST + value: "{{ include "wandb.mysql.host" . }}" + - name: MYSQL_DATABASE + value: "{{ include "wandb.mysql.database" . }}" + - name: MYSQL_USER + value: "{{ include "wandb.mysql.user" . }}" + - name: MYSQL_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "wandb.mysql.passwordSecret" . }} + key: {{ .Values.global.mysql.passwordSecret.passwordKey }} + command: ['bash', '-c', "until mysql -h$MYSQL_HOST -u$MYSQL_USER -p$MYSQL_PASSWORD -D$MYSQL_DATABASE -P$MYSQL_PORT --execute=\"SELECT 1\"; do echo waiting for db; sleep 2; done"] + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + {{- include "wandb.containerSecurityContext" .Values.container.securityContext | nindent 10 }} + volumeMounts: + {{- if ne (include "wandb.redis.caCert" .) "" }} + - name: {{ include "app.fullname" . }}-redis-ca + mountPath: /etc/ssl/certs/redis_ca.pem + subPath: redis_ca.pem + {{- end }} + {{- if .Values.global.caCertsConfigMap }} + - name: wandb-ca-certs-user + mountPath: /usr/local/share/ca-certificates/ + {{- end }} + {{- range $index, $v := .Values.global.customCACerts }} + - name: wandb-ca-certs + mountPath: /usr/local/share/ca-certificates/customCA{{$index}}.crt + subPath: customCA{{$index}}.crt + {{- end }} + ports: + - name: http + containerPort: 8080 + protocol: TCP + - name: prometheus + containerPort: 8181 + protocol: TCP + - name: gorilla-statsd + containerPort: 8125 + protocol: TCP + env: + - name: GOMEMLIMIT + valueFrom: + resourceFieldRef: + resource: limits.memory + - name: GLUE_ENABLED + value: "{{ not .Values.global.beta.glue.enabled }}" + - name: HOST + value: "{{ .Values.global.host }}" + {{- if .Values.extraCors }} + - name: GORILLA_CORS_ORIGINS + value: "{{ join "," .Values.extraCors }}" + {{- end }} + - name: MYSQL_PORT + value: "{{ include "wandb.mysql.port" . }}" + - name: MYSQL_HOST + value: "{{ include "wandb.mysql.host" . }}" + - name: MYSQL_DATABASE + value: "{{ include "wandb.mysql.database" . }}" + - name: MYSQL_USER + value: "{{ include "wandb.mysql.user" . }}" + - name: MYSQL_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "wandb.mysql.passwordSecret" . }} + key: {{ .Values.global.mysql.passwordSecret.passwordKey }} + - name: MYSQL + value: "mysql://$(MYSQL_USER):$(MYSQL_PASSWORD)@$(MYSQL_HOST):$(MYSQL_PORT)/$(MYSQL_DATABASE)" + - name: WEAVE_SERVICE + value: "{{ .Release.Name }}-weave:9994" + - name: PARQUET_HOST + value: "http://{{ .Release.Name }}-parquet:8087" + - name: PARQUET_ENABLED + value: "true" + {{- if index .Values.global "weave-trace" "enabled" }} + - name: WEAVE_TRACES_ENABLED + value: "true" + {{- end }} + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "wandb.redis.passwordSecret" . }} + optional: true + key: {{ .Values.global.redis.secretKey }} + - name: REDIS_PORT + value: "{{ include "wandb.redis.port" . }}" + - name: REDIS_HOST + value: "{{ include "wandb.redis.host" . }}" + - name: REDIS + value: "{{ include "app.redis" . | trim }}" + - name: SLACK_CLIENT_ID + value: {{ .Values.global.slack.clientId | quote }} + - name: SLACK_SECRET + valueFrom: + secretKeyRef: + name: {{ include "app.fullname" . }}-config + key: SLACK_SECRET + optional: true + {{- if ne .Values.global.email.smtp.host "" }} + - name: GORILLA_EMAIL_SINK + value: "smtp://{{ .Values.global.email.smtp.user }}:{{ .Values.global.email.smtp.password }}@{{ .Values.global.email.smtp.host }}:{{ .Values.global.email.smtp.port }}" + {{- end }} + {{- if and .Values.global.licenseSecret.name .Values.global.licenseSecret.key }} + - name: LICENSE + valueFrom: + secretKeyRef: + name: {{ .Values.global.licenseSecret.name }} + key: {{ .Values.global.licenseSecret.key }} + optional: true + - name: GORILLA_LICENSE + valueFrom: + secretKeyRef: + name: {{ .Values.global.licenseSecret.name }} + key: {{ .Values.global.licenseSecret.key }} + optional: true + {{- else }} + - name: LICENSE + valueFrom: + secretKeyRef: + name: {{ include "app.fullname" . }}-config + key: LICENSE + optional: true + - name: GORILLA_LICENSE + valueFrom: + secretKeyRef: + name: {{ include "app.fullname" . }}-config + key: LICENSE + optional: true + {{- end }} + {{- if ne .Values.global.auth.oidc.clientId "" }} + - name: OIDC_CLIENT_ID + value: {{ .Values.global.auth.oidc.clientId }} + - name: OIDC_AUTH_METHOD + value: {{ .Values.global.auth.oidc.authMethod }} + - name: OIDC_ISSUER + value: {{ .Values.global.auth.oidc.issuer }} + - name: OIDC_CLIENT_SECRET + value: {{ .Values.global.auth.oidc.secret }} + {{- end }} + - name: GORILLA_SESSION_LENGTH + value: "{{ .Values.global.auth.sessionLengthHours }}h" + {{- if and .Values.global .Values.global.observability }} + {{- if eq (default "custom" .Values.global.observability.mode) "otel" }} + - name: GORILLA_STATSD_PORT + value: "8125" + - name: GORILLA_STATSD_HOST + value: "0.0.0.0" + {{- end }} + {{- end }} + - name: BUCKET + value: {{ include "app.bucket" . | quote}} + - name: AWS_REGION + value: {{ .Values.global.bucket.region | default .Values.global.defaultBucket.region }} + - name: AWS_S3_KMS_ID + value: "{{ .Values.global.bucket.kmsKey | default .Values.global.defaultBucket.kmsKey }}" + - name: OPERATOR_ENABLED + value: 'true' + - name: LOGGING_ENABLED + value: 'true' + - name: AZURE_STORAGE_KEY + valueFrom: + secretKeyRef: + name: "{{ include "wandb.bucket.secret" . }}" + key: {{ .Values.global.bucket.accessKeyName }} + optional: true + - name: GORILLA_CUSTOMER_SECRET_STORE_K8S_CONFIG_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: G_HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: BANNERS + value: {{ toJson .Values.global.banners | quote }} + {{- if ne .Values.traceRatio 0.0 }} + - name: GORILLA_TRACER + value: "otlp+grpc://{{ .Release.Name }}-otel-daemonset:4317?trace_ratio={{ .Values.traceRatio }}" + {{- end }} + - name: OVERFLOW_BUCKET_ADDR + value: {{ include "app.bucket" . | quote }} + {{- if not .Values.global.pubSub.enabled}} + - name: KAFKA_BROKER_HOST + value: "{{ include "wandb.kafka.brokerHost" . }}" + - name: KAFKA_BROKER_PORT + value: "{{ include "wandb.kafka.brokerPort" . }}" + - name: KAFKA_CLIENT_USER + value: "{{ include "wandb.kafka.user" . }}" + - name: KAFKA_CLIENT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "wandb.kafka.passwordSecret" . }} + key: KAFKA_CLIENT_PASSWORD + - name: KAFKA_TOPIC_RUN_UPDATE_SHADOW_QUEUE + value: {{ include "wandb.kafka.runUpdatesShadowTopic" .}} + - name: KAFKA_RUN_UPDATE_SHADOW_QUEUE_NUM_PARTITIONS + value: "{{ include "wandb.kafka.runUpdatesShadowNumPartitions" .}}" + {{- end }} + - name: GORILLA_RUN_UPDATE_SHADOW_QUEUE + value: > + { + "overflow-bucket": { + "store": {{ include "app.bucket" . | quote}}, + "name": "wandb", + "prefix": "wandb-overflow" + }, + "addr": {{ include "app.runUpdateShadowTopic" . | quote }} + } + - name: GORILLA_SETTINGS_CACHE + value: "{{ include "app.redis" . | trim }}" + - name: GORILLA_METADATA_CACHE + value: "{{ include "app.redis" . | trim }}" + - name: GORILLA_HISTORY_STORE + value: {{ include "app.historyStore" . | quote }} + - name: GORILLA_PARQUET_LIVE_HISTORY_STORE + value: {{ include "app.liveHistoryStore" . | quote }} + - name: GORILLA_FILE_STREAM_STORE_ADDRESS + value: {{ include "app.fileStreamStore" . | quote }} + - name: GORILLA_ARTIFACTS_GC_BATCH_SIZE + value: {{ .Values.artifactsGc.BatchSize | quote }} + - name: GORILLA_ARTIFACTS_GC_NUM_WORKERS + value: {{ .Values.artifactsGc.NumWorkers | quote }} + - name: GORILLA_ARTIFACTS_GC_DELETE_FILES_NUM_WORKERS + value: {{ .Values.artifactsGc.DeleteFilesNumWorkers | quote }} -{{/* -App deployment -*/}} -{{ include "app.deployment" (dict - "glueSingletonEnabled" $notGlueSingletonEnabled - "onlyService" nil - "suffix" "" - "healthCheckEnabled" true - "Values" .Values - "Chart" .Chart - "Release" .Release - "Template" .Template - "Capabilities" .Capabilities -) | indent 0 }} ---- -{{- if $glueSingletonEnabled }} -{{/* -Glue deployment -*/}} -{{ include "app.deployment" (dict - "glueSingletonEnabled" $glueSingletonEnabled - "onlyService" "gorilla-glue" - "suffix" "-glue" - "healthCheckEnabled" false - "Values" .Values - "Chart" .Chart - "Release" .Release - "Template" .Template - "Capabilities" .Capabilities -) | indent 0 }} -{{- end }} + {{- if .Values.global.executor.enabled }} + - name: GORILLA_TASK_QUEUE + value: "{{ include "app.redis" . | trim }}" + - name: GORILLA_TASK_QUEUE_MONITOR_PORT + value: "10000" + - name: GORILLA_TASK_QUEUE_WORKER_ENABLED + value: "false" + - name: GORILLA_CLEAR_TASK_DEDUPE_KEY_ENABLED + value: "false" + {{- end }} + + {{- if index .Values.global "weave-trace" "enabled" }} + - name: GORILLA_INTERNAL_JWT_SUBJECTS_TO_ISSUERS + value: {{ tpl (include "app.internalJWTMap" .) . }} + {{- end }} + + {{- include "app.extraEnv" (dict "global" $.Values.global "local" .Values) | nindent 12 }} + {{- include "wandb.extraEnvFrom" (dict "root" $ "local" .) | nindent 12 }} + {{- if .healthCheckEnabled }} + livenessProbe: + httpGet: + path: /healthz + port: http + readinessProbe: + httpGet: + path: /ready + port: http + initialDelaySeconds: 20 + periodSeconds: 5 + startupProbe: + httpGet: + path: /ready + port: http + initialDelaySeconds: 20 + periodSeconds: 5 + failureThreshold: 120 + # Increase the sleep before SIGTERM to 25s. I had this as 5s previously and it wasn't enough. + lifecycle: + preStop: + exec: + command: ["sleep", "25"] + {{- end }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + volumes: + {{- if ne (include "wandb.redis.caCert" .) "" }} + - name: {{ include "app.fullname" . }}-redis-ca + secret: + secretName: "{{ include "wandb.redis.passwordSecret" . }}" + items: + - key: REDIS_CA_CERT + path: redis_ca.pem + {{- end }} + {{- if .Values.global.caCertsConfigMap }} + - name: wandb-ca-certs-user + configMap: + name: {{ .Values.global.caCertsConfigMap }} + {{- end }} + {{- if .Values.global.customCACerts }} + - name: wandb-ca-certs + configMap: + name: {{ include "wandb.fullname" . }}-ca-certs + {{- end }} {{- end }} \ No newline at end of file diff --git a/charts/operator-wandb/charts/flat-run-fields-updater/templates/deployment.yaml b/charts/operator-wandb/charts/flat-run-fields-updater/templates/deployment.yaml index 20bd74cf..161bf443 100644 --- a/charts/operator-wandb/charts/flat-run-fields-updater/templates/deployment.yaml +++ b/charts/operator-wandb/charts/flat-run-fields-updater/templates/deployment.yaml @@ -134,7 +134,7 @@ spec: "prefix": "wandb-overflow" }, "subscriptions": { - "flatRunFieldsUpdater": "{{ include "flat-run-fields-updater.runUpdateShadowQueue" .}}" + "flatRunFieldsUpdater": {{ include "flat-run-fields-updater.runUpdateShadowQueue" . | quote }} } } - name: AWS_REGION diff --git a/charts/operator-wandb/local-development.md b/charts/operator-wandb/local-development.md index 852bef1d..fef26394 100644 --- a/charts/operator-wandb/local-development.md +++ b/charts/operator-wandb/local-development.md @@ -87,6 +87,12 @@ helm upgrade \ ``` +Helm diff example + +```bash +helm diff revision wandb 109 107 +``` + ### 5. Finalizing Development After completing your development work: diff --git a/charts/operator-wandb/templates/_bucket.tpl b/charts/operator-wandb/templates/_bucket.tpl index b93320f1..693c0432 100644 --- a/charts/operator-wandb/templates/_bucket.tpl +++ b/charts/operator-wandb/templates/_bucket.tpl @@ -10,3 +10,25 @@ Return the bucket credentials secret name {{- print .Release.Name "-bucket" -}} {{- end -}} {{- end }} + +{{- define "wandb.bucket" -}} +{{- $bucketValues := .Values.global.defaultBucket }} +{{- if .Values.global.bucket.provider }} +{{- $bucketValues = .Values.global.bucket }} +{{- end }} +{{- $bucket := "" -}} +{{- if eq $bucketValues.provider "az" -}} +{{- $bucket = printf "az://%s/%s" $bucketValues.name (default "" $bucketValues.path) -}} +{{- end -}} +{{- if eq $bucketValues.provider "gcs" -}} +{{- $bucket = printf "gs://%s/%s" $bucketValues.name (default "" $bucketValues.path) -}} +{{- end -}} +{{- if eq $bucketValues.provider "s3" -}} +{{- if and $bucketValues.accessKey $bucketValues.secretKey -}} +{{- $bucket = printf "s3://%s:%s@%s/%s" $bucketValues.accessKey $bucketValues.secretKey $bucketValues.name (default "" $bucketValues.path) -}} +{{- else -}} +{{- $bucket = printf "s3://%s/%s" $bucketValues.name (default "" $bucketValues.path) -}} +{{- end -}} +{{- end -}} +{{- trimSuffix "/" $bucket -}} +{{- end -}} diff --git a/charts/operator-wandb/templates/_mysql.tpl b/charts/operator-wandb/templates/_mysql.tpl index 652ce229..e407d67e 100644 --- a/charts/operator-wandb/templates/_mysql.tpl +++ b/charts/operator-wandb/templates/_mysql.tpl @@ -46,4 +46,13 @@ Return the db password */}} {{- define "wandb.mysql.password" -}} {{- print $.Values.global.mysql.password -}} -{{- end -}} \ No newline at end of file +{{- end -}} + +{{/* +Return the db connection string +*/}} +{{- define "wandb.mysql" -}} +mysql://$(MYSQL_USER):$(MYSQL_PASSWORD)@$(MYSQL_HOST):$(MYSQL_PORT)/$(MYSQL_DATABASE) +{{- end -}} + + diff --git a/charts/operator-wandb/templates/_redis.tpl b/charts/operator-wandb/templates/_redis.tpl index bf300e4f..5d27a5be 100644 --- a/charts/operator-wandb/templates/_redis.tpl +++ b/charts/operator-wandb/templates/_redis.tpl @@ -59,3 +59,13 @@ Return the redis caCert {{- define "wandb.redis.caCert" -}} {{- print $.Values.global.redis.caCert -}} {{- end -}} + +{{- define "wandb.redis" -}} +{{- $cs := include "wandb.redis.connectionString" . }} +{{- $ca := include "wandb.redis.caCert" . }} +{{- if $ca }} +{{- printf "%s?tls=true&caCertPath=/etc/ssl/certs/redis_ca.pem&ttlInSeconds=604800" $cs -}} +{{- else }} +{{- print $cs -}} +{{- end }} +{{- end }} diff --git a/charts/operator-wandb/templates/certs.yaml b/charts/operator-wandb/templates/certs.yaml new file mode 100644 index 00000000..05f921e5 --- /dev/null +++ b/charts/operator-wandb/templates/certs.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-ca-certs + labels: + {{- include "wandb.labels" . | nindent 4 }} +data: + {{- range $index, $pem := .Values.global.customCACerts }} + customCA{{$index}}.crt: |- + {{- range splitList "\n" $pem }} + {{ . }} + {{- end }} + {{- end }} diff --git a/charts/operator-wandb/templates/global.yaml b/charts/operator-wandb/templates/global.yaml new file mode 100644 index 00000000..a948b6bc --- /dev/null +++ b/charts/operator-wandb/templates/global.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-global-secret + labels: + {{- include "wandb.commonLabels" . | nindent 4 }} +stringData: + {{- range $key, $value := .Values.global.extraEnv }} + {{ $key }}: {{ $value | quote }} + {{- end }} + diff --git a/charts/operator-wandb/templates/glue.yaml b/charts/operator-wandb/templates/glue.yaml new file mode 100644 index 00000000..b1b3cbda --- /dev/null +++ b/charts/operator-wandb/templates/glue.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-glue-secret + labels: + {{- include "wandb.commonLabels" . | nindent 4 }} +stringData: + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-glue-configmap + labels: + {{- include "wandb.commonLabels" . | nindent 4 }} +data: + GORILLA_GLUE_TASK_PROVIDER: "memory://" + GORILLA_GLUE_TASK_CONFIG_PATH: "/gorilla_glue_tasks_local.yaml" + GORILLA_GLUE_TASK_STORE: "memory://" diff --git a/charts/operator-wandb/templates/gorilla.yaml b/charts/operator-wandb/templates/gorilla.yaml new file mode 100644 index 00000000..d747fca1 --- /dev/null +++ b/charts/operator-wandb/templates/gorilla.yaml @@ -0,0 +1,87 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-gorilla-secret + labels: + {{- include "wandb.commonLabels" . | nindent 4 }} +stringData: + {{- if ne .Values.global.email.smtp.host "" }} + GORILLA_EMAIL_SINK: "smtp://{{ .Values.global.email.smtp.user }}:{{ .Values.global.email.smtp.password }}@{{ .Values.global.email.smtp.host }}:{{ .Values.global.email.smtp.port }}" + {{- else }} + GORILLA_EMAIL_SINK: "https://api.wandb.ai/email/dispatch" + {{- end }} + SLACK_SECRET: {{ default "" .Values.global.slack.secret | b64enc }} + {{- if and (not .Values.global.licenseSecret.name) (not .Values.global.licenseSecret.key) .Values.global.license }} + LICENSE: {{ .Values.global.license | b64enc }} + GORILLA_LICENSE: {{ .Values.global.license | b64enc }} + {{- end }} + {{- if ne .Values.global.auth.oidc.clientId "" }} + OIDC_CLIENT_SECRET: {{ .Values.global.auth.oidc.secret }} + {{- end }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-gorilla-configmap + labels: + {{- include "wandb.commonLabels" . | nindent 4 }} +data: + AWS_REGION: "{{ .Values.global.bucket.region | default .Values.global.defaultBucket.region }}" + AWS_S3_KMS_ID: "{{ .Values.global.bucket.kmsKey | default .Values.global.defaultBucket.kmsKey }}" + BANNERS: {{ toJson .Values.global.banners | quote }} + BUCKET: "{{ include "wandb.bucket" . }}" + OPERATOR_ENABLED: 'true' + LOGGING_ENABLED: 'true' + {{- if ne .Values.global.auth.oidc.clientId "" }} + OIDC_CLIENT_ID: {{ .Values.global.auth.oidc.clientId }} + OIDC_AUTH_METHOD: {{ .Values.global.auth.oidc.authMethod }} + OIDC_ISSUER: {{ .Values.global.auth.oidc.issuer }} + {{- end }} + GORILLA_SESSION_LENGTH: "{{ .Values.global.auth.sessionLengthHours }}h" + {{- if and .Values.global .Values.global.observability }} + {{- if eq (default "custom" .Values.global.observability.mode) "otel" }} + GORILLA_STATSD_PORT: "8125" + GORILLA_STATSD_HOST: "0.0.0.0" + {{- end }} + {{- end }} + {{- if ne .Values.app.traceRatio 0.0 }} + GORILLA_TRACER: "otlp+grpc://{{ .Release.Name }}-otel-daemonset:4317?trace_ratio={{ .Values.app.traceRatio }}" + {{- end }} + WEAVE_SERVICE: "{{ .Release.Name }}-weave:9994" + PARQUET_HOST: "http://{{ .Release.Name }}-parquet:8087" + PARQUET_ENABLED: "true" + {{- if index .Values.global "weave-trace" "enabled" }} + WEAVE_TRACES_ENABLED: "true" + {{- end }} + {{- if .Values.extraCors }} + GORILLA_CORS_ORIGINS: "{{ join "," .Values.extraCors }}" + {{- end }} + GORILLA_SWEEP_PROVIDER: "{{ .Values.global.sweepProvider | default (printf "http://127.0.0.1:8082") }}" + GORILLA_VIEW_SPEC_UPDATER_EXECUTABLE: "/usr/local/bin/view-spec-updater-linux" + GORILLA_LIMITER: "noop://" + GORILLA_PARQUET_RPC_PATH: "/_goRPC_" + GORILLA_SCHEMA_FILE: "/schema.graphql" + GORILLA_PORT: "8081" + GORILLA_ACTIVITY_STORE_ENABLE: "true" + GORILLA_RUN_STORE_ONPREM_MIGRATE_DISABLE_READS: "false" + GORILLA_GLUE_TASK_STORE: "memory://" + GORILLA_TASK_QUEUE: "noop://" + GORILLA_COLLECT_AUDIT_LOGS: "true" + GORILLA_USE_PARQUET_HISTORY_STORE: "true" + GORILLA_PARQUET_PORT: "8087" + GORILLA_RUN_UPDATE_QUEUE_ADDR: "internal://" + GORILLA_RUN_STORE_ONPREM_MIGRATE_CREATE_RUN_STORE: "true" + GORILLA_RUN_STORE_ONPREM_MIGRATE_CREATE_RUN_TABLES: "true" + GORILLA_RUN_STORE_ONPREM_MIGRATE_FLAT_RUNS_MIGRATOR: "true" + GORILLA_FILE_STORE_IS_PROXIED: "false" + GORILLA_ACTIVITY_STORE_SERVE: "true" + GORILLA_GLUE_TASK_CONFIG_PATH: "/gorilla_glue_tasks_local.yaml" + GORILLA_ONPREM: "true" + GORILLA_STATSD_PORT: "8125" + GORILLA_ACTIVITY_STORE_BACKFILL_ENABLE: "true" + GORILLA_ARTIFACT_GC_ENABLED: "false" + GORILLA_RUN_STORE_ONPREM_MIGRATE_SHADOW_RUN_UPDATES: "true" + GORILLA_GLUE_TASK_PROVIDER: "memory://" + GORILLA_DEFAULT_REGION: "{{ default .Values.global.cloudProvider "minio" }}-{{ .Values.global.bucket.region | default .Values.global.defaultBucket.region }}" + GORILLA_FILE_STORE: "{{ include "wandb.bucket" . | trim }}" + GORILLA_STORAGE_BUCKET: "{{ include "wandb.bucket" . | trim }}" \ No newline at end of file diff --git a/charts/operator-wandb/templates/mysql.yaml b/charts/operator-wandb/templates/mysql.yaml index 944f2883..75b99f2a 100644 --- a/charts/operator-wandb/templates/mysql.yaml +++ b/charts/operator-wandb/templates/mysql.yaml @@ -16,4 +16,17 @@ data: MYSQL_PASSWORD: {{ default (randAlphaNum 64) (include "wandb.mysql.password" .) | b64enc }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-mysql-configmap + labels: + {{- include "wandb.commonLabels" . | nindent 4 }} +data: + MYSQL_PORT: "{{ include "wandb.mysql.port" . }}" + MYSQL_HOST: "{{ include "wandb.mysql.host" . }}" + MYSQL_DATABASE: "{{ include "wandb.mysql.database" . }}" + MYSQL_USER: "{{ include "wandb.mysql.user" . }}" \ No newline at end of file diff --git a/charts/operator-wandb/templates/redis.yaml b/charts/operator-wandb/templates/redis.yaml index c2df6156..77c5d215 100644 --- a/charts/operator-wandb/templates/redis.yaml +++ b/charts/operator-wandb/templates/redis.yaml @@ -3,10 +3,21 @@ apiVersion: v1 kind: Secret metadata: - name: "{{ .Release.Name }}-redis" + name: "{{ .Release.Name }}-redis-secret" labels: {{- include "wandb.commonLabels" . | nindent 4 }} data: REDIS_PASSWORD: {{ include "wandb.redis.password" . | b64enc }} REDIS_CA_CERT: {{ include "wandb.redis.caCert" . | b64enc }} {{- end }} + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-redis-configmap + labels: + {{- include "wandb.commonLabels" . | nindent 4 }} +data: + REDIS_PORT: "{{ include "wandb.redis.port" . }}" + REDIS_HOST: "{{ include "wandb.redis.host" . }}" \ No newline at end of file diff --git a/charts/operator-wandb/values.yaml b/charts/operator-wandb/values.yaml index 749d6cf1..a118a324 100644 --- a/charts/operator-wandb/values.yaml +++ b/charts/operator-wandb/values.yaml @@ -148,23 +148,27 @@ global: # If the topic already exists then changing the number of partitions is not possible. runUpdatesShadowNumPartitions: 12 -# To provide custom CA certificates, you can use either: -# 1. `customCACerts`: a list of certificates provided directly within this Helm chart. -# 2. `configMapName`: the name of a ConfigMap containing CA certificates. -# -# Important: -# - If using a ConfigMap, each key in the ConfigMap must end with `.crt` (e.g., `my-cert.crt`). -# - This naming convention is required for `update-ca-certificates` to parse and add each -# certificate to the system CA store on Ubuntu-based systems. - -# List of custom CA certificates in PEM format. + # To provide custom CA certificates, you can use either: + # 1. `customCACerts`: a list of certificates provided directly within this Helm chart. + # 2. `configMapName`: the name of a ConfigMap containing CA certificates. + # + # Important: + # - If using a ConfigMap, each key in the ConfigMap must end with `.crt` (e.g., `my-cert.crt`). + # - This naming convention is required for `update-ca-certificates` to parse and add each + # certificate to the system CA store on Ubuntu-based systems. + + # List of custom CA certificates in PEM format. customCACerts: [] -# Name of a ConfigMap containing additional .crt files for CA certificates. + # Name of a ConfigMap containing additional .crt files for CA certificates. caCertsConfigMap: "" weave-trace: enabled: false + beta: + glue: + enabled: false + executor: enabled: false @@ -374,3 +378,106 @@ kafka: metrics: jmx: enabled: true + +glue: + # install: false + service: + enabled: false + env: + GORILLA_LICENSE_CERT_PATH: + value: "/jwks.json" + REDIS: + value: '{{ include "wandb.redis" . | trim }}' + GORILLA_AUDITOR_CACHE: + value: '{{ include "wandb.redis" . | trim }}' + GORILLA_SETTINGS_CACHE: + value: '{{ include "wandb.redis" . | trim }}' + GORILLA_LOCKER: + value: '{{ include "wandb.redis" . | trim }}' + GORILLA_ACTIVITY_STORE_CACHE_ADDRESS: + value: '{{ include "wandb.redis" . | trim }}' + GORILLA_CACHE: + value: '{{ include "wandb.redis" . | trim }}' + GORILLA_FILE_METADATA_SOURCE: + value: '{{ include "wandb.redis" . | trim }}' + GORILLA_GLUE_TASK_STRATEGY_STORE: + value: '{{ include "wandb.mysql" . | trim }}' + GORILLA_GLUE_TASK_METADATA_STORE: + value: '{{ include "wandb.mysql" . | trim }}' + GORILLA_USAGE_STORE: + value: '{{ include "wandb.mysql" . | trim }}' + GORILLA_METADATA_STORE: + value: '{{ include "wandb.mysql" . | trim }}' + GORILLA_PARQUET_LIVE_HISTORY_STORE: + value: '{{ include "wandb.mysql" . | trim }}' + GORILLA_ANALYTICS_SINK: + value: '{{ include "wandb.mysql" . | trim }}' + GORILLA_CASBIN_ADDRESS: + value: '{{ include "wandb.mysql" . | trim }}' + GORILLA_RUN_STORE: + value: '{{ include "wandb.mysql" . | trim }}' + GORILLA_FILE_STREAM_STORE_ADDRESS: + value: '{{ include "wandb.mysql" . | trim }}' + GORILLA_HISTORY_STORE: + value: 'http://{{ .Release.Name }}-parquet:8087/_goRPC_,{{ include "wandb.mysql" . | trim }}' + envFrom: + "wandb-mysql": "secretRef" + "{{ .Release.Name }}-mysql-configmap": "configMapRef" + "{{ .Release.Name }}-redis-secret": "secretRef" + "{{ .Release.Name }}-redis-configmap": "configMapRef" + "{{ .Release.Name }}-global-secret": "secretRef" + "{{ .Release.Name }}-gorilla-secret": "secretRef" + "{{ .Release.Name }}-gorilla-configmap": "configMapRef" + "{{ .Release.Name }}-glue-secret": "secretRef" + "{{ .Release.Name }}-glue-configmap": "configMapRef" + containers: + - name: glue + args: ["glue"] + env: {} + envFrom: {} + ports: + - name: http + containerPort: 8080 + protocol: TCP + livenessProbe: + httpGet: + path: /healthz + port: 8080 + initialDelaySeconds: 30 + periodSeconds: 1 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 + resources: + limits: + cpu: "2" + memory: 4Gi + requests: + cpu: "1" + memory: 1Gi + volumeMounts: + - name: wandb-ca-certs + mountPath: /usr/local/share/ca-certificates/inline + - name: wandb-ca-certs-user + mountPath: /usr/local/share/ca-certificates/configmap + - name: redis-ca + mountPath: /etc/ssl/certs/redis_ca.pem + subPath: redis_ca.pem + image: + repository: wandb/megabinary + tag: 0.62.2 + volumes: + - name: wandb-ca-certs + configMap: + name: "{{ .Release.Name }}-ca-certs" + - name: wandb-ca-certs-user + configMap: + name: '{{ .Values.global.caCertsConfigMap | default "noCertProvided" }}' + optional: true + - name: redis-ca + secret: + secretName: "{{ .Release.Name }}-redis-secret" + items: + - key: REDIS_CA_CERT + path: redis_ca.pem + optional: true diff --git a/charts/wandb-base/Chart.yaml b/charts/wandb-base/Chart.yaml index 84c90ba4..7d791b5b 100644 --- a/charts/wandb-base/Chart.yaml +++ b/charts/wandb-base/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: wandb-base description: A generic helm chart for deploying services to kubernetes type: application -version: 0.1.0 +version: 0.1.1 icon: https://wandb.ai/logo.svg maintainers: diff --git a/charts/wandb-base/templates/tests/test-connection.yaml b/charts/wandb-base/templates/tests/test-connection.yaml index b1847a79..340ec2a8 100644 --- a/charts/wandb-base/templates/tests/test-connection.yaml +++ b/charts/wandb-base/templates/tests/test-connection.yaml @@ -1,3 +1,4 @@ +{{- if .Values.test.enabled }} apiVersion: v1 kind: Pod metadata: @@ -13,3 +14,4 @@ spec: command: ['wget'] args: ['{{ include "wandb-base.fullname" . }}:{{ .Values.service.port }}'] restartPolicy: Never +{{- end }} \ No newline at end of file diff --git a/charts/wandb-base/values.yaml b/charts/wandb-base/values.yaml index 3b1106f1..cf0a7066 100644 --- a/charts/wandb-base/values.yaml +++ b/charts/wandb-base/values.yaml @@ -19,7 +19,7 @@ nameOverride: "" fullnameOverride: "" env: {} -envFrom: [] +envFrom: {} serviceAccount: create: true @@ -54,12 +54,12 @@ containers: command: [] args: [] env: {} - envFrom: [] + envFrom: {} securityContext: {} image: {} ports: - - containerPort: 80 - name: http + - containerPort: 80 + name: http livenessProbe: httpGet: path: / @@ -97,7 +97,8 @@ service: ingress: enabled: false className: "" - annotations: {} + annotations: + {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" hosts: @@ -139,3 +140,6 @@ nodeSelector: {} tolerations: [] affinity: {} + +test: + enabled: false