diff --git a/charts/operator-wandb/Chart.lock b/charts/operator-wandb/Chart.lock index d1e19ea6..d911438a 100644 --- a/charts/operator-wandb/Chart.lock +++ b/charts/operator-wandb/Chart.lock @@ -2,6 +2,9 @@ dependencies: - name: app repository: file://charts/app version: 0.1.0 +- name: wandb-base + repository: file://../wandb-base + version: 0.3.0 - name: console repository: file://charts/console version: 0.1.0 @@ -55,6 +58,9 @@ dependencies: version: 0.1.0 - name: wandb-base repository: file://../wandb-base - version: 0.1.1 -digest: sha256:49d1e4088513e55b9824284c9f5a80d3c70c9fab0195e6cc5650731fb2670a06 -generated: "2025-01-13T09:43:24.543619-08:00" + version: 0.3.0 +- name: wandb-base + repository: file://../wandb-base + version: 0.3.0 +digest: sha256:3ee5e247e2de8e6911c512fc5c1ef58a463d545365f1c5d3c0f4be28e2ee29fd +generated: "2025-01-13T18:23:28.474058-06:00" diff --git a/charts/operator-wandb/Chart.yaml b/charts/operator-wandb/Chart.yaml index 31157276..8efe711d 100644 --- a/charts/operator-wandb/Chart.yaml +++ b/charts/operator-wandb/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: operator-wandb description: A Helm chart for deploying W&B to Kubernetes type: application -version: 0.22.5 +version: 0.23.0 appVersion: 1.0.0 icon: https://wandb.ai/logo.svg @@ -16,6 +16,11 @@ dependencies: version: "*.*.*" repository: file://charts/app condition: app.install + - name: wandb-base + alias: api + condition: global.beta.api.enabled + repository: file://../wandb-base + version: "*.*.*" - name: console version: "*.*.*" repository: file://charts/console @@ -89,3 +94,8 @@ dependencies: condition: global.beta.glue.enabled repository: file://../wandb-base version: "*.*.*" + - name: wandb-base + alias: settingsMigrationJob + condition: settingsMigrationJob.install + repository: file://../wandb-base + version: "*.*.*" diff --git a/charts/operator-wandb/charts/app/templates/deployment.yaml b/charts/operator-wandb/charts/app/templates/deployment.yaml index e298b6d8..596f78ea 100644 --- a/charts/operator-wandb/charts/app/templates/deployment.yaml +++ b/charts/operator-wandb/charts/app/templates/deployment.yaml @@ -108,6 +108,13 @@ spec: resource: limits.memory - name: GLUE_ENABLED value: "{{ not .Values.global.beta.glue.enabled }}" + ## TODO: Turn this on when we are ready to remove the gorilla service from wandb/local + # {{- if .Values.global.beta.api.enabled }} + # - name: GORILLA_ENABLED + # value: "{{ not .Values.global.beta.api.enabled }}" + # - name: PROXY_PASS_BACKEND_HOST + # value: "$({{.Release.Name | upper | replace "-" "_" }}_API_SERVICE_HOST):$({{.Release.Name | upper | replace "-" "_" }}_API_SERVICE_PORT)" + # {{- end }} - name: BUCKET_ACCESS_KEY valueFrom: secretKeyRef: @@ -309,6 +316,8 @@ spec: {{- include "app.extraEnv" (dict "global" $.Values.global "local" .Values) | nindent 12 }} {{- include "wandb.extraEnvFrom" (dict "root" $ "local" .) | nindent 12 }} + ## TODO: If we want to remove the api service from wandb/local, we can uncomment this if else block + # {{- if not .Values.global.beta.api.enabled }} livenessProbe: httpGet: path: /healthz @@ -326,6 +335,28 @@ spec: initialDelaySeconds: 20 periodSeconds: 5 failureThreshold: 120 + # {{- else }} + # # If we disabled the api, we still want to have a healthcheck fror the frontend/nginx + # # We also can't just disable the migrations which would make the health endpint return 200 + # # because glue, parquet, and filemeta are still running in the local container. + # livenessProbe: + # httpGet: + # path: /proxy/healthz + # port: http + # readinessProbe: + # httpGet: + # path: /proxy/healthz + # port: http + # initialDelaySeconds: 20 + # periodSeconds: 5 + # startupProbe: + # httpGet: + # path: /proxy/healthz + # port: http + # initialDelaySeconds: 20 + # periodSeconds: 5 + # failureThreshold: 120 + # {{- end }} # Increase the sleep before SIGTERM to 25s. I had this as 5s previously and it wasn't enough. lifecycle: preStop: diff --git a/charts/operator-wandb/templates/_ingress.tpl b/charts/operator-wandb/templates/_ingress.tpl index e2cd6d52..4040f263 100644 --- a/charts/operator-wandb/templates/_ingress.tpl +++ b/charts/operator-wandb/templates/_ingress.tpl @@ -54,6 +54,22 @@ It expects a dictionary with two entries: port: number: 8080 {{- end }} +{{- if .Values.global.beta.api.enabled }} +- pathType: Prefix + path: /api + backend: + service: + name: {{ $.Release.Name }}-api + port: + number: 8080 +- pathType: Prefix + path: /graphql + backend: + service: + name: {{ $.Release.Name }}-api + port: + number: 8080 +{{- end }} - pathType: Prefix path: /console backend: @@ -61,4 +77,4 @@ It expects a dictionary with two entries: name: {{ $.Release.Name }}-console port: number: 8082 -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/operator-wandb/templates/gorilla.yaml b/charts/operator-wandb/templates/gorilla.yaml index 24edaa35..07d06114 100644 --- a/charts/operator-wandb/templates/gorilla.yaml +++ b/charts/operator-wandb/templates/gorilla.yaml @@ -10,10 +10,10 @@ stringData: {{- else }} GORILLA_EMAIL_SINK: "https://api.wandb.ai/email/dispatch" {{- end }} - SLACK_SECRET: {{ default "" .Values.global.slack.secret | b64enc }} + SLACK_SECRET: {{ default "" .Values.global.slack.secret }} {{- if and (not .Values.global.licenseSecret.name) (not .Values.global.licenseSecret.key) .Values.global.license }} - LICENSE: {{ .Values.global.license | b64enc }} - GORILLA_LICENSE: {{ .Values.global.license | b64enc }} + LICENSE: {{ .Values.global.license }} + GORILLA_LICENSE: {{ .Values.global.license }} {{- end }} {{- if ne .Values.global.auth.oidc.clientId "" }} OIDC_CLIENT_SECRET: {{ .Values.global.auth.oidc.secret }} @@ -86,7 +86,3 @@ data: GORILLA_TASK_QUEUE: "noop://" GORILLA_TASK_QUEUE_WORKER_ENABLED: "false" {{- end }} - {{- with include "wandb.bucket" . | fromYaml }} - GORILLA_FILE_STORE: "{{ .url }}" - GORILLA_STORAGE_BUCKET: "{{ .url }}" - {{- end }} diff --git a/charts/operator-wandb/templates/session-key.yaml b/charts/operator-wandb/templates/session-key.yaml new file mode 100644 index 00000000..885599fc --- /dev/null +++ b/charts/operator-wandb/templates/session-key.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-gorilla-session-key + annotations: + "helm.sh/resource-policy": "keep" + labels: + {{- include "wandb.commonLabels" . | nindent 4 }} +type: Opaque +data: + # Retrieve the secret data using lookup function and when not exists, return an empty dictionary / map as result + {{- $secretObj := (lookup "v1" "Secret" .Release.Namespace (printf "%s-gorilla-session-key" .Release.Name)) | default dict }} + {{- $secretData := (get $secretObj "data") | default dict }} + # Set $gorillaSessionKey to existing secret data or generate a random one when not exists + {{- $gorillaSessionKey := (get $secretData "GORILLA_SESSION_KEY") | default (randAlphaNum 32 | b64enc) }} + GORILLA_SESSION_KEY: {{ $gorillaSessionKey | quote }} diff --git a/charts/operator-wandb/templates/settings-migration-job.yaml b/charts/operator-wandb/templates/settings-migration-job.yaml new file mode 100644 index 00000000..9d1d42f2 --- /dev/null +++ b/charts/operator-wandb/templates/settings-migration-job.yaml @@ -0,0 +1,15 @@ +{{- if .Values.settingsMigrationJob.install }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-smj-secret + labels: + {{- include "wandb.commonLabels" . | nindent 4 }} +stringData: + SMJ_DEBUG: {{ .Values.global.settingsMigrationJob.debug | quote }} + SMJ_DRY_RUN: {{ .Values.global.settingsMigrationJob.dryRun | quote }} + {{- with include "wandb.bucket" . | fromYaml }} + AWS_REGION: "{{ .region }}" + AWS_S3_KMS_ID: "{{ .kmsKey }}" + {{- end }} +{{- end }} diff --git a/charts/operator-wandb/values.yaml b/charts/operator-wandb/values.yaml index 2070f9c0..f7aed1b1 100644 --- a/charts/operator-wandb/values.yaml +++ b/charts/operator-wandb/values.yaml @@ -142,9 +142,9 @@ global: # the kafka dependency chart. user: &kafkaUser "wandb" password: &kafkaPassword "wandb" -## The secret can be created using the following command: -## "kubectl create secret generic SECRET_NAME --from-literal=client-passwords=CLIENT_PASSWORD1 --from-literal=inter-broker-password=INTER_BROKER_PASSWORD --from-literal=controller-password=CONTROLLER_PASSWORD" -## Replace SECRET_NAME, CLIENT_PASSWORD1, INTER_BROKER_PASSWORD, and CONTROLLER_PASSWORD with appropriate values. + ## The secret can be created using the following command: + ## "kubectl create secret generic SECRET_NAME --from-literal=client-passwords=CLIENT_PASSWORD1 --from-literal=inter-broker-password=INTER_BROKER_PASSWORD --from-literal=controller-password=CONTROLLER_PASSWORD" + ## Replace SECRET_NAME, CLIENT_PASSWORD1, INTER_BROKER_PASSWORD, and CONTROLLER_PASSWORD with appropriate values. passwordSecret: name: &kafkaSecretName "" # This (client-passwords) should match the key name used in the secret @@ -176,12 +176,18 @@ global: beta: glue: enabled: false + api: + enabled: false bufstream: enabled: false executor: enabled: false + settingsMigrationJob: + debug: false + dryRun: true + # Creates a backend config to set custom values to used by the gke load balancer # https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-configuration#create_backendconfig createGCPLoadBalancerBackend: false @@ -232,6 +238,7 @@ app: tag: latest envFrom: "{{ .Release.Name }}-bucket-configmap": "configMapRef" + "{{ .Release.Name }}-gorilla-session-key": "secretRef" nginx: install: false @@ -261,7 +268,6 @@ console: # ex: AWS("arn:aws:iam::{acc_number}:role/{customer_namespace}-node") BUCKET_ACCESS_IDENTITY: unknown - flat-run-fields-updater: install: false image: @@ -496,6 +502,16 @@ glue: value: '{{ include "wandb.mysql" . | trim }}' GORILLA_HISTORY_STORE: value: 'http://{{ .Release.Name }}-parquet:8087/_goRPC_,{{ include "wandb.mysql" . | trim }}' + GORILLA_FILE_STORE: + value: '{{ (include "wandb.bucket" . | fromYaml).url }}' + GORILLA_STORAGE_BUCKET: + value: '{{ (include "wandb.bucket" . | fromYaml).url }}' + AZURE_STORAGE_KEY: + valueFrom: + secretKeyRef: + name: '{{ (include "wandb.bucket" . | fromYaml).secretName }}' + key: '{{ (include "wandb.bucket" . | fromYaml).accessKeyName }}' + optional: true envFrom: "wandb-mysql": "secretRef" "{{ .Release.Name }}-bucket-configmap": "configMapRef" @@ -507,8 +523,51 @@ glue: "{{ .Release.Name }}-gorilla-configmap": "configMapRef" "{{ .Release.Name }}-glue-secret": "secretRef" "{{ .Release.Name }}-glue-configmap": "configMapRef" + "{{ .Release.Name }}-gorilla-session-key": "secretRef" + initContainers: + init-db: + image: + repository: wandb/local + tag: latest + env: + MYSQL_HOST: + value: '{{ include "wandb.mysql.host" . }}' + MYSQL_DATABASE: + value: '{{ include "wandb.mysql.database" . }}' + MYSQL_USER: + value: '{{ include "wandb.mysql.user" . }}' + MYSQL_PASSWORD: + valueFrom: + secretKeyRef: + name: '{{ include "wandb.mysql.passwordSecret" . }}' + key: "{{ .Values.global.mysql.passwordSecret.passwordKey }}" + command: + [ + "bash", + "-c", + 'until mysql -h$MYSQL_HOST -u$MYSQL_USER -p$MYSQL_PASSWORD -D$MYSQL_DATABASE -P$MYSQL_PORT --execute="SELECT 1"; do echo waiting for db; sleep 2; done', + ] + migrate-db: + env: + MYSQL_HOST: + value: '{{ include "wandb.mysql.host" . }}' + MYSQL_DATABASE: + value: '{{ include "wandb.mysql.database" . }}' + MYSQL_USER: + value: '{{ include "wandb.mysql.user" . }}' + MYSQL_PASSWORD: + valueFrom: + secretKeyRef: + name: '{{ include "wandb.mysql.passwordSecret" . }}' + key: "{{ .Values.global.mysql.passwordSecret.passwordKey }}" + command: + [ + "bash", + "-c", + "./megabinary migrate --db=$GORILLA_METADATA_STORE --runs-db=$GORILLA_RUN_STORE; ./megabinary migrate --db=$GORILLA_METADATA_STORE --usage-db=$GORILLA_USAGE_STORE", + ] containers: - - name: glue + glue: args: ["glue"] env: {} envFrom: {} @@ -542,7 +601,7 @@ glue: subPath: redis_ca.pem image: repository: wandb/megabinary - tag: 0.62.2 + tag: latest volumes: - name: wandb-ca-certs configMap: @@ -558,3 +617,213 @@ glue: - key: REDIS_CA_CERT path: redis_ca.pem optional: true + +api: + # install: false + service: + enabled: true + type: ClusterIP + ports: + - port: 8081 + targetPort: http + protocol: TCP + name: http + env: + GORILLA_LICENSE_CERT_PATH: + value: "/jwks.json" + REDIS: + value: '{{ include "wandb.redis" . | trim }}' + GORILLA_AUDITOR_CACHE: + value: '{{ include "wandb.redis" . | trim }}' + GORILLA_SETTINGS_CACHE: + value: '{{ include "wandb.redis" . | trim }}' + GORILLA_LOCKER: + value: '{{ include "wandb.redis" . | trim }}' + GORILLA_ACTIVITY_STORE_CACHE_ADDRESS: + value: '{{ include "wandb.redis" . | trim }}' + GORILLA_CACHE: + value: '{{ include "wandb.redis" . | trim }}' + GORILLA_FILE_METADATA_SOURCE: + value: '{{ include "wandb.redis" . | trim }}' + GORILLA_GLUE_TASK_STRATEGY_STORE: + value: '{{ include "wandb.mysql" . | trim }}' + GORILLA_GLUE_TASK_METADATA_STORE: + value: '{{ include "wandb.mysql" . | trim }}' + GORILLA_USAGE_STORE: + value: '{{ include "wandb.mysql" . | trim }}' + GORILLA_METADATA_STORE: + value: '{{ include "wandb.mysql" . | trim }}' + GORILLA_PARQUET_LIVE_HISTORY_STORE: + value: '{{ include "wandb.mysql" . | trim }}' + GORILLA_ANALYTICS_SINK: + value: '{{ include "wandb.mysql" . | trim }}' + GORILLA_CASBIN_ADDRESS: + value: '{{ include "wandb.mysql" . | trim }}' + GORILLA_RUN_STORE: + value: '{{ include "wandb.mysql" . | trim }}' + GORILLA_FILE_STREAM_STORE_ADDRESS: + value: '{{ include "wandb.mysql" . | trim }}' + GORILLA_HISTORY_STORE: + value: 'http://{{ .Release.Name }}-parquet:8087/_goRPC_,{{ include "wandb.mysql" . | trim }}' + GORILLA_FILE_STORE: + value: '{{ (include "wandb.bucket" . | fromYaml).url }}' + GORILLA_STORAGE_BUCKET: + value: '{{ (include "wandb.bucket" . | fromYaml).url }}' + GORILLA_PORT: + value: "8080" + AZURE_STORAGE_KEY: + valueFrom: + secretKeyRef: + name: '{{ (include "wandb.bucket" . | fromYaml).secretName }}' + key: '{{ (include "wandb.bucket" . | fromYaml).accessKeyName }}' + optional: true + envFrom: + "wandb-mysql": "secretRef" + "{{ .Release.Name }}-bucket-configmap": "configMapRef" + "{{ .Release.Name }}-mysql-configmap": "configMapRef" + "{{ .Release.Name }}-redis-secret": "secretRef" + "{{ .Release.Name }}-redis-configmap": "configMapRef" + "{{ .Release.Name }}-global-secret": "secretRef" + "{{ .Release.Name }}-gorilla-secret": "secretRef" + "{{ .Release.Name }}-gorilla-configmap": "configMapRef" + "{{ .Release.Name }}-gorilla-session-key": "secretRef" + initContainers: + init-db: + image: + repository: wandb/local + tag: latest + env: + MYSQL_HOST: + value: '{{ include "wandb.mysql.host" . }}' + MYSQL_DATABASE: + value: '{{ include "wandb.mysql.database" . }}' + MYSQL_USER: + value: '{{ include "wandb.mysql.user" . }}' + MYSQL_PASSWORD: + valueFrom: + secretKeyRef: + name: '{{ include "wandb.mysql.passwordSecret" . }}' + key: "{{ .Values.global.mysql.passwordSecret.passwordKey }}" + command: + [ + "bash", + "-c", + 'until mysql -h$MYSQL_HOST -u$MYSQL_USER -p$MYSQL_PASSWORD -D$MYSQL_DATABASE -P$MYSQL_PORT --execute="SELECT 1"; do echo waiting for db; sleep 2; done', + ] + migrate-db: + env: + MYSQL_HOST: + value: '{{ include "wandb.mysql.host" . }}' + MYSQL_DATABASE: + value: '{{ include "wandb.mysql.database" . }}' + MYSQL_USER: + value: '{{ include "wandb.mysql.user" . }}' + MYSQL_PASSWORD: + valueFrom: + secretKeyRef: + name: '{{ include "wandb.mysql.passwordSecret" . }}' + key: "{{ .Values.global.mysql.passwordSecret.passwordKey }}" + command: + [ + "bash", + "-c", + "./megabinary migrate --db=$GORILLA_METADATA_STORE --runs-db=$GORILLA_RUN_STORE; ./megabinary migrate --db=$GORILLA_METADATA_STORE --usage-db=$GORILLA_USAGE_STORE", + ] + containers: + api: + args: ["gorilla"] + env: {} + envFrom: {} + ports: + - name: http + containerPort: 8080 + protocol: TCP + livenessProbe: + httpGet: + path: /healthz + port: 8080 + initialDelaySeconds: 30 + periodSeconds: 1 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 + resources: + limits: + cpu: "2" + memory: 4Gi + requests: + cpu: "1" + memory: 1Gi + volumeMounts: + - name: wandb-ca-certs + mountPath: /usr/local/share/ca-certificates/inline + - name: wandb-ca-certs-user + mountPath: /usr/local/share/ca-certificates/configmap + - name: redis-ca + mountPath: /etc/ssl/certs/redis_ca.pem + subPath: redis_ca.pem + image: + repository: wandb/megabinary + tag: latest + volumes: + - name: wandb-ca-certs + configMap: + name: "{{ .Release.Name }}-ca-certs" + - name: wandb-ca-certs-user + configMap: + name: '{{ .Values.global.caCertsConfigMap | default "noCertProvided" }}' + optional: true + - name: redis-ca + secret: + secretName: "{{ .Release.Name }}-redis-secret" + items: + - key: REDIS_CA_CERT + path: redis_ca.pem + optional: true + +settingsMigrationJob: + install: false + service: + enabled: false + role: + create: true + rules: + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - update + - patch + env: + SMJ_FILE_STORE: + value: '{{ (include "wandb.bucket" . | fromYaml).url }}' + SMJ_K8S_ACTIVE_SPEC_SECRET_NAME: + value: "wandb-spec-active" + SMJ_K8S_USER_SPEC_SECRET_NAME: + value: "wandb-spec-user" + SMJ_K8S_NAMESPACE: + value: "default" + AZURE_STORAGE_KEY: + valueFrom: + secretKeyRef: + name: '{{ (include "wandb.bucket" . | fromYaml).secretName }}' + key: '{{ (include "wandb.bucket" . | fromYaml).accessKeyName }}' + optional: true + envFrom: + "{{ .Release.Name }}-bucket-configmap": "configMapRef" + "{{ .Release.Name }}-bucket": "secretRef" + kind: Job + jobs: + smj: + ttlSecondsAfterFinished: 3600 + containers: + smj: + image: + repository: wandb/megabinary + tag: latest + envFrom: + "{{ .Release.Name }}-smj-secret": "secretRef" + args: ["settings-migration-job"] diff --git a/charts/wandb-base/Chart.yaml b/charts/wandb-base/Chart.yaml index 7d791b5b..4b2fef16 100644 --- a/charts/wandb-base/Chart.yaml +++ b/charts/wandb-base/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: wandb-base description: A generic helm chart for deploying services to kubernetes type: application -version: 0.1.1 +version: 0.3.0 icon: https://wandb.ai/logo.svg maintainers: diff --git a/charts/wandb-base/templates/_containers.tpl b/charts/wandb-base/templates/_containers.tpl index 308e2f57..adab8a42 100644 --- a/charts/wandb-base/templates/_containers.tpl +++ b/charts/wandb-base/templates/_containers.tpl @@ -1,26 +1,18 @@ -{{- define "wandb-base.containers" }} -{{- range .Values.containers}} +{{/* + wandb-base.containers should be passed a dict with key `containers` containing the map of containers and a key `root` + containing the . from the calling context + */}} +{{- define "wandb-base.containers" -}} +{{- range $containerName, $containerSource := .containers -}} {{- $container := dict }} -{{- $_ := deepCopy . | merge $container }} -{{- $_ = set $container "securityContext" (coalesce $container.securityContext $.Values.securityContext) }} -{{- $_ = set $container "image" (coalesce $container.image $.Values.image) }} -{{- $_ = set $container "envFrom" (merge (default (dict) ($container.envFrom)) (default (dict) ($.Values.envFrom))) }} -{{- $_ = set $container "env" (merge (default (dict) ($container.env)) (default (dict) ($.Values.env))) }} -{{- $_ = set $container "root" $ }} -{{- include "wandb-base.container" $container }} -{{- end }} -{{- end }} - -{{- define "wandb-base.initContainers" }} -{{- range .Values.initContainers}} -{{- $container := dict }} -{{- $_ := deepCopy . | merge $container }} -{{- $_ = set $container "securityContext" (coalesce $container.securityContext $.Values.securityContext) }} -{{- $_ = set $container "image" (coalesce $container.image $.Values.image) }} -{{- $_ = set $container "envFrom" (merge (default (dict) ($container.envFrom)) (default (dict) ($.Values.envFrom))) }} -{{- $_ = set $container "env" (merge (default (dict) ($container.env)) (default (dict) ($.Values.env))) }} -{{- $_ = set $container "root" $ }} -{{- include "wandb-base.container" $container }} +{{- $_ := deepCopy $containerSource | merge $container }} +{{- $_ = set $container "name" $containerName }} +{{- $_ = set $container "securityContext" (coalesce $container.securityContext $.root.Values.securityContext) }} +{{- $_ = set $container "image" (coalesce $container.image $.root.Values.image) }} +{{- $_ = set $container "envFrom" (merge (default (dict) ($container.envFrom)) (default (dict) ($.root.Values.envFrom))) }} +{{- $_ = set $container "env" (merge (default (dict) ($container.env)) (default (dict) ($.root.Values.env))) }} +{{- $_ = set $container "root" $.root }} +{{- include "wandb-base.container" $container -}} {{- end }} {{- end }} @@ -78,19 +70,19 @@ {{- end }} {{- end }} -{{- define "wandb-base.env" }} -{{- range $key, $value := .env }} +{{- define "wandb-base.env" -}} +{{- range $key, $value := .env -}} {{- if kindIs "string" $value }} - name: {{ $key }} value: {{ $value | quote }} {{- else }} - name: {{ $key }} {{- toYaml $value | nindent 2 }} -{{- end }} -{{- end }} -{{- end }} +{{- end -}} +{{- end -}} +{{- end -}} -{{- define "wandb-base.envFrom" }} +{{- define "wandb-base.envFrom" -}} {{- range $key, $value := .envFrom }} - {{ $value }}: name: {{ $key }} diff --git a/charts/wandb-base/templates/_helpers.tpl b/charts/wandb-base/templates/_helpers.tpl index fe661f6b..38e9d1ca 100644 --- a/charts/wandb-base/templates/_helpers.tpl +++ b/charts/wandb-base/templates/_helpers.tpl @@ -14,7 +14,7 @@ If release name contains chart name it will be used as a full name. {{- if .Values.fullnameOverride }} {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} {{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} +{{- $name := default (.Chart.Name | kebabcase) .Values.nameOverride }} {{- if contains $name .Release.Name }} {{- .Release.Name | trunc 63 | trimSuffix "-" }} {{- else }} diff --git a/charts/wandb-base/templates/cronjob b/charts/wandb-base/templates/cronjob new file mode 100644 index 00000000..00e2ce2e --- /dev/null +++ b/charts/wandb-base/templates/cronjob @@ -0,0 +1,56 @@ +{{- range $cronJobName, $cronJob := .Values.cronJobs }} +apiVersion: batch/v1 +kind: CronJob +metadata: + name: {{ printf "%s-%s" $.Release.Name $cronJobName }} + labels: + {{- include "wandb-base.labels" $ | nindent 4 }} +spec: + schedule: "{{ $cronJob.schedule }}" + jobTemplate: + spec: + template: + metadata: + {{- with $cronJob.podAnnotations }} + annotations: + {{- toYaml . | nindent 12 }} + {{- end }} + labels: + {{- include "wandb-base.labels" $ | nindent 12 }} + {{- with $cronJob.podLabels }} + {{- toYaml . | nindent 12 }} + {{- end }} + spec: + {{- with $.Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 12 }} + {{- end }} + serviceAccountName: {{ include "wandb-base.serviceAccountName" $ }} + securityContext: + {{- toYaml $.Values.podSecurityContext | nindent 12 }} + {{- if $cronJob.initContainers }} + initContainers: + {{- include "wandb-base.containers" (dict "containers" $cronJob.initContainers "root" $) | nindent 12 }} + {{- end }} + containers: + {{- include "wandb-base.containers" (dict "containers" $cronJob.containers "root" $) | nindent 12 }} + restartPolicy: Never + {{/* TODO: enable this as needed + volumes: + {{- tpl (toYaml . | nindent 12) $ }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 12 }} + {{- end }} + */}} +--- +{{- end }} \ No newline at end of file diff --git a/charts/wandb-base/templates/deployment.yaml b/charts/wandb-base/templates/deployment.yaml index 40d140ec..4c2a5de0 100644 --- a/charts/wandb-base/templates/deployment.yaml +++ b/charts/wandb-base/templates/deployment.yaml @@ -33,10 +33,10 @@ spec: {{- toYaml .Values.podSecurityContext | nindent 8 }} {{- if .Values.initContainers }} initContainers: - {{- include "wandb-base.initContainers" . | nindent 8 }} + {{- include "wandb-base.containers" (dict "containers" .Values.initContainers "root" .) | nindent 8 }} {{- end }} containers: - {{- include "wandb-base.containers" . | nindent 8 }} + {{- include "wandb-base.containers" (dict "containers" .Values.containers "root" .) | nindent 8 }} {{- with .Values.volumes }} volumes: {{- tpl (toYaml . | nindent 8) $ }} @@ -53,4 +53,4 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} - {{- end }} \ No newline at end of file + {{- end }} diff --git a/charts/wandb-base/templates/job.yaml b/charts/wandb-base/templates/job.yaml new file mode 100644 index 00000000..14227219 --- /dev/null +++ b/charts/wandb-base/templates/job.yaml @@ -0,0 +1,60 @@ +{{- range $jobName, $job := .Values.jobs }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ printf "%s-%s" $.Release.Name $jobName }} + labels: + {{- include "wandb-base.labels" $ | nindent 4 }} + {{- with $job.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- with $job.ttlSecondsAfterFinished }} + ttlSecondsAfterFinished: {{ . }} + {{- end }} + template: + metadata: + {{- with $job.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "wandb-base.labels" $ | nindent 8 }} + {{- with $job.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with $.Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "wandb-base.serviceAccountName" $ }} + securityContext: + {{- toYaml $.Values.podSecurityContext | nindent 8 }} + {{- if $job.initContainers }} + initContainers: + {{- include "wandb-base.containers" (dict "containers" $job.initContainers "root" $) | nindent 8 }} + {{- end }} + containers: + {{- include "wandb-base.containers" (dict "containers" $job.containers "root" $) | nindent 8 }} + restartPolicy: Never +{{/* TODO: enable this as needed + volumes: + {{- tpl (toYaml . | nindent 8) $ }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} +*/}} +--- +{{- end }} diff --git a/charts/wandb-base/templates/role.yaml b/charts/wandb-base/templates/role.yaml new file mode 100644 index 00000000..69d5e906 --- /dev/null +++ b/charts/wandb-base/templates/role.yaml @@ -0,0 +1,12 @@ +{{- if .Values.role.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "wandb-base.fullname" .}} + labels: + {{- include "wandb-base.labels" . | nindent 4 }} +rules: + {{- with .Values.role.rules }} + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/wandb-base/templates/rolebinding.yaml b/charts/wandb-base/templates/rolebinding.yaml new file mode 100644 index 00000000..747fdb44 --- /dev/null +++ b/charts/wandb-base/templates/rolebinding.yaml @@ -0,0 +1,16 @@ +{{- if .Values.role.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "wandb-base.fullname" . }} + labels: + {{- include "wandb-base.labels" . | nindent 4 }} +subjects: + - kind: ServiceAccount + name: {{ include "wandb-base.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: Role + name: {{ include "wandb-base.fullname" . }} + apiGroup: rbac.authorization.k8s.io +{{- end }} diff --git a/charts/wandb-base/templates/serviceaccount.yaml b/charts/wandb-base/templates/serviceaccount.yaml index 24c8467e..ea4cf196 100644 --- a/charts/wandb-base/templates/serviceaccount.yaml +++ b/charts/wandb-base/templates/serviceaccount.yaml @@ -5,9 +5,9 @@ metadata: name: {{ include "wandb-base.serviceAccountName" . }} labels: {{- include "wandb-base.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} annotations: - {{- toYaml . | nindent 4 }} - {{- end }} + {{- with .Values.serviceAccount.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} automountServiceAccountToken: {{ .Values.serviceAccount.automount }} {{- end }} diff --git a/charts/wandb-base/templates/statefulset.yaml b/charts/wandb-base/templates/statefulset.yaml index 475083e3..a5f9d694 100644 --- a/charts/wandb-base/templates/statefulset.yaml +++ b/charts/wandb-base/templates/statefulset.yaml @@ -31,34 +31,12 @@ spec: serviceAccountName: {{ include "wandb-base.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} + {{- if .Values.initContainers }} + initContainers: + {{- include "wandb-base.containers" (dict "containers" .Values.initContainers "root" .) | nindent 8 }} + {{- end }} containers: - - name: {{ .Chart.Name }} - {{ with .Values.envFrom }} - envFrom: - {{- toYaml . | nindent 12 }} - {{- end }} - {{ with .Values.env }} - env: - {{- toYaml . | nindent 12 }} - {{- end }} - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - ports: - - name: http - containerPort: {{ .Values.service.port }} - protocol: TCP - livenessProbe: - {{- toYaml .Values.livenessProbe | nindent 12 }} - readinessProbe: - {{- toYaml .Values.readinessProbe | nindent 12 }} - resources: - {{- toYaml .Values.resources | nindent 12 }} - {{- with .Values.volumeMounts }} - volumeMounts: - {{- toYaml . | nindent 12 }} - {{- end }} + {{- include "wandb-base.containers" (dict "containers" .Values.containers "root" .) | nindent 8 }} {{- with .Values.volumes }} volumes: {{- toYaml . | nindent 8 }} diff --git a/charts/wandb-base/values.yaml b/charts/wandb-base/values.yaml index cf0a7066..4adf0491 100644 --- a/charts/wandb-base/values.yaml +++ b/charts/wandb-base/values.yaml @@ -27,6 +27,10 @@ serviceAccount: annotations: {} name: "" +role: + create: false + rules: [] + podAnnotations: {} podLabels: {} @@ -47,40 +51,115 @@ securityContext: readOnlyRootFilesystem: false privileged: false -initContainers: [] - -containers: - - name: nginx - command: [] - args: [] - env: {} - envFrom: {} - securityContext: {} - image: {} - ports: - - containerPort: 80 - name: http - livenessProbe: - httpGet: - path: / - port: http - readinessProbe: - httpGet: - path: / - port: http - startupProbe: - httpGet: - path: / - port: http - lifecycle: {} - resources: - limits: - cpu: 100m - memory: 128Mi - requests: - cpu: 100m - memory: 128Mi - volumeMounts: [] +initContainers: {} + +containers: {} +# nginx: +# command: [] +# args: [] +# env: {} +# envFrom: {} +# securityContext: {} +# image: {} +# ports: +# - containerPort: 80 +# name: http +# livenessProbe: +# httpGet: +# path: / +# port: http +# readinessProbe: +# httpGet: +# path: / +# port: http +# startupProbe: +# httpGet: +# path: / +# port: http +# lifecycle: {} +# resources: +# limits: +# cpu: 100m +# memory: 128Mi +# requests: +# cpu: 100m +# memory: 128Mi +# volumeMounts: [] + +jobs: {} +# example: +# ttlSecondsAfterFinished: 100 +# annotations: +# "helm.sh/hook": post-install +# containers: +# nginx: +# command: [ ] +# args: [ ] +# env: { } +# envFrom: { } +# securityContext: { } +# image: { } +# ports: +# - containerPort: 80 +# name: http +# livenessProbe: +# httpGet: +# path: / +# port: http +# readinessProbe: +# httpGet: +# path: / +# port: http +# startupProbe: +# httpGet: +# path: / +# port: http +# lifecycle: { } +# resources: +# limits: +# cpu: 100m +# memory: 128Mi +# requests: +# cpu: 100m +# memory: 128Mi +# volumeMounts: [ ] + +cronJobs: {} +# example: +# schedule: "*/5 * * * *" +# annotations: { } +# containers: +# nginx: +# command: [ ] +# args: [ ] +# env: { } +# envFrom: { } +# securityContext: { } +# image: { } +# ports: +# - containerPort: 80 +# name: http +# livenessProbe: +# httpGet: +# path: / +# port: http +# readinessProbe: +# httpGet: +# path: / +# port: http +# startupProbe: +# httpGet: +# path: / +# port: http +# lifecycle: { } +# resources: +# limits: +# cpu: 100m +# memory: 128Mi +# requests: +# cpu: 100m +# memory: 128Mi +# volumeMounts: [ ] # This is for setting up a service more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/ service: