From 06cf5eabb76c200e8d07c86a5ff382381f8ca3c4 Mon Sep 17 00:00:00 2001 From: Daniel Panzella Date: Thu, 26 Dec 2024 11:44:31 -0800 Subject: [PATCH 01/44] feat: Add Jobs and CronJobs support, refactor container templating --- charts/wandb-base/templates/_containers.tpl | 36 +++++-------- charts/wandb-base/templates/cronjob | 56 +++++++++++++++++++ charts/wandb-base/templates/deployment.yaml | 4 +- charts/wandb-base/templates/job.yaml | 57 ++++++++++++++++++++ charts/wandb-base/templates/statefulset.yaml | 32 ++--------- 5 files changed, 134 insertions(+), 51 deletions(-) create mode 100644 charts/wandb-base/templates/cronjob create mode 100644 charts/wandb-base/templates/job.yaml diff --git a/charts/wandb-base/templates/_containers.tpl b/charts/wandb-base/templates/_containers.tpl index 308e2f57..ac7545fb 100644 --- a/charts/wandb-base/templates/_containers.tpl +++ b/charts/wandb-base/templates/_containers.tpl @@ -1,30 +1,22 @@ +{{/* + wandb-base.containers should be passed a dict with key `containers` containing the map of containers and a key `root` + containing the . from the calling context + */}} {{- define "wandb-base.containers" }} -{{- range .Values.containers}} +{{- range $containerName, $containerSource := .containers}} {{- $container := dict }} -{{- $_ := deepCopy . | merge $container }} -{{- $_ = set $container "securityContext" (coalesce $container.securityContext $.Values.securityContext) }} -{{- $_ = set $container "image" (coalesce $container.image $.Values.image) }} -{{- $_ = set $container "envFrom" (merge (default (dict) ($container.envFrom)) (default (dict) ($.Values.envFrom))) }} -{{- $_ = set $container "env" (merge (default (dict) ($container.env)) (default (dict) ($.Values.env))) }} -{{- $_ = set $container "root" $ }} -{{- include "wandb-base.container" $container }} +{{- $_ := deepCopy $containerSource | merge $container }} +{{- $_ = set $container "name" $containerName }} +{{- $_ = set $container "securityContext" (coalesce $container.securityContext $.root.Values.securityContext) }} +{{- $_ = set $container "image" (coalesce $container.image $.root.Values.image) }} +{{- $_ = set $container "envFrom" (merge (default (dict) ($container.envFrom)) (default (dict) ($.root.Values.envFrom))) }} +{{- $_ = set $container "env" (merge (default (dict) ($container.env)) (default (dict) ($.root.Values.env))) }} +{{- $_ = set $container "root" $.root }} +{{- include "wandb-base.container" $container -}} {{- end }} {{- end }} -{{- define "wandb-base.initContainers" }} -{{- range .Values.initContainers}} -{{- $container := dict }} -{{- $_ := deepCopy . | merge $container }} -{{- $_ = set $container "securityContext" (coalesce $container.securityContext $.Values.securityContext) }} -{{- $_ = set $container "image" (coalesce $container.image $.Values.image) }} -{{- $_ = set $container "envFrom" (merge (default (dict) ($container.envFrom)) (default (dict) ($.Values.envFrom))) }} -{{- $_ = set $container "env" (merge (default (dict) ($container.env)) (default (dict) ($.Values.env))) }} -{{- $_ = set $container "root" $ }} -{{- include "wandb-base.container" $container }} -{{- end }} -{{- end }} - -{{- define "wandb-base.container" }} +{{- define "wandb-base.container" -}} - name: {{ .name }} {{- if .command }} command: diff --git a/charts/wandb-base/templates/cronjob b/charts/wandb-base/templates/cronjob new file mode 100644 index 00000000..7275a0cf --- /dev/null +++ b/charts/wandb-base/templates/cronjob @@ -0,0 +1,56 @@ +{{- range $cronJobName, $cronJob := .Values.cronJobs }} +apiVersion: batch/v1 +kind: CronJob +metadata: + name: {{ printf "%s-%s" .Release.Name $cronJobName }} + labels: + {{- include "wandb-base.labels" . | nindent 4 }} +spec: + schedule: "{{ $cronJob.schedule }}" + jobTemplate: + spec: + template: + metadata: + {{- with $cronJob.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "wandb-base.labels" . | nindent 8 }} + {{- with $cronJob.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with $.Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "wandb-base.serviceAccountName" . }} + securityContext: + {{- toYaml $.Values.podSecurityContext | nindent 8 }} + {{- if $cronJob.initContainers }} + initContainers: + {{- include "wandb-base.containers" (dict "containers" $cronJob.initContainers "root" $) | nindent 8 }} + {{- end }} + containers: + {{- include "wandb-base.containers" (dict "containers" $cronJob.containers "root" $) | nindent 8 }} + restartPolicy: Never + {{/* TODO: enable this as needed + volumes: + {{- tpl (toYaml . | nindent 8) $ }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + */}} +--- +{{- end }} \ No newline at end of file diff --git a/charts/wandb-base/templates/deployment.yaml b/charts/wandb-base/templates/deployment.yaml index 40d140ec..073893e5 100644 --- a/charts/wandb-base/templates/deployment.yaml +++ b/charts/wandb-base/templates/deployment.yaml @@ -33,10 +33,10 @@ spec: {{- toYaml .Values.podSecurityContext | nindent 8 }} {{- if .Values.initContainers }} initContainers: - {{- include "wandb-base.initContainers" . | nindent 8 }} + {{- include "wandb-base.containers" (dict "containers" .Values.initContainers "root" .) | nindent 8 }} {{- end }} containers: - {{- include "wandb-base.containers" . | nindent 8 }} + {{- include "wandb-base.containers" (dict "containers" .Values.containers "root" .) | nindent 8 }} {{- with .Values.volumes }} volumes: {{- tpl (toYaml . | nindent 8) $ }} diff --git a/charts/wandb-base/templates/job.yaml b/charts/wandb-base/templates/job.yaml new file mode 100644 index 00000000..8f7d4cdb --- /dev/null +++ b/charts/wandb-base/templates/job.yaml @@ -0,0 +1,57 @@ +{{- range $jobName, $job := .Values.jobs }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ printf "%s-%s" $.Release.Name $jobName }} + labels: + {{- include "wandb-base.labels" $ | nindent 4 }} + {{- with $job.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + template: + metadata: + {{- with $job.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "wandb-base.labels" $ | nindent 8 }} + {{- with $job.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with $.Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "wandb-base.serviceAccountName" $ }} + securityContext: + {{- toYaml $.Values.podSecurityContext | nindent 8 }} + {{- if $job.initContainers }} + initContainers: + {{- include "wandb-base.containers" (dict "containers" $job.initContainers "root" $) | nindent 8 }} + {{- end }} + containers: + {{- include "wandb-base.containers" (dict "containers" $job.containers "root" $) | nindent 8 }} + restartPolicy: Never +{{/* TODO: enable this as needed + volumes: + {{- tpl (toYaml . | nindent 8) $ }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} +*/}} +--- +{{- end }} \ No newline at end of file diff --git a/charts/wandb-base/templates/statefulset.yaml b/charts/wandb-base/templates/statefulset.yaml index 475083e3..a5f9d694 100644 --- a/charts/wandb-base/templates/statefulset.yaml +++ b/charts/wandb-base/templates/statefulset.yaml @@ -31,34 +31,12 @@ spec: serviceAccountName: {{ include "wandb-base.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} + {{- if .Values.initContainers }} + initContainers: + {{- include "wandb-base.containers" (dict "containers" .Values.initContainers "root" .) | nindent 8 }} + {{- end }} containers: - - name: {{ .Chart.Name }} - {{ with .Values.envFrom }} - envFrom: - {{- toYaml . | nindent 12 }} - {{- end }} - {{ with .Values.env }} - env: - {{- toYaml . | nindent 12 }} - {{- end }} - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - ports: - - name: http - containerPort: {{ .Values.service.port }} - protocol: TCP - livenessProbe: - {{- toYaml .Values.livenessProbe | nindent 12 }} - readinessProbe: - {{- toYaml .Values.readinessProbe | nindent 12 }} - resources: - {{- toYaml .Values.resources | nindent 12 }} - {{- with .Values.volumeMounts }} - volumeMounts: - {{- toYaml . | nindent 12 }} - {{- end }} + {{- include "wandb-base.containers" (dict "containers" .Values.containers "root" .) | nindent 8 }} {{- with .Values.volumes }} volumes: {{- toYaml . | nindent 8 }} From 08d5e837a3e14fb2ee6238419197cbe60a184bc1 Mon Sep 17 00:00:00 2001 From: Daniel Panzella Date: Thu, 26 Dec 2024 11:50:24 -0800 Subject: [PATCH 02/44] fix: fix CronJob and add example values --- charts/wandb-base/templates/cronjob | 28 +++++------ charts/wandb-base/values.yaml | 76 ++++++++++++++++++++++++++++- 2 files changed, 89 insertions(+), 15 deletions(-) diff --git a/charts/wandb-base/templates/cronjob b/charts/wandb-base/templates/cronjob index 7275a0cf..00e2ce2e 100644 --- a/charts/wandb-base/templates/cronjob +++ b/charts/wandb-base/templates/cronjob @@ -2,9 +2,9 @@ apiVersion: batch/v1 kind: CronJob metadata: - name: {{ printf "%s-%s" .Release.Name $cronJobName }} + name: {{ printf "%s-%s" $.Release.Name $cronJobName }} labels: - {{- include "wandb-base.labels" . | nindent 4 }} + {{- include "wandb-base.labels" $ | nindent 4 }} spec: schedule: "{{ $cronJob.schedule }}" jobTemplate: @@ -13,43 +13,43 @@ spec: metadata: {{- with $cronJob.podAnnotations }} annotations: - {{- toYaml . | nindent 8 }} + {{- toYaml . | nindent 12 }} {{- end }} labels: - {{- include "wandb-base.labels" . | nindent 8 }} + {{- include "wandb-base.labels" $ | nindent 12 }} {{- with $cronJob.podLabels }} - {{- toYaml . | nindent 8 }} + {{- toYaml . | nindent 12 }} {{- end }} spec: {{- with $.Values.imagePullSecrets }} imagePullSecrets: - {{- toYaml . | nindent 8 }} + {{- toYaml . | nindent 12 }} {{- end }} - serviceAccountName: {{ include "wandb-base.serviceAccountName" . }} + serviceAccountName: {{ include "wandb-base.serviceAccountName" $ }} securityContext: - {{- toYaml $.Values.podSecurityContext | nindent 8 }} + {{- toYaml $.Values.podSecurityContext | nindent 12 }} {{- if $cronJob.initContainers }} initContainers: - {{- include "wandb-base.containers" (dict "containers" $cronJob.initContainers "root" $) | nindent 8 }} + {{- include "wandb-base.containers" (dict "containers" $cronJob.initContainers "root" $) | nindent 12 }} {{- end }} containers: - {{- include "wandb-base.containers" (dict "containers" $cronJob.containers "root" $) | nindent 8 }} + {{- include "wandb-base.containers" (dict "containers" $cronJob.containers "root" $) | nindent 12 }} restartPolicy: Never {{/* TODO: enable this as needed volumes: - {{- tpl (toYaml . | nindent 8) $ }} + {{- tpl (toYaml . | nindent 12) $ }} {{- end }} {{- with .Values.nodeSelector }} nodeSelector: - {{- toYaml . | nindent 8 }} + {{- toYaml . | nindent 12 }} {{- end }} {{- with .Values.affinity }} affinity: - {{- toYaml . | nindent 8 }} + {{- toYaml . | nindent 12 }} {{- end }} {{- with .Values.tolerations }} tolerations: - {{- toYaml . | nindent 8 }} + {{- toYaml . | nindent 12 }} {{- end }} */}} --- diff --git a/charts/wandb-base/values.yaml b/charts/wandb-base/values.yaml index cf0a7066..c3ab213d 100644 --- a/charts/wandb-base/values.yaml +++ b/charts/wandb-base/values.yaml @@ -50,7 +50,7 @@ securityContext: initContainers: [] containers: - - name: nginx + nginx: command: [] args: [] env: {} @@ -82,6 +82,80 @@ containers: memory: 128Mi volumeMounts: [] +jobs: {} +# example: +# annotations: +# "helm.sh/hook": post-install +# containers: +# nginx: +# command: [ ] +# args: [ ] +# env: { } +# envFrom: { } +# securityContext: { } +# image: { } +# ports: +# - containerPort: 80 +# name: http +# livenessProbe: +# httpGet: +# path: / +# port: http +# readinessProbe: +# httpGet: +# path: / +# port: http +# startupProbe: +# httpGet: +# path: / +# port: http +# lifecycle: { } +# resources: +# limits: +# cpu: 100m +# memory: 128Mi +# requests: +# cpu: 100m +# memory: 128Mi +# volumeMounts: [ ] + +cronJobs: {} +# example: +# schedule: "*/5 * * * *" +# annotations: { } +# containers: +# nginx: +# command: [ ] +# args: [ ] +# env: { } +# envFrom: { } +# securityContext: { } +# image: { } +# ports: +# - containerPort: 80 +# name: http +# livenessProbe: +# httpGet: +# path: / +# port: http +# readinessProbe: +# httpGet: +# path: / +# port: http +# startupProbe: +# httpGet: +# path: / +# port: http +# lifecycle: { } +# resources: +# limits: +# cpu: 100m +# memory: 128Mi +# requests: +# cpu: 100m +# memory: 128Mi +# volumeMounts: [ ] + # This is for setting up a service more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/ service: enabled: true From 94b30b534dda97de5fb068d15be5e1b0d015e40f Mon Sep 17 00:00:00 2001 From: Daniel Panzella Date: Thu, 26 Dec 2024 11:51:56 -0800 Subject: [PATCH 03/44] fix: bump chart version --- charts/wandb-base/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/wandb-base/Chart.yaml b/charts/wandb-base/Chart.yaml index 7d791b5b..6b94c6c4 100644 --- a/charts/wandb-base/Chart.yaml +++ b/charts/wandb-base/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: wandb-base description: A generic helm chart for deploying services to kubernetes type: application -version: 0.1.1 +version: 0.2.0 icon: https://wandb.ai/logo.svg maintainers: From e1c928f97e093604f3bf49041777bb39c5b46a6c Mon Sep 17 00:00:00 2001 From: Daniel Panzella Date: Thu, 26 Dec 2024 13:31:25 -0800 Subject: [PATCH 04/44] fix: multiple containers and default values --- charts/operator-wandb/Chart.lock | 6 +- charts/operator-wandb/values.yaml | 2 +- charts/wandb-base/templates/_containers.tpl | 18 +++--- charts/wandb-base/values.yaml | 64 ++++++++++----------- 4 files changed, 45 insertions(+), 45 deletions(-) diff --git a/charts/operator-wandb/Chart.lock b/charts/operator-wandb/Chart.lock index b2941e87..eb0985d9 100644 --- a/charts/operator-wandb/Chart.lock +++ b/charts/operator-wandb/Chart.lock @@ -55,6 +55,6 @@ dependencies: version: 0.1.0 - name: wandb-base repository: file://../wandb-base - version: 0.1.1 -digest: sha256:3c02029e1921428d7f45866291a8c42b79894505ee47864c54f34fcd847b2793 -generated: "2024-12-19T11:00:55.672581+05:30" + version: 0.2.0 +digest: sha256:4a8dbdef20db07f9ed7e39f3353aa265a310b025637b15e19d3f149f601894e0 +generated: "2024-12-26T13:14:12.979282-08:00" diff --git a/charts/operator-wandb/values.yaml b/charts/operator-wandb/values.yaml index bffd0908..39d96f4d 100644 --- a/charts/operator-wandb/values.yaml +++ b/charts/operator-wandb/values.yaml @@ -496,7 +496,7 @@ glue: "{{ .Release.Name }}-glue-secret": "secretRef" "{{ .Release.Name }}-glue-configmap": "configMapRef" containers: - - name: glue + glue: args: ["glue"] env: {} envFrom: {} diff --git a/charts/wandb-base/templates/_containers.tpl b/charts/wandb-base/templates/_containers.tpl index ac7545fb..adab8a42 100644 --- a/charts/wandb-base/templates/_containers.tpl +++ b/charts/wandb-base/templates/_containers.tpl @@ -2,8 +2,8 @@ wandb-base.containers should be passed a dict with key `containers` containing the map of containers and a key `root` containing the . from the calling context */}} -{{- define "wandb-base.containers" }} -{{- range $containerName, $containerSource := .containers}} +{{- define "wandb-base.containers" -}} +{{- range $containerName, $containerSource := .containers -}} {{- $container := dict }} {{- $_ := deepCopy $containerSource | merge $container }} {{- $_ = set $container "name" $containerName }} @@ -16,7 +16,7 @@ {{- end }} {{- end }} -{{- define "wandb-base.container" -}} +{{- define "wandb-base.container" }} - name: {{ .name }} {{- if .command }} command: @@ -70,19 +70,19 @@ {{- end }} {{- end }} -{{- define "wandb-base.env" }} -{{- range $key, $value := .env }} +{{- define "wandb-base.env" -}} +{{- range $key, $value := .env -}} {{- if kindIs "string" $value }} - name: {{ $key }} value: {{ $value | quote }} {{- else }} - name: {{ $key }} {{- toYaml $value | nindent 2 }} -{{- end }} -{{- end }} -{{- end }} +{{- end -}} +{{- end -}} +{{- end -}} -{{- define "wandb-base.envFrom" }} +{{- define "wandb-base.envFrom" -}} {{- range $key, $value := .envFrom }} - {{ $value }}: name: {{ $key }} diff --git a/charts/wandb-base/values.yaml b/charts/wandb-base/values.yaml index c3ab213d..ee646270 100644 --- a/charts/wandb-base/values.yaml +++ b/charts/wandb-base/values.yaml @@ -49,38 +49,38 @@ securityContext: initContainers: [] -containers: - nginx: - command: [] - args: [] - env: {} - envFrom: {} - securityContext: {} - image: {} - ports: - - containerPort: 80 - name: http - livenessProbe: - httpGet: - path: / - port: http - readinessProbe: - httpGet: - path: / - port: http - startupProbe: - httpGet: - path: / - port: http - lifecycle: {} - resources: - limits: - cpu: 100m - memory: 128Mi - requests: - cpu: 100m - memory: 128Mi - volumeMounts: [] +containers: {} +# nginx: +# command: [] +# args: [] +# env: {} +# envFrom: {} +# securityContext: {} +# image: {} +# ports: +# - containerPort: 80 +# name: http +# livenessProbe: +# httpGet: +# path: / +# port: http +# readinessProbe: +# httpGet: +# path: / +# port: http +# startupProbe: +# httpGet: +# path: / +# port: http +# lifecycle: {} +# resources: +# limits: +# cpu: 100m +# memory: 128Mi +# requests: +# cpu: 100m +# memory: 128Mi +# volumeMounts: [] jobs: {} # example: From 98c0d8b9cc07c46bde1a4f34f8f5ed5815b88474 Mon Sep 17 00:00:00 2001 From: Zachary Blasczyk Date: Thu, 2 Jan 2025 11:41:50 -0600 Subject: [PATCH 05/44] feat: Init gorilla --- charts/operator-wandb/Chart.lock | 10 +- charts/operator-wandb/Chart.yaml | 10 ++ charts/operator-wandb/templates/_ingress.tpl | 4 +- charts/operator-wandb/values.yaml | 150 ++++++++++++++++++- charts/wandb-base/templates/deployment.yaml | 2 +- charts/wandb-base/values.yaml | 2 +- 6 files changed, 169 insertions(+), 9 deletions(-) diff --git a/charts/operator-wandb/Chart.lock b/charts/operator-wandb/Chart.lock index eb0985d9..6fbe3555 100644 --- a/charts/operator-wandb/Chart.lock +++ b/charts/operator-wandb/Chart.lock @@ -2,6 +2,9 @@ dependencies: - name: app repository: file://charts/app version: 0.1.0 +- name: wandb-base + repository: file://../wandb-base + version: 0.2.0 - name: console repository: file://charts/console version: 0.1.0 @@ -56,5 +59,8 @@ dependencies: - name: wandb-base repository: file://../wandb-base version: 0.2.0 -digest: sha256:4a8dbdef20db07f9ed7e39f3353aa265a310b025637b15e19d3f149f601894e0 -generated: "2024-12-26T13:14:12.979282-08:00" +- name: wandb-base + repository: file://../wandb-base + version: 0.2.0 +digest: sha256:133b53d0cdb90e6e9ee14d6c063ee68cffdd79981af0b86b7495f62ddfebcdd9 +generated: "2025-01-02T11:17:04.44613-06:00" diff --git a/charts/operator-wandb/Chart.yaml b/charts/operator-wandb/Chart.yaml index 48a0dcc0..e21c89dc 100644 --- a/charts/operator-wandb/Chart.yaml +++ b/charts/operator-wandb/Chart.yaml @@ -16,6 +16,11 @@ dependencies: version: "*.*.*" repository: file://charts/app condition: app.install + - name: wandb-base + alias: api + condition: api.install + repository: file://../wandb-base + version: "*.*.*" - name: console version: "*.*.*" repository: file://charts/console @@ -89,3 +94,8 @@ dependencies: condition: global.beta.glue.enabled repository: file://../wandb-base version: "*.*.*" + - name: wandb-base + alias: settings-migration-hook + condition: settings-migration-hook.install + repository: file://../wandb-base + version: "*.*.*" diff --git a/charts/operator-wandb/templates/_ingress.tpl b/charts/operator-wandb/templates/_ingress.tpl index e2cd6d52..21022ff5 100644 --- a/charts/operator-wandb/templates/_ingress.tpl +++ b/charts/operator-wandb/templates/_ingress.tpl @@ -50,7 +50,7 @@ It expects a dictionary with two entries: port: number: 8082 {{- else }} - name: {{ $.Release.Name }}-app + name: {{ $.Release.Name }}-frontend port: number: 8080 {{- end }} @@ -61,4 +61,4 @@ It expects a dictionary with two entries: name: {{ $.Release.Name }}-console port: number: 8082 -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/operator-wandb/values.yaml b/charts/operator-wandb/values.yaml index 39d96f4d..7b1776a6 100644 --- a/charts/operator-wandb/values.yaml +++ b/charts/operator-wandb/values.yaml @@ -142,9 +142,9 @@ global: # the kafka dependency chart. user: &kafkaUser "wandb" password: &kafkaPassword "wandb" -## The secret can be created using the following command: -## "kubectl create secret generic SECRET_NAME --from-literal=client-passwords=CLIENT_PASSWORD1 --from-literal=inter-broker-password=INTER_BROKER_PASSWORD --from-literal=controller-password=CONTROLLER_PASSWORD" -## Replace SECRET_NAME, CLIENT_PASSWORD1, INTER_BROKER_PASSWORD, and CONTROLLER_PASSWORD with appropriate values. + ## The secret can be created using the following command: + ## "kubectl create secret generic SECRET_NAME --from-literal=client-passwords=CLIENT_PASSWORD1 --from-literal=inter-broker-password=INTER_BROKER_PASSWORD --from-literal=controller-password=CONTROLLER_PASSWORD" + ## Replace SECRET_NAME, CLIENT_PASSWORD1, INTER_BROKER_PASSWORD, and CONTROLLER_PASSWORD with appropriate values. passwordSecret: name: &kafkaSecretName "" # This (client-passwords) should match the key name used in the secret @@ -546,3 +546,147 @@ glue: - key: REDIS_CA_CERT path: redis_ca.pem optional: true + +api: + # install: false + service: + enabled: true + env: + GORILLA_LICENSE_CERT_PATH: + value: "/jwks.json" + REDIS: + value: '{{ include "wandb.redis" . | trim }}' + GORILLA_AUDITOR_CACHE: + value: '{{ include "wandb.redis" . | trim }}' + GORILLA_SETTINGS_CACHE: + value: '{{ include "wandb.redis" . | trim }}' + GORILLA_LOCKER: + value: '{{ include "wandb.redis" . | trim }}' + GORILLA_ACTIVITY_STORE_CACHE_ADDRESS: + value: '{{ include "wandb.redis" . | trim }}' + GORILLA_CACHE: + value: '{{ include "wandb.redis" . | trim }}' + GORILLA_FILE_METADATA_SOURCE: + value: '{{ include "wandb.redis" . | trim }}' + GORILLA_GLUE_TASK_STRATEGY_STORE: + value: '{{ include "wandb.mysql" . | trim }}' + GORILLA_GLUE_TASK_METADATA_STORE: + value: '{{ include "wandb.mysql" . | trim }}' + GORILLA_USAGE_STORE: + value: '{{ include "wandb.mysql" . | trim }}' + GORILLA_METADATA_STORE: + value: '{{ include "wandb.mysql" . | trim }}' + GORILLA_PARQUET_LIVE_HISTORY_STORE: + value: '{{ include "wandb.mysql" . | trim }}' + GORILLA_ANALYTICS_SINK: + value: '{{ include "wandb.mysql" . | trim }}' + GORILLA_CASBIN_ADDRESS: + value: '{{ include "wandb.mysql" . | trim }}' + GORILLA_RUN_STORE: + value: '{{ include "wandb.mysql" . | trim }}' + GORILLA_FILE_STREAM_STORE_ADDRESS: + value: '{{ include "wandb.mysql" . | trim }}' + GORILLA_HISTORY_STORE: + value: 'http://{{ .Release.Name }}-parquet:8087/_goRPC_,{{ include "wandb.mysql" . | trim }}' + envFrom: + "wandb-mysql": "secretRef" + "{{ .Release.Name }}-bucket-configmap": "configMapRef" + "{{ .Release.Name }}-mysql-configmap": "configMapRef" + "{{ .Release.Name }}-redis-secret": "secretRef" + "{{ .Release.Name }}-redis-configmap": "configMapRef" + "{{ .Release.Name }}-global-secret": "secretRef" + "{{ .Release.Name }}-gorilla-secret": "secretRef" + "{{ .Release.Name }}-gorilla-configmap": "configMapRef" + initContainers: + init-db: + image: + repository: wandb/megabinary + tag: 0.62.2 + env: + MYSQL_HOST: + value: '{{ include "wandb.mysql.host" . }}' + MYSQL_DATABASE: + value: '{{ include "wandb.mysql.database" . }}' + MYSQL_USER: + value: '{{ include "wandb.mysql.user" . }}' + MYSQL_PASSWORD: + valueFrom: + secretKeyRef: + name: '{{ include "wandb.mysql.passwordSecret" . }}' + key: "{{ .Values.global.mysql.passwordSecret.passwordKey }}" + command: + [ + "bash", + "-c", + 'until mysql -h$MYSQL_HOST -u$MYSQL_USER -p$MYSQL_PASSWORD -D$MYSQL_DATABASE -P$MYSQL_PORT --execute="SELECT 1"; do echo waiting for db; sleep 2; done', + ] + containers: + api: + args: ["gorilla"] + env: {} + envFrom: {} + ports: + - name: http + containerPort: 8080 + protocol: TCP + livenessProbe: + httpGet: + path: /healthz + port: 8080 + initialDelaySeconds: 30 + periodSeconds: 1 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 + resources: + limits: + cpu: "2" + memory: 4Gi + requests: + cpu: "1" + memory: 1Gi + volumeMounts: + - name: wandb-ca-certs + mountPath: /usr/local/share/ca-certificates/inline + - name: wandb-ca-certs-user + mountPath: /usr/local/share/ca-certificates/configmap + - name: redis-ca + mountPath: /etc/ssl/certs/redis_ca.pem + subPath: redis_ca.pem + image: + repository: wandb/megabinary + tag: 0.62.2 + volumes: + - name: wandb-ca-certs + configMap: + name: "{{ .Release.Name }}-ca-certs" + - name: wandb-ca-certs-user + configMap: + name: '{{ .Values.global.caCertsConfigMap | default "noCertProvided" }}' + optional: true + - name: redis-ca + secret: + secretName: "{{ .Release.Name }}-redis-secret" + items: + - key: REDIS_CA_CERT + path: redis_ca.pem + optional: true + +settings-migration-hook: + install: true + service: + enabled: false + kind: Job + jobs: + smh: + annotations: + "helm.sh/hook": pre-install + containers: + smh: + image: + repository: wandb/megabinary + tag: 0.62.2 + env: + SMH_FILESTORE: + value: "{{ .Release.Name }}-bucket" + args: ["settings-migration-hook"] diff --git a/charts/wandb-base/templates/deployment.yaml b/charts/wandb-base/templates/deployment.yaml index 073893e5..4c2a5de0 100644 --- a/charts/wandb-base/templates/deployment.yaml +++ b/charts/wandb-base/templates/deployment.yaml @@ -53,4 +53,4 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} - {{- end }} \ No newline at end of file + {{- end }} diff --git a/charts/wandb-base/values.yaml b/charts/wandb-base/values.yaml index ee646270..71279392 100644 --- a/charts/wandb-base/values.yaml +++ b/charts/wandb-base/values.yaml @@ -47,7 +47,7 @@ securityContext: readOnlyRootFilesystem: false privileged: false -initContainers: [] +initContainers: {} containers: {} # nginx: From c7d059c92495b6e8cb3236b655c97538362b679b Mon Sep 17 00:00:00 2001 From: Zachary Blasczyk Date: Mon, 6 Jan 2025 11:46:59 -0600 Subject: [PATCH 06/44] init api, ingress changes, and disable gorilla in the app pod --- charts/operator-wandb/Chart.yaml | 2 +- .../charts/app/templates/deployment.yaml | 2 + charts/operator-wandb/templates/_ingress.tpl | 16 +++++ charts/operator-wandb/values.yaml | 69 +++++++++++++++++++ 4 files changed, 88 insertions(+), 1 deletion(-) diff --git a/charts/operator-wandb/Chart.yaml b/charts/operator-wandb/Chart.yaml index e21c89dc..af6ca15a 100644 --- a/charts/operator-wandb/Chart.yaml +++ b/charts/operator-wandb/Chart.yaml @@ -18,7 +18,7 @@ dependencies: condition: app.install - name: wandb-base alias: api - condition: api.install + condition: global.beta.api.enabled repository: file://../wandb-base version: "*.*.*" - name: console diff --git a/charts/operator-wandb/charts/app/templates/deployment.yaml b/charts/operator-wandb/charts/app/templates/deployment.yaml index e298b6d8..2571289a 100644 --- a/charts/operator-wandb/charts/app/templates/deployment.yaml +++ b/charts/operator-wandb/charts/app/templates/deployment.yaml @@ -108,6 +108,8 @@ spec: resource: limits.memory - name: GLUE_ENABLED value: "{{ not .Values.global.beta.glue.enabled }}" + - name: GORILLA_ENABLED + value: "{{ not .Values.global.beta.api.enabled }}" - name: BUCKET_ACCESS_KEY valueFrom: secretKeyRef: diff --git a/charts/operator-wandb/templates/_ingress.tpl b/charts/operator-wandb/templates/_ingress.tpl index 21022ff5..7e34ac36 100644 --- a/charts/operator-wandb/templates/_ingress.tpl +++ b/charts/operator-wandb/templates/_ingress.tpl @@ -54,6 +54,22 @@ It expects a dictionary with two entries: port: number: 8080 {{- end }} +{{- if .Values.beta.api.enabled }} +- pathType: Prefix + path: /api + backend: + service: + name: {{ $.Release.Name }}-api + port: + number: 8080 +- pathType: Prefix + path: /graphql + backend: + service: + name: {{ $.Release.Name }}-api + port: + number: 8080 +{{- end }} - pathType: Prefix path: /console backend: diff --git a/charts/operator-wandb/values.yaml b/charts/operator-wandb/values.yaml index 7b1776a6..dd0603f6 100644 --- a/charts/operator-wandb/values.yaml +++ b/charts/operator-wandb/values.yaml @@ -176,6 +176,8 @@ global: beta: glue: enabled: false + api: + enabled: false executor: enabled: false @@ -495,6 +497,51 @@ glue: "{{ .Release.Name }}-gorilla-configmap": "configMapRef" "{{ .Release.Name }}-glue-secret": "secretRef" "{{ .Release.Name }}-glue-configmap": "configMapRef" + initContainers: + init-db: + image: + repository: wandb/megabinary + tag: 0.62.2 + env: + MYSQL_HOST: + value: '{{ include "wandb.mysql.host" . }}' + MYSQL_DATABASE: + value: '{{ include "wandb.mysql.database" . }}' + MYSQL_USER: + value: '{{ include "wandb.mysql.user" . }}' + MYSQL_PASSWORD: + valueFrom: + secretKeyRef: + name: '{{ include "wandb.mysql.passwordSecret" . }}' + key: "{{ .Values.global.mysql.passwordSecret.passwordKey }}" + command: + [ + "bash", + "-c", + 'until mysql -h$MYSQL_HOST -u$MYSQL_USER -p$MYSQL_PASSWORD -D$MYSQL_DATABASE -P$MYSQL_PORT --execute="SELECT 1"; do echo waiting for db; sleep 2; done', + ] + migrate-db: + image: + repository: wandb/megabinary + tag: 0.62.2 + env: + MYSQL_HOST: + value: '{{ include "wandb.mysql.host" . }}' + MYSQL_DATABASE: + value: '{{ include "wandb.mysql.database" . }}' + MYSQL_USER: + value: '{{ include "wandb.mysql.user" . }}' + MYSQL_PASSWORD: + valueFrom: + secretKeyRef: + name: '{{ include "wandb.mysql.passwordSecret" . }}' + key: "{{ .Values.global.mysql.passwordSecret.passwordKey }}" + command: + [ + "bash", + "-c", + "megabinary migrate --db=$GORILLA_METADATA_STORE --runs-db=$GORILLA_RUN_STORE; megabinary migrate --db=$GORILLA_METADATA_STORE --usage-db=$GORILLA_USAGE_STORE", + ] containers: glue: args: ["glue"] @@ -620,6 +667,28 @@ api: "-c", 'until mysql -h$MYSQL_HOST -u$MYSQL_USER -p$MYSQL_PASSWORD -D$MYSQL_DATABASE -P$MYSQL_PORT --execute="SELECT 1"; do echo waiting for db; sleep 2; done', ] + migrate-db: + image: + repository: wandb/megabinary + tag: 0.62.2 + env: + MYSQL_HOST: + value: '{{ include "wandb.mysql.host" . }}' + MYSQL_DATABASE: + value: '{{ include "wandb.mysql.database" . }}' + MYSQL_USER: + value: '{{ include "wandb.mysql.user" . }}' + MYSQL_PASSWORD: + valueFrom: + secretKeyRef: + name: '{{ include "wandb.mysql.passwordSecret" . }}' + key: "{{ .Values.global.mysql.passwordSecret.passwordKey }}" + command: + [ + "bash", + "-c", + "megabinary migrate --db=$GORILLA_METADATA_STORE --runs-db=$GORILLA_RUN_STORE; megabinary migrate --db=$GORILLA_METADATA_STORE --usage-db=$GORILLA_USAGE_STORE", + ] containers: api: args: ["gorilla"] From 3db216b692ffb50d148b8495fbab041b2b02b7c0 Mon Sep 17 00:00:00 2001 From: Zachary Blasczyk Date: Mon, 6 Jan 2025 12:07:01 -0600 Subject: [PATCH 07/44] GORILLA_SESSION_KEY init --- charts/operator-wandb/templates/session-key.yaml | 16 ++++++++++++++++ charts/operator-wandb/values.yaml | 3 +++ 2 files changed, 19 insertions(+) create mode 100644 charts/operator-wandb/templates/session-key.yaml diff --git a/charts/operator-wandb/templates/session-key.yaml b/charts/operator-wandb/templates/session-key.yaml new file mode 100644 index 00000000..0ce7955b --- /dev/null +++ b/charts/operator-wandb/templates/session-key.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-gorilla-session-key + annotations: + "helm.sh/resource-policy": keep + labels: + {{- include "wandb.commonLabels" . | nindent 4 }} +stringData: + GORILLA_SESSION_KEY: | + {{- $existingSecret := lookup "v1" "Secret" .Release.Namespace (printf "%s-gorilla-session-key" .Release.Name) }} + {{- if $existingSecret }} + {{- $existingSecret.data.GORILLA_SESSION_KEY | b64dec }} + {{- else }} + {{ randAlphaNum 32 }} + {{- end }} diff --git a/charts/operator-wandb/values.yaml b/charts/operator-wandb/values.yaml index dd0603f6..a8ef3347 100644 --- a/charts/operator-wandb/values.yaml +++ b/charts/operator-wandb/values.yaml @@ -228,6 +228,7 @@ app: tag: latest envFrom: "{{ .Release.Name }}-bucket-configmap": "configMapRef" + "{{ .Release.Name }}-gorilla-session-key": "secretRef" nginx: install: false @@ -497,6 +498,7 @@ glue: "{{ .Release.Name }}-gorilla-configmap": "configMapRef" "{{ .Release.Name }}-glue-secret": "secretRef" "{{ .Release.Name }}-glue-configmap": "configMapRef" + "{{ .Release.Name }}-gorilla-session-key": "secretRef" initContainers: init-db: image: @@ -644,6 +646,7 @@ api: "{{ .Release.Name }}-global-secret": "secretRef" "{{ .Release.Name }}-gorilla-secret": "secretRef" "{{ .Release.Name }}-gorilla-configmap": "configMapRef" + "{{ .Release.Name }}-gorilla-session-key": "secretRef" initContainers: init-db: image: From cd197e6f9951283ad561c371bfffd9355881f34d Mon Sep 17 00:00:00 2001 From: Zachary Blasczyk Date: Mon, 6 Jan 2025 13:01:37 -0600 Subject: [PATCH 08/44] settings migration hook updates --- charts/operator-wandb/Chart.lock | 4 ++-- charts/operator-wandb/Chart.yaml | 2 +- charts/operator-wandb/templates/_ingress.tpl | 4 ++-- .../templates/settings-migration-hook.yaml | 21 +++++++++++++++++++ charts/operator-wandb/values.yaml | 13 +++++++----- 5 files changed, 34 insertions(+), 10 deletions(-) create mode 100644 charts/operator-wandb/templates/settings-migration-hook.yaml diff --git a/charts/operator-wandb/Chart.lock b/charts/operator-wandb/Chart.lock index 6fbe3555..d5cd46d3 100644 --- a/charts/operator-wandb/Chart.lock +++ b/charts/operator-wandb/Chart.lock @@ -62,5 +62,5 @@ dependencies: - name: wandb-base repository: file://../wandb-base version: 0.2.0 -digest: sha256:133b53d0cdb90e6e9ee14d6c063ee68cffdd79981af0b86b7495f62ddfebcdd9 -generated: "2025-01-02T11:17:04.44613-06:00" +digest: sha256:d2e7b83ddf4feb9f267bc2f339a61591acb72a0bdc2bd761a61e56d283439f01 +generated: "2025-01-06T12:07:41.027239-06:00" diff --git a/charts/operator-wandb/Chart.yaml b/charts/operator-wandb/Chart.yaml index af6ca15a..dbbf9e7d 100644 --- a/charts/operator-wandb/Chart.yaml +++ b/charts/operator-wandb/Chart.yaml @@ -96,6 +96,6 @@ dependencies: version: "*.*.*" - name: wandb-base alias: settings-migration-hook - condition: settings-migration-hook.install + condition: settingsMigrationHook.install repository: file://../wandb-base version: "*.*.*" diff --git a/charts/operator-wandb/templates/_ingress.tpl b/charts/operator-wandb/templates/_ingress.tpl index 7e34ac36..4040f263 100644 --- a/charts/operator-wandb/templates/_ingress.tpl +++ b/charts/operator-wandb/templates/_ingress.tpl @@ -50,11 +50,11 @@ It expects a dictionary with two entries: port: number: 8082 {{- else }} - name: {{ $.Release.Name }}-frontend + name: {{ $.Release.Name }}-app port: number: 8080 {{- end }} -{{- if .Values.beta.api.enabled }} +{{- if .Values.global.beta.api.enabled }} - pathType: Prefix path: /api backend: diff --git a/charts/operator-wandb/templates/settings-migration-hook.yaml b/charts/operator-wandb/templates/settings-migration-hook.yaml new file mode 100644 index 00000000..496c7c8b --- /dev/null +++ b/charts/operator-wandb/templates/settings-migration-hook.yaml @@ -0,0 +1,21 @@ +{{- if .Values.settingsMigrationHook.install }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-smh-secret + labels: + {{- include "wandb.commonLabels" . | nindent 4 }} +stringData: + SMH_DEBUG: {{ .Values.global.settingsMigrationHook.debug | quote }} + SMH_DRY_RUN: {{ .Values.global.settingsMigrationHook.dryRun | quote }} + {{- with include "wandb.bucket" . | fromYaml }} + {{- if .path }} + SMH_FILESTORE: "{{ .provider }}:{{ .name }}/{{ .path }}" + {{- else }} + SMH_FILESTORE: "{{ .provider }}:{{ .name }}" + {{- end }} + AWS_REGION: "{{ .region }}" + AWS_S3_KMS_ID: "{{ .kmsKey }}" + {{- end }} +{{- end }} + diff --git a/charts/operator-wandb/values.yaml b/charts/operator-wandb/values.yaml index a8ef3347..65e7de0f 100644 --- a/charts/operator-wandb/values.yaml +++ b/charts/operator-wandb/values.yaml @@ -182,6 +182,10 @@ global: executor: enabled: false + settingsMigrationHook: + debug: false + dryRun: true + ingress: install: true create: true @@ -744,8 +748,8 @@ api: path: redis_ca.pem optional: true -settings-migration-hook: - install: true +settingsMigrationHook: + install: false service: enabled: false kind: Job @@ -758,7 +762,6 @@ settings-migration-hook: image: repository: wandb/megabinary tag: 0.62.2 - env: - SMH_FILESTORE: - value: "{{ .Release.Name }}-bucket" + envFrom: + "{{ .Release.Name }}-smh-secret": "secretRef" args: ["settings-migration-hook"] From 590d7ba6d1f71c2afe60a74e75e42a7d3be79bfd Mon Sep 17 00:00:00 2001 From: Zachary Blasczyk Date: Mon, 6 Jan 2025 14:33:04 -0600 Subject: [PATCH 09/44] bump chart versions --- charts/operator-wandb/Chart.lock | 10 +++++----- charts/operator-wandb/Chart.yaml | 2 +- charts/wandb-base/Chart.yaml | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/charts/operator-wandb/Chart.lock b/charts/operator-wandb/Chart.lock index d5cd46d3..092c5a02 100644 --- a/charts/operator-wandb/Chart.lock +++ b/charts/operator-wandb/Chart.lock @@ -4,7 +4,7 @@ dependencies: version: 0.1.0 - name: wandb-base repository: file://../wandb-base - version: 0.2.0 + version: 0.3.0 - name: console repository: file://charts/console version: 0.1.0 @@ -58,9 +58,9 @@ dependencies: version: 0.1.0 - name: wandb-base repository: file://../wandb-base - version: 0.2.0 + version: 0.3.0 - name: wandb-base repository: file://../wandb-base - version: 0.2.0 -digest: sha256:d2e7b83ddf4feb9f267bc2f339a61591acb72a0bdc2bd761a61e56d283439f01 -generated: "2025-01-06T12:07:41.027239-06:00" + version: 0.3.0 +digest: sha256:a8ce9fd5f8b280b9c748ac84e32e3bf0f96255755bf3251f640430701df1dc26 +generated: "2025-01-06T14:29:34.198239-06:00" diff --git a/charts/operator-wandb/Chart.yaml b/charts/operator-wandb/Chart.yaml index dbbf9e7d..0aa98d9a 100644 --- a/charts/operator-wandb/Chart.yaml +++ b/charts/operator-wandb/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: operator-wandb description: A Helm chart for deploying W&B to Kubernetes type: application -version: 0.21.9 +version: 0.22.0 appVersion: 1.0.0 icon: https://wandb.ai/logo.svg diff --git a/charts/wandb-base/Chart.yaml b/charts/wandb-base/Chart.yaml index 6b94c6c4..4b2fef16 100644 --- a/charts/wandb-base/Chart.yaml +++ b/charts/wandb-base/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: wandb-base description: A generic helm chart for deploying services to kubernetes type: application -version: 0.2.0 +version: 0.3.0 icon: https://wandb.ai/logo.svg maintainers: From cded24025bfb9e80f171b788b5a0def7d71a9aec Mon Sep 17 00:00:00 2001 From: Zachary Blasczyk Date: Mon, 6 Jan 2025 16:22:36 -0600 Subject: [PATCH 10/44] bump chart version --- charts/operator-wandb/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/operator-wandb/Chart.yaml b/charts/operator-wandb/Chart.yaml index 0aa98d9a..600e23bb 100644 --- a/charts/operator-wandb/Chart.yaml +++ b/charts/operator-wandb/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: operator-wandb description: A Helm chart for deploying W&B to Kubernetes type: application -version: 0.22.0 +version: 0.23.0 appVersion: 1.0.0 icon: https://wandb.ai/logo.svg From f092689559c304f073773418d372deef2a7acb45 Mon Sep 17 00:00:00 2001 From: Zachary Blasczyk Date: Mon, 6 Jan 2025 17:36:26 -0600 Subject: [PATCH 11/44] fix according to https://itnext.io/manage-auto-generated-secrets-in-your-helm-charts-5aee48ba6918 --- .../operator-wandb/templates/session-key.yaml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/charts/operator-wandb/templates/session-key.yaml b/charts/operator-wandb/templates/session-key.yaml index 0ce7955b..885599fc 100644 --- a/charts/operator-wandb/templates/session-key.yaml +++ b/charts/operator-wandb/templates/session-key.yaml @@ -3,14 +3,14 @@ kind: Secret metadata: name: {{ .Release.Name }}-gorilla-session-key annotations: - "helm.sh/resource-policy": keep + "helm.sh/resource-policy": "keep" labels: {{- include "wandb.commonLabels" . | nindent 4 }} -stringData: - GORILLA_SESSION_KEY: | - {{- $existingSecret := lookup "v1" "Secret" .Release.Namespace (printf "%s-gorilla-session-key" .Release.Name) }} - {{- if $existingSecret }} - {{- $existingSecret.data.GORILLA_SESSION_KEY | b64dec }} - {{- else }} - {{ randAlphaNum 32 }} - {{- end }} +type: Opaque +data: + # Retrieve the secret data using lookup function and when not exists, return an empty dictionary / map as result + {{- $secretObj := (lookup "v1" "Secret" .Release.Namespace (printf "%s-gorilla-session-key" .Release.Name)) | default dict }} + {{- $secretData := (get $secretObj "data") | default dict }} + # Set $gorillaSessionKey to existing secret data or generate a random one when not exists + {{- $gorillaSessionKey := (get $secretData "GORILLA_SESSION_KEY") | default (randAlphaNum 32 | b64enc) }} + GORILLA_SESSION_KEY: {{ $gorillaSessionKey | quote }} From fb9f49d4109e4730677f51b719b4c52dea20b5a7 Mon Sep 17 00:00:00 2001 From: Zachary Blasczyk Date: Thu, 9 Jan 2025 09:47:00 -0600 Subject: [PATCH 12/44] fix initContainers --- charts/operator-wandb/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/operator-wandb/values.yaml b/charts/operator-wandb/values.yaml index 65e7de0f..c8f53ee4 100644 --- a/charts/operator-wandb/values.yaml +++ b/charts/operator-wandb/values.yaml @@ -506,7 +506,7 @@ glue: initContainers: init-db: image: - repository: wandb/megabinary + repository: wandb/local tag: 0.62.2 env: MYSQL_HOST: @@ -654,7 +654,7 @@ api: initContainers: init-db: image: - repository: wandb/megabinary + repository: wandb/local tag: 0.62.2 env: MYSQL_HOST: From 4e7f86a99b830d708111d4ba2c5cb85e0508c416 Mon Sep 17 00:00:00 2001 From: Zachary Blasczyk Date: Thu, 9 Jan 2025 10:28:27 -0600 Subject: [PATCH 13/44] fix command --- charts/operator-wandb/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/operator-wandb/values.yaml b/charts/operator-wandb/values.yaml index ca285f58..d8c978e8 100644 --- a/charts/operator-wandb/values.yaml +++ b/charts/operator-wandb/values.yaml @@ -555,7 +555,7 @@ glue: [ "bash", "-c", - "megabinary migrate --db=$GORILLA_METADATA_STORE --runs-db=$GORILLA_RUN_STORE; megabinary migrate --db=$GORILLA_METADATA_STORE --usage-db=$GORILLA_USAGE_STORE", + "./megabinary migrate --db=$GORILLA_METADATA_STORE --runs-db=$GORILLA_RUN_STORE; ./megabinary migrate --db=$GORILLA_METADATA_STORE --usage-db=$GORILLA_USAGE_STORE", ] containers: glue: @@ -703,7 +703,7 @@ api: [ "bash", "-c", - "megabinary migrate --db=$GORILLA_METADATA_STORE --runs-db=$GORILLA_RUN_STORE; megabinary migrate --db=$GORILLA_METADATA_STORE --usage-db=$GORILLA_USAGE_STORE", + "./megabinary migrate --db=$GORILLA_METADATA_STORE --runs-db=$GORILLA_RUN_STORE; ./megabinary migrate --db=$GORILLA_METADATA_STORE --usage-db=$GORILLA_USAGE_STORE", ] containers: api: From 4c4ac08fbc38a82d584c0034e3966ab54abc9372 Mon Sep 17 00:00:00 2001 From: Zachary Blasczyk Date: Thu, 9 Jan 2025 12:33:16 -0600 Subject: [PATCH 14/44] fixing image tag/repository --- charts/operator-wandb/values.yaml | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/charts/operator-wandb/values.yaml b/charts/operator-wandb/values.yaml index d8c978e8..87993a52 100644 --- a/charts/operator-wandb/values.yaml +++ b/charts/operator-wandb/values.yaml @@ -516,7 +516,7 @@ glue: init-db: image: repository: wandb/local - tag: 0.62.2 + tag: latest env: MYSQL_HOST: value: '{{ include "wandb.mysql.host" . }}' @@ -536,9 +536,6 @@ glue: 'until mysql -h$MYSQL_HOST -u$MYSQL_USER -p$MYSQL_PASSWORD -D$MYSQL_DATABASE -P$MYSQL_PORT --execute="SELECT 1"; do echo waiting for db; sleep 2; done', ] migrate-db: - image: - repository: wandb/megabinary - tag: 0.62.2 env: MYSQL_HOST: value: '{{ include "wandb.mysql.host" . }}' @@ -592,7 +589,7 @@ glue: subPath: redis_ca.pem image: repository: wandb/megabinary - tag: 0.62.2 + tag: latest volumes: - name: wandb-ca-certs configMap: @@ -664,7 +661,7 @@ api: init-db: image: repository: wandb/local - tag: 0.62.2 + tag: latest env: MYSQL_HOST: value: '{{ include "wandb.mysql.host" . }}' @@ -684,9 +681,6 @@ api: 'until mysql -h$MYSQL_HOST -u$MYSQL_USER -p$MYSQL_PASSWORD -D$MYSQL_DATABASE -P$MYSQL_PORT --execute="SELECT 1"; do echo waiting for db; sleep 2; done', ] migrate-db: - image: - repository: wandb/megabinary - tag: 0.62.2 env: MYSQL_HOST: value: '{{ include "wandb.mysql.host" . }}' @@ -740,7 +734,7 @@ api: subPath: redis_ca.pem image: repository: wandb/megabinary - tag: 0.62.2 + tag: latest volumes: - name: wandb-ca-certs configMap: From 29de6ecbf961fdf71c7e14b894863ee0be41d563 Mon Sep 17 00:00:00 2001 From: Zachary Blasczyk Date: Thu, 9 Jan 2025 13:43:17 -0600 Subject: [PATCH 15/44] fix file store --- charts/operator-wandb/templates/gorilla.yaml | 4 ---- charts/operator-wandb/values.yaml | 8 ++++++++ 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/charts/operator-wandb/templates/gorilla.yaml b/charts/operator-wandb/templates/gorilla.yaml index 24edaa35..854c06d8 100644 --- a/charts/operator-wandb/templates/gorilla.yaml +++ b/charts/operator-wandb/templates/gorilla.yaml @@ -86,7 +86,3 @@ data: GORILLA_TASK_QUEUE: "noop://" GORILLA_TASK_QUEUE_WORKER_ENABLED: "false" {{- end }} - {{- with include "wandb.bucket" . | fromYaml }} - GORILLA_FILE_STORE: "{{ .url }}" - GORILLA_STORAGE_BUCKET: "{{ .url }}" - {{- end }} diff --git a/charts/operator-wandb/values.yaml b/charts/operator-wandb/values.yaml index 87993a52..ba2cc55b 100644 --- a/charts/operator-wandb/values.yaml +++ b/charts/operator-wandb/values.yaml @@ -500,6 +500,10 @@ glue: value: '{{ include "wandb.mysql" . | trim }}' GORILLA_HISTORY_STORE: value: 'http://{{ .Release.Name }}-parquet:8087/_goRPC_,{{ include "wandb.mysql" . | trim }}' + GORILLA_FILE_STORE: + value: '{{ (include "wandb.bucket" . | fromYaml).url }}' + GORILLA_STORAGE_BUCKET: + value: '{{ (include "wandb.bucket" . | fromYaml).url }}' envFrom: "wandb-mysql": "secretRef" "{{ .Release.Name }}-bucket-configmap": "configMapRef" @@ -647,6 +651,10 @@ api: value: '{{ include "wandb.mysql" . | trim }}' GORILLA_HISTORY_STORE: value: 'http://{{ .Release.Name }}-parquet:8087/_goRPC_,{{ include "wandb.mysql" . | trim }}' + GORILLA_FILE_STORE: + value: '{{ (include "wandb.bucket" . | fromYaml).url }}' + GORILLA_STORAGE_BUCKET: + value: '{{ (include "wandb.bucket" . | fromYaml).url }}' envFrom: "wandb-mysql": "secretRef" "{{ .Release.Name }}-bucket-configmap": "configMapRef" From c34a217f19417d9d302adf42f9b035a6dbf030c4 Mon Sep 17 00:00:00 2001 From: Zachary Blasczyk Date: Thu, 9 Jan 2025 15:19:51 -0600 Subject: [PATCH 16/44] fix health endpoint --- .../charts/app/templates/deployment.yaml | 23 +++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/charts/operator-wandb/charts/app/templates/deployment.yaml b/charts/operator-wandb/charts/app/templates/deployment.yaml index 2571289a..2fe45757 100644 --- a/charts/operator-wandb/charts/app/templates/deployment.yaml +++ b/charts/operator-wandb/charts/app/templates/deployment.yaml @@ -311,6 +311,7 @@ spec: {{- include "app.extraEnv" (dict "global" $.Values.global "local" .Values) | nindent 12 }} {{- include "wandb.extraEnvFrom" (dict "root" $ "local" .) | nindent 12 }} + {{- if not .Values.global.beta.api.enabled }} livenessProbe: httpGet: path: /healthz @@ -328,6 +329,28 @@ spec: initialDelaySeconds: 20 periodSeconds: 5 failureThreshold: 120 + {{- else }} + # If we disabled the api, we still want to have a healthcheck fror the frontend/nginx + # We also can't just disable the migrations which would make the health endpint return 200 + # because glue, parquet, and filemeta are still running in the local container. + livenessProbe: + httpGet: + path: /proxy/healthz + port: http + readinessProbe: + httpGet: + path: /proxy/healthz + port: http + initialDelaySeconds: 20 + periodSeconds: 5 + startupProbe: + httpGet: + path: /proxy/healthz + port: http + initialDelaySeconds: 20 + periodSeconds: 5 + failureThreshold: 120 + {{- end }} # Increase the sleep before SIGTERM to 25s. I had this as 5s previously and it wasn't enough. lifecycle: preStop: From 499781f505d23ca04ce8ce51f630f612cc56ad2b Mon Sep 17 00:00:00 2001 From: Zachary Blasczyk Date: Fri, 10 Jan 2025 11:17:43 -0600 Subject: [PATCH 17/44] fix service def and ingress --- .../operator-wandb/charts/app/templates/deployment.yaml | 4 ++++ charts/operator-wandb/templates/_ingress.tpl | 7 +++++++ charts/operator-wandb/values.yaml | 8 ++++++++ 3 files changed, 19 insertions(+) diff --git a/charts/operator-wandb/charts/app/templates/deployment.yaml b/charts/operator-wandb/charts/app/templates/deployment.yaml index 2fe45757..5617f94b 100644 --- a/charts/operator-wandb/charts/app/templates/deployment.yaml +++ b/charts/operator-wandb/charts/app/templates/deployment.yaml @@ -110,6 +110,10 @@ spec: value: "{{ not .Values.global.beta.glue.enabled }}" - name: GORILLA_ENABLED value: "{{ not .Values.global.beta.api.enabled }}" + {{- if .Values.global.beta.api.enabled }} + - name: REACT_APP_BACKEND_HOST + value: /api + {{- end }} - name: BUCKET_ACCESS_KEY valueFrom: secretKeyRef: diff --git a/charts/operator-wandb/templates/_ingress.tpl b/charts/operator-wandb/templates/_ingress.tpl index 4040f263..6c884995 100644 --- a/charts/operator-wandb/templates/_ingress.tpl +++ b/charts/operator-wandb/templates/_ingress.tpl @@ -62,6 +62,13 @@ It expects a dictionary with two entries: name: {{ $.Release.Name }}-api port: number: 8080 +- pathType: Prefix + path: /ready + backend: + service: + name: {{ $.Release.Name }}-api + port: + number: 8080 - pathType: Prefix path: /graphql backend: diff --git a/charts/operator-wandb/values.yaml b/charts/operator-wandb/values.yaml index ba2cc55b..0ea715c2 100644 --- a/charts/operator-wandb/values.yaml +++ b/charts/operator-wandb/values.yaml @@ -614,6 +614,12 @@ api: # install: false service: enabled: true + type: ClusterIP + ports: + - port: 8080 + targetPort: http + protocol: TCP + name: http env: GORILLA_LICENSE_CERT_PATH: value: "/jwks.json" @@ -655,6 +661,8 @@ api: value: '{{ (include "wandb.bucket" . | fromYaml).url }}' GORILLA_STORAGE_BUCKET: value: '{{ (include "wandb.bucket" . | fromYaml).url }}' + GORILLA_PORT: + value: "8080" envFrom: "wandb-mysql": "secretRef" "{{ .Release.Name }}-bucket-configmap": "configMapRef" From 999766ef9bbd045b22889a57271a151aa27f77c9 Mon Sep 17 00:00:00 2001 From: Zachary Blasczyk Date: Fri, 10 Jan 2025 12:05:35 -0600 Subject: [PATCH 18/44] fix all routes --- charts/operator-wandb/templates/_ingress.tpl | 63 ++++++++++++++++++++ 1 file changed, 63 insertions(+) diff --git a/charts/operator-wandb/templates/_ingress.tpl b/charts/operator-wandb/templates/_ingress.tpl index 6c884995..5762f7e7 100644 --- a/charts/operator-wandb/templates/_ingress.tpl +++ b/charts/operator-wandb/templates/_ingress.tpl @@ -76,6 +76,69 @@ It expects a dictionary with two entries: name: {{ $.Release.Name }}-api port: number: 8080 +- pathType: Prefix + path: /proxy + backend: + service: + name: {{ $.Release.Name }}-api + port: + number: 8080 +- pathType: Prefix + path: /files + backend: + service: + name: {{ $.Release.Name }}-api + port: + number: 8080 +- pathType: Prefix + path: /debug + backend: + service: + name: {{ $.Release.Name }}-api + port: + number: 8080 +- pathType: Prefix + path: /service-redirect + backend: + service: + name: {{ $.Release.Name }}-api + port: + number: 8080 +- pathType: Prefix + path: /service-dangerzone + backend: + service: + name: {{ $.Release.Name }}-api + port: + number: 8080 +- pathType: Prefix + path: /artifacts + backend: + service: + name: {{ $.Release.Name }}-api + port: + number: 8080 +- pathType: Prefix + path: /oidc + backend: + service: + name: {{ $.Release.Name }}-api + port: + number: 8080 +- pathType: Prefix + path: /analytics + backend: + service: + name: {{ $.Release.Name }}-api + port: + number: 8080 +- pathType: Prefix + path: /scim + backend: + service: + name: {{ $.Release.Name }}-api + port: + number: 8080 {{- end }} - pathType: Prefix path: /console From 1e45399ee064b9dbb081aaa5ee9ecdefc73e57b1 Mon Sep 17 00:00:00 2001 From: Zachary Blasczyk Date: Fri, 10 Jan 2025 13:53:56 -0600 Subject: [PATCH 19/44] fix PROXY_PASS_BACKEND_HOST --- .../charts/app/templates/deployment.yaml | 8 +- charts/operator-wandb/templates/_ingress.tpl | 172 +++++++++--------- 2 files changed, 92 insertions(+), 88 deletions(-) diff --git a/charts/operator-wandb/charts/app/templates/deployment.yaml b/charts/operator-wandb/charts/app/templates/deployment.yaml index 5617f94b..a23fde8b 100644 --- a/charts/operator-wandb/charts/app/templates/deployment.yaml +++ b/charts/operator-wandb/charts/app/templates/deployment.yaml @@ -111,8 +111,12 @@ spec: - name: GORILLA_ENABLED value: "{{ not .Values.global.beta.api.enabled }}" {{- if .Values.global.beta.api.enabled }} - - name: REACT_APP_BACKEND_HOST - value: /api + # - name: REACT_APP_BACKEND_HOST + # value: /api + # - name: PROXY_PASS_BACKEND_HOST + # value: "http://{{ .Release.Name }}-api:8080" + - name: PROXY_PASS_BACKEND_HOST + value: "$({{.Release.Name | upper | replace "-" "_" }}_API_SERVICE_HOST):$({{.Release.Name | upper | replace "-" "_" }}_API_SERVICE_PORT)" {{- end }} - name: BUCKET_ACCESS_KEY valueFrom: diff --git a/charts/operator-wandb/templates/_ingress.tpl b/charts/operator-wandb/templates/_ingress.tpl index 5762f7e7..7b6c5c95 100644 --- a/charts/operator-wandb/templates/_ingress.tpl +++ b/charts/operator-wandb/templates/_ingress.tpl @@ -54,92 +54,92 @@ It expects a dictionary with two entries: port: number: 8080 {{- end }} -{{- if .Values.global.beta.api.enabled }} -- pathType: Prefix - path: /api - backend: - service: - name: {{ $.Release.Name }}-api - port: - number: 8080 -- pathType: Prefix - path: /ready - backend: - service: - name: {{ $.Release.Name }}-api - port: - number: 8080 -- pathType: Prefix - path: /graphql - backend: - service: - name: {{ $.Release.Name }}-api - port: - number: 8080 -- pathType: Prefix - path: /proxy - backend: - service: - name: {{ $.Release.Name }}-api - port: - number: 8080 -- pathType: Prefix - path: /files - backend: - service: - name: {{ $.Release.Name }}-api - port: - number: 8080 -- pathType: Prefix - path: /debug - backend: - service: - name: {{ $.Release.Name }}-api - port: - number: 8080 -- pathType: Prefix - path: /service-redirect - backend: - service: - name: {{ $.Release.Name }}-api - port: - number: 8080 -- pathType: Prefix - path: /service-dangerzone - backend: - service: - name: {{ $.Release.Name }}-api - port: - number: 8080 -- pathType: Prefix - path: /artifacts - backend: - service: - name: {{ $.Release.Name }}-api - port: - number: 8080 -- pathType: Prefix - path: /oidc - backend: - service: - name: {{ $.Release.Name }}-api - port: - number: 8080 -- pathType: Prefix - path: /analytics - backend: - service: - name: {{ $.Release.Name }}-api - port: - number: 8080 -- pathType: Prefix - path: /scim - backend: - service: - name: {{ $.Release.Name }}-api - port: - number: 8080 -{{- end }} +# {{- if .Values.global.beta.api.enabled }} +# - pathType: Prefix +# path: /api +# backend: +# service: +# name: {{ $.Release.Name }}-api +# port: +# number: 8080 +# - pathType: Prefix +# path: /ready +# backend: +# service: +# name: {{ $.Release.Name }}-api +# port: +# number: 8080 +# - pathType: Prefix +# path: /graphql +# backend: +# service: +# name: {{ $.Release.Name }}-api +# port: +# number: 8080 +# - pathType: Prefix +# path: /proxy +# backend: +# service: +# name: {{ $.Release.Name }}-api +# port: +# number: 8080 +# - pathType: Prefix +# path: /files +# backend: +# service: +# name: {{ $.Release.Name }}-api +# port: +# number: 8080 +# - pathType: Prefix +# path: /debug +# backend: +# service: +# name: {{ $.Release.Name }}-api +# port: +# number: 8080 +# - pathType: Prefix +# path: /service-redirect +# backend: +# service: +# name: {{ $.Release.Name }}-api +# port: +# number: 8080 +# - pathType: Prefix +# path: /service-dangerzone +# backend: +# service: +# name: {{ $.Release.Name }}-api +# port: +# number: 8080 +# - pathType: Prefix +# path: /artifacts +# backend: +# service: +# name: {{ $.Release.Name }}-api +# port: +# number: 8080 +# - pathType: Prefix +# path: /oidc +# backend: +# service: +# name: {{ $.Release.Name }}-api +# port: +# number: 8080 +# - pathType: Prefix +# path: /analytics +# backend: +# service: +# name: {{ $.Release.Name }}-api +# port: +# number: 8080 +# - pathType: Prefix +# path: /scim +# backend: +# service: +# name: {{ $.Release.Name }}-api +# port: +# number: 8080 +# {{- end }} - pathType: Prefix path: /console backend: From 6411faf0ae949ea2af2adae68f7be8964fa0422a Mon Sep 17 00:00:00 2001 From: Zachary Blasczyk Date: Fri, 10 Jan 2025 14:15:31 -0600 Subject: [PATCH 20/44] port 8081 --- charts/operator-wandb/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/operator-wandb/values.yaml b/charts/operator-wandb/values.yaml index 0ea715c2..417db871 100644 --- a/charts/operator-wandb/values.yaml +++ b/charts/operator-wandb/values.yaml @@ -616,7 +616,7 @@ api: enabled: true type: ClusterIP ports: - - port: 8080 + - port: 8081 targetPort: http protocol: TCP name: http From b26dd945bf7e032cda03a51184e68c046ecdd633 Mon Sep 17 00:00:00 2001 From: Zachary Blasczyk Date: Fri, 10 Jan 2025 16:13:42 -0600 Subject: [PATCH 21/44] fix license encoding --- charts/operator-wandb/templates/gorilla.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/operator-wandb/templates/gorilla.yaml b/charts/operator-wandb/templates/gorilla.yaml index 854c06d8..07d06114 100644 --- a/charts/operator-wandb/templates/gorilla.yaml +++ b/charts/operator-wandb/templates/gorilla.yaml @@ -10,10 +10,10 @@ stringData: {{- else }} GORILLA_EMAIL_SINK: "https://api.wandb.ai/email/dispatch" {{- end }} - SLACK_SECRET: {{ default "" .Values.global.slack.secret | b64enc }} + SLACK_SECRET: {{ default "" .Values.global.slack.secret }} {{- if and (not .Values.global.licenseSecret.name) (not .Values.global.licenseSecret.key) .Values.global.license }} - LICENSE: {{ .Values.global.license | b64enc }} - GORILLA_LICENSE: {{ .Values.global.license | b64enc }} + LICENSE: {{ .Values.global.license }} + GORILLA_LICENSE: {{ .Values.global.license }} {{- end }} {{- if ne .Values.global.auth.oidc.clientId "" }} OIDC_CLIENT_SECRET: {{ .Values.global.auth.oidc.secret }} From bae9ba6d6bd6fc2937f604831f344e36f823a7d8 Mon Sep 17 00:00:00 2001 From: Zachary Blasczyk Date: Fri, 10 Jan 2025 16:43:47 -0600 Subject: [PATCH 22/44] fix alias --- charts/operator-wandb/Chart.lock | 4 ++-- charts/operator-wandb/Chart.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/operator-wandb/Chart.lock b/charts/operator-wandb/Chart.lock index 092c5a02..a9b63647 100644 --- a/charts/operator-wandb/Chart.lock +++ b/charts/operator-wandb/Chart.lock @@ -62,5 +62,5 @@ dependencies: - name: wandb-base repository: file://../wandb-base version: 0.3.0 -digest: sha256:a8ce9fd5f8b280b9c748ac84e32e3bf0f96255755bf3251f640430701df1dc26 -generated: "2025-01-06T14:29:34.198239-06:00" +digest: sha256:fc788b5a46f6d0e430bbad93e6187b8c13434577620d32346ea58a0a2752b27f +generated: "2025-01-10T16:41:54.846444-06:00" diff --git a/charts/operator-wandb/Chart.yaml b/charts/operator-wandb/Chart.yaml index 600e23bb..7d615237 100644 --- a/charts/operator-wandb/Chart.yaml +++ b/charts/operator-wandb/Chart.yaml @@ -95,7 +95,7 @@ dependencies: repository: file://../wandb-base version: "*.*.*" - name: wandb-base - alias: settings-migration-hook + alias: settingsMigrationHook condition: settingsMigrationHook.install repository: file://../wandb-base version: "*.*.*" From e31363edf62a9dafd1d539a739e432a15ffb7ea3 Mon Sep 17 00:00:00 2001 From: Zachary Blasczyk Date: Fri, 10 Jan 2025 16:50:13 -0600 Subject: [PATCH 23/44] fix the kebabcase --- charts/wandb-base/templates/_helpers.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/wandb-base/templates/_helpers.tpl b/charts/wandb-base/templates/_helpers.tpl index fe661f6b..38e9d1ca 100644 --- a/charts/wandb-base/templates/_helpers.tpl +++ b/charts/wandb-base/templates/_helpers.tpl @@ -14,7 +14,7 @@ If release name contains chart name it will be used as a full name. {{- if .Values.fullnameOverride }} {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} {{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} +{{- $name := default (.Chart.Name | kebabcase) .Values.nameOverride }} {{- if contains $name .Release.Name }} {{- .Release.Name | trunc 63 | trimSuffix "-" }} {{- else }} From ee715e6e3bcf61572fc88e4e56b18ad72a108b3a Mon Sep 17 00:00:00 2001 From: Zachary Blasczyk Date: Fri, 10 Jan 2025 17:10:19 -0600 Subject: [PATCH 24/44] keep the job around for debugging etc --- charts/operator-wandb/values.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/charts/operator-wandb/values.yaml b/charts/operator-wandb/values.yaml index 417db871..9b19ebfb 100644 --- a/charts/operator-wandb/values.yaml +++ b/charts/operator-wandb/values.yaml @@ -771,16 +771,18 @@ settingsMigrationHook: install: false service: enabled: false + kind: Job jobs: smh: annotations: "helm.sh/hook": pre-install + "helm.sh/hook-delete-policy": before-hook-creation containers: smh: image: repository: wandb/megabinary - tag: 0.62.2 + tag: latest envFrom: "{{ .Release.Name }}-smh-secret": "secretRef" args: ["settings-migration-hook"] From 03ee22256fa906a065fdf2d8553e390e3056bb62 Mon Sep 17 00:00:00 2001 From: Zachary Blasczyk Date: Fri, 10 Jan 2025 17:11:43 -0600 Subject: [PATCH 25/44] whitespace --- charts/operator-wandb/values.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/charts/operator-wandb/values.yaml b/charts/operator-wandb/values.yaml index 9b19ebfb..21b228e2 100644 --- a/charts/operator-wandb/values.yaml +++ b/charts/operator-wandb/values.yaml @@ -771,13 +771,12 @@ settingsMigrationHook: install: false service: enabled: false - kind: Job jobs: smh: annotations: "helm.sh/hook": pre-install - "helm.sh/hook-delete-policy": before-hook-creation + "helm.sh/hook-delete-policy": before-hook-creation containers: smh: image: From 05c9efd899151f1b5efa17151d3d3ceadd8a859a Mon Sep 17 00:00:00 2001 From: Zachary Blasczyk Date: Fri, 10 Jan 2025 17:32:46 -0600 Subject: [PATCH 26/44] add ttlSecondsAfterFinished --- charts/operator-wandb/values.yaml | 1 + charts/wandb-base/templates/job.yaml | 5 ++++- charts/wandb-base/values.yaml | 1 + 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/charts/operator-wandb/values.yaml b/charts/operator-wandb/values.yaml index 21b228e2..714c2d78 100644 --- a/charts/operator-wandb/values.yaml +++ b/charts/operator-wandb/values.yaml @@ -774,6 +774,7 @@ settingsMigrationHook: kind: Job jobs: smh: + ttlSecondsAfterFinished: 3600 annotations: "helm.sh/hook": pre-install "helm.sh/hook-delete-policy": before-hook-creation diff --git a/charts/wandb-base/templates/job.yaml b/charts/wandb-base/templates/job.yaml index 8f7d4cdb..14227219 100644 --- a/charts/wandb-base/templates/job.yaml +++ b/charts/wandb-base/templates/job.yaml @@ -10,6 +10,9 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} spec: + {{- with $job.ttlSecondsAfterFinished }} + ttlSecondsAfterFinished: {{ . }} + {{- end }} template: metadata: {{- with $job.podAnnotations }} @@ -54,4 +57,4 @@ spec: {{- end }} */}} --- -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/wandb-base/values.yaml b/charts/wandb-base/values.yaml index 71279392..4184a67c 100644 --- a/charts/wandb-base/values.yaml +++ b/charts/wandb-base/values.yaml @@ -84,6 +84,7 @@ containers: {} jobs: {} # example: +# ttlSecondsAfterFinished: 100 # annotations: # "helm.sh/hook": post-install # containers: From f4f82aded945e708a8ac29a45f99ed30ea01532a Mon Sep 17 00:00:00 2001 From: Zachary Blasczyk Date: Fri, 10 Jan 2025 17:45:05 -0600 Subject: [PATCH 27/44] pre-hook inttall and upgrade --- charts/operator-wandb/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/operator-wandb/values.yaml b/charts/operator-wandb/values.yaml index 714c2d78..c6d70b11 100644 --- a/charts/operator-wandb/values.yaml +++ b/charts/operator-wandb/values.yaml @@ -776,7 +776,7 @@ settingsMigrationHook: smh: ttlSecondsAfterFinished: 3600 annotations: - "helm.sh/hook": pre-install + "helm.sh/hook": pre-install,pre-upgrade "helm.sh/hook-delete-policy": before-hook-creation containers: smh: From 72deea00bc4b02980557d354ec11270b4f1c3f89 Mon Sep 17 00:00:00 2001 From: Zachary Blasczyk Date: Fri, 10 Jan 2025 18:34:10 -0600 Subject: [PATCH 28/44] fix SMH bucket --- .../operator-wandb/templates/settings-migration-hook.yaml | 5 ----- charts/operator-wandb/values.yaml | 6 ++++++ 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/charts/operator-wandb/templates/settings-migration-hook.yaml b/charts/operator-wandb/templates/settings-migration-hook.yaml index 496c7c8b..4f29d32e 100644 --- a/charts/operator-wandb/templates/settings-migration-hook.yaml +++ b/charts/operator-wandb/templates/settings-migration-hook.yaml @@ -9,11 +9,6 @@ stringData: SMH_DEBUG: {{ .Values.global.settingsMigrationHook.debug | quote }} SMH_DRY_RUN: {{ .Values.global.settingsMigrationHook.dryRun | quote }} {{- with include "wandb.bucket" . | fromYaml }} - {{- if .path }} - SMH_FILESTORE: "{{ .provider }}:{{ .name }}/{{ .path }}" - {{- else }} - SMH_FILESTORE: "{{ .provider }}:{{ .name }}" - {{- end }} AWS_REGION: "{{ .region }}" AWS_S3_KMS_ID: "{{ .kmsKey }}" {{- end }} diff --git a/charts/operator-wandb/values.yaml b/charts/operator-wandb/values.yaml index 34cb69a9..2110837a 100644 --- a/charts/operator-wandb/values.yaml +++ b/charts/operator-wandb/values.yaml @@ -773,6 +773,12 @@ settingsMigrationHook: install: false service: enabled: false + env: + SMH_FILESTORE: + value: '{{ (include "wandb.bucket" . | fromYaml).url }}' + envFrom: + "{{ .Release.Name }}-bucket-configmap": "configMapRef" + "{{ .Release.Name }}-bucket-secret": "secretRef" kind: Job jobs: smh: From ea6e7ac319413e6aa8cd5e55e75d28fe21d5052a Mon Sep 17 00:00:00 2001 From: Zachary Blasczyk Date: Fri, 10 Jan 2025 18:50:06 -0600 Subject: [PATCH 29/44] fix quoting of the value to preserve the // --- charts/operator-wandb/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/operator-wandb/values.yaml b/charts/operator-wandb/values.yaml index 2110837a..9ef50635 100644 --- a/charts/operator-wandb/values.yaml +++ b/charts/operator-wandb/values.yaml @@ -775,7 +775,7 @@ settingsMigrationHook: enabled: false env: SMH_FILESTORE: - value: '{{ (include "wandb.bucket" . | fromYaml).url }}' + value: '{{ (include "wandb.bucket" . | fromYaml).url | quote }}' envFrom: "{{ .Release.Name }}-bucket-configmap": "configMapRef" "{{ .Release.Name }}-bucket-secret": "secretRef" From 783961ab193cf3f8770a2518ab468d8f874d46db Mon Sep 17 00:00:00 2001 From: Zachary Blasczyk Date: Fri, 10 Jan 2025 18:53:29 -0600 Subject: [PATCH 30/44] fix bucket secret ref --- charts/operator-wandb/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/operator-wandb/values.yaml b/charts/operator-wandb/values.yaml index 9ef50635..461fcdf5 100644 --- a/charts/operator-wandb/values.yaml +++ b/charts/operator-wandb/values.yaml @@ -778,7 +778,7 @@ settingsMigrationHook: value: '{{ (include "wandb.bucket" . | fromYaml).url | quote }}' envFrom: "{{ .Release.Name }}-bucket-configmap": "configMapRef" - "{{ .Release.Name }}-bucket-secret": "secretRef" + "{{ .Release.Name }}-bucket": "secretRef" kind: Job jobs: smh: From d763db6bbf51fd75e4ba411782a189dbc40dc468 Mon Sep 17 00:00:00 2001 From: Zachary Blasczyk Date: Fri, 10 Jan 2025 19:01:14 -0600 Subject: [PATCH 31/44] unquote --- charts/operator-wandb/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/operator-wandb/values.yaml b/charts/operator-wandb/values.yaml index 461fcdf5..187733b7 100644 --- a/charts/operator-wandb/values.yaml +++ b/charts/operator-wandb/values.yaml @@ -775,7 +775,7 @@ settingsMigrationHook: enabled: false env: SMH_FILESTORE: - value: '{{ (include "wandb.bucket" . | fromYaml).url | quote }}' + value: '{{ (include "wandb.bucket" . | fromYaml).url }}' envFrom: "{{ .Release.Name }}-bucket-configmap": "configMapRef" "{{ .Release.Name }}-bucket": "secretRef" From 0d07fe2037abb73c76700fe92c64c8b956d4465b Mon Sep 17 00:00:00 2001 From: Zachary Blasczyk Date: Fri, 10 Jan 2025 19:13:19 -0600 Subject: [PATCH 32/44] use the right variable name :facepalm: --- charts/operator-wandb/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/operator-wandb/values.yaml b/charts/operator-wandb/values.yaml index 187733b7..81553f26 100644 --- a/charts/operator-wandb/values.yaml +++ b/charts/operator-wandb/values.yaml @@ -774,7 +774,7 @@ settingsMigrationHook: service: enabled: false env: - SMH_FILESTORE: + SMH_FILE_STORE: value: '{{ (include "wandb.bucket" . | fromYaml).url }}' envFrom: "{{ .Release.Name }}-bucket-configmap": "configMapRef" From abb192231f2a6216cb278d84feac404c2d63a99a Mon Sep 17 00:00:00 2001 From: Zachary Blasczyk Date: Fri, 10 Jan 2025 19:23:20 -0600 Subject: [PATCH 33/44] fix missing env's --- charts/operator-wandb/values.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/charts/operator-wandb/values.yaml b/charts/operator-wandb/values.yaml index 81553f26..a8191aa2 100644 --- a/charts/operator-wandb/values.yaml +++ b/charts/operator-wandb/values.yaml @@ -776,6 +776,12 @@ settingsMigrationHook: env: SMH_FILE_STORE: value: '{{ (include "wandb.bucket" . | fromYaml).url }}' + SMH_K8S_ACTIVE_SPEC_SECRET_NAME: + value: "wandb-spec-active" + SMH_K8S_USER_SPEC_SECRET_NAME: + value: "wandb-spec-user" + SMH_K8S_NAMESPACE: + value: "default" envFrom: "{{ .Release.Name }}-bucket-configmap": "configMapRef" "{{ .Release.Name }}-bucket": "secretRef" From 5d7343112bbf426222be3ad8a4825b0ed43ff4cf Mon Sep 17 00:00:00 2001 From: Zachary Blasczyk Date: Fri, 10 Jan 2025 19:42:53 -0600 Subject: [PATCH 34/44] implement roles --- charts/operator-wandb/values.yaml | 12 ++++++++++++ charts/wandb-base/templates/role.yaml | 12 ++++++++++++ charts/wandb-base/templates/rolebinding.yaml | 16 ++++++++++++++++ charts/wandb-base/values.yaml | 4 ++++ 4 files changed, 44 insertions(+) create mode 100644 charts/wandb-base/templates/role.yaml create mode 100644 charts/wandb-base/templates/rolebinding.yaml diff --git a/charts/operator-wandb/values.yaml b/charts/operator-wandb/values.yaml index a8191aa2..9f34f125 100644 --- a/charts/operator-wandb/values.yaml +++ b/charts/operator-wandb/values.yaml @@ -773,6 +773,18 @@ settingsMigrationHook: install: false service: enabled: false + role: + create: true + rules: + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - update + - patch env: SMH_FILE_STORE: value: '{{ (include "wandb.bucket" . | fromYaml).url }}' diff --git a/charts/wandb-base/templates/role.yaml b/charts/wandb-base/templates/role.yaml new file mode 100644 index 00000000..69d5e906 --- /dev/null +++ b/charts/wandb-base/templates/role.yaml @@ -0,0 +1,12 @@ +{{- if .Values.role.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "wandb-base.fullname" .}} + labels: + {{- include "wandb-base.labels" . | nindent 4 }} +rules: + {{- with .Values.role.rules }} + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/wandb-base/templates/rolebinding.yaml b/charts/wandb-base/templates/rolebinding.yaml new file mode 100644 index 00000000..747fdb44 --- /dev/null +++ b/charts/wandb-base/templates/rolebinding.yaml @@ -0,0 +1,16 @@ +{{- if .Values.role.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "wandb-base.fullname" . }} + labels: + {{- include "wandb-base.labels" . | nindent 4 }} +subjects: + - kind: ServiceAccount + name: {{ include "wandb-base.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: Role + name: {{ include "wandb-base.fullname" . }} + apiGroup: rbac.authorization.k8s.io +{{- end }} diff --git a/charts/wandb-base/values.yaml b/charts/wandb-base/values.yaml index 4184a67c..4adf0491 100644 --- a/charts/wandb-base/values.yaml +++ b/charts/wandb-base/values.yaml @@ -27,6 +27,10 @@ serviceAccount: annotations: {} name: "" +role: + create: false + rules: [] + podAnnotations: {} podLabels: {} From 2bc93f2a5919ba954b3077bd3a8a36b16981fa37 Mon Sep 17 00:00:00 2001 From: Zachary Blasczyk Date: Fri, 10 Jan 2025 19:56:20 -0600 Subject: [PATCH 35/44] fix the annotations --- charts/operator-wandb/values.yaml | 3 +++ charts/wandb-base/templates/role.yaml | 4 ++++ charts/wandb-base/templates/rolebinding.yaml | 4 ++++ charts/wandb-base/templates/serviceaccount.yaml | 10 ++++++++-- charts/wandb-base/values.yaml | 2 ++ 5 files changed, 21 insertions(+), 2 deletions(-) diff --git a/charts/operator-wandb/values.yaml b/charts/operator-wandb/values.yaml index 9f34f125..446a49ab 100644 --- a/charts/operator-wandb/values.yaml +++ b/charts/operator-wandb/values.yaml @@ -798,6 +798,9 @@ settingsMigrationHook: "{{ .Release.Name }}-bucket-configmap": "configMapRef" "{{ .Release.Name }}-bucket": "secretRef" kind: Job + helmHookAnnotations: + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": before-hook-creation jobs: smh: ttlSecondsAfterFinished: 3600 diff --git a/charts/wandb-base/templates/role.yaml b/charts/wandb-base/templates/role.yaml index 69d5e906..28be34c6 100644 --- a/charts/wandb-base/templates/role.yaml +++ b/charts/wandb-base/templates/role.yaml @@ -5,6 +5,10 @@ metadata: name: {{ include "wandb-base.fullname" .}} labels: {{- include "wandb-base.labels" . | nindent 4 }} + {{- with .Values.helmHookAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} rules: {{- with .Values.role.rules }} {{- toYaml . | nindent 4 }} diff --git a/charts/wandb-base/templates/rolebinding.yaml b/charts/wandb-base/templates/rolebinding.yaml index 747fdb44..6d7c6931 100644 --- a/charts/wandb-base/templates/rolebinding.yaml +++ b/charts/wandb-base/templates/rolebinding.yaml @@ -5,6 +5,10 @@ metadata: name: {{ include "wandb-base.fullname" . }} labels: {{- include "wandb-base.labels" . | nindent 4 }} + {{- with .Values.helmHookAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} subjects: - kind: ServiceAccount name: {{ include "wandb-base.serviceAccountName" . }} diff --git a/charts/wandb-base/templates/serviceaccount.yaml b/charts/wandb-base/templates/serviceaccount.yaml index 24c8467e..cc747902 100644 --- a/charts/wandb-base/templates/serviceaccount.yaml +++ b/charts/wandb-base/templates/serviceaccount.yaml @@ -5,9 +5,15 @@ metadata: name: {{ include "wandb-base.serviceAccountName" . }} labels: {{- include "wandb-base.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} + {{- if or .Values.helmHookAnnotations .Values.serviceAccount.annotations }} annotations: - {{- toYaml . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.helmHookAnnotations }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- end }} + automountServiceAccountToken: {{ .Values.serviceAccount.automount }} {{- end }} diff --git a/charts/wandb-base/values.yaml b/charts/wandb-base/values.yaml index 4adf0491..c7c7dfe6 100644 --- a/charts/wandb-base/values.yaml +++ b/charts/wandb-base/values.yaml @@ -18,6 +18,8 @@ imagePullSecrets: [] nameOverride: "" fullnameOverride: "" +helmHookAnnotations: {} + env: {} envFrom: {} From 460fdccd8763ea086c8c0311befe5233292e4129 Mon Sep 17 00:00:00 2001 From: Zachary Blasczyk Date: Mon, 13 Jan 2025 12:34:55 -0600 Subject: [PATCH 36/44] prioritize settings migration hook --- .../charts/app/templates/deployment.yaml | 62 ++++++----- charts/operator-wandb/templates/_ingress.tpl | 102 +++--------------- 2 files changed, 46 insertions(+), 118 deletions(-) diff --git a/charts/operator-wandb/charts/app/templates/deployment.yaml b/charts/operator-wandb/charts/app/templates/deployment.yaml index a23fde8b..596f78ea 100644 --- a/charts/operator-wandb/charts/app/templates/deployment.yaml +++ b/charts/operator-wandb/charts/app/templates/deployment.yaml @@ -108,16 +108,13 @@ spec: resource: limits.memory - name: GLUE_ENABLED value: "{{ not .Values.global.beta.glue.enabled }}" - - name: GORILLA_ENABLED - value: "{{ not .Values.global.beta.api.enabled }}" - {{- if .Values.global.beta.api.enabled }} - # - name: REACT_APP_BACKEND_HOST - # value: /api + ## TODO: Turn this on when we are ready to remove the gorilla service from wandb/local + # {{- if .Values.global.beta.api.enabled }} + # - name: GORILLA_ENABLED + # value: "{{ not .Values.global.beta.api.enabled }}" # - name: PROXY_PASS_BACKEND_HOST - # value: "http://{{ .Release.Name }}-api:8080" - - name: PROXY_PASS_BACKEND_HOST - value: "$({{.Release.Name | upper | replace "-" "_" }}_API_SERVICE_HOST):$({{.Release.Name | upper | replace "-" "_" }}_API_SERVICE_PORT)" - {{- end }} + # value: "$({{.Release.Name | upper | replace "-" "_" }}_API_SERVICE_HOST):$({{.Release.Name | upper | replace "-" "_" }}_API_SERVICE_PORT)" + # {{- end }} - name: BUCKET_ACCESS_KEY valueFrom: secretKeyRef: @@ -319,7 +316,8 @@ spec: {{- include "app.extraEnv" (dict "global" $.Values.global "local" .Values) | nindent 12 }} {{- include "wandb.extraEnvFrom" (dict "root" $ "local" .) | nindent 12 }} - {{- if not .Values.global.beta.api.enabled }} + ## TODO: If we want to remove the api service from wandb/local, we can uncomment this if else block + # {{- if not .Values.global.beta.api.enabled }} livenessProbe: httpGet: path: /healthz @@ -337,28 +335,28 @@ spec: initialDelaySeconds: 20 periodSeconds: 5 failureThreshold: 120 - {{- else }} - # If we disabled the api, we still want to have a healthcheck fror the frontend/nginx - # We also can't just disable the migrations which would make the health endpint return 200 - # because glue, parquet, and filemeta are still running in the local container. - livenessProbe: - httpGet: - path: /proxy/healthz - port: http - readinessProbe: - httpGet: - path: /proxy/healthz - port: http - initialDelaySeconds: 20 - periodSeconds: 5 - startupProbe: - httpGet: - path: /proxy/healthz - port: http - initialDelaySeconds: 20 - periodSeconds: 5 - failureThreshold: 120 - {{- end }} + # {{- else }} + # # If we disabled the api, we still want to have a healthcheck fror the frontend/nginx + # # We also can't just disable the migrations which would make the health endpint return 200 + # # because glue, parquet, and filemeta are still running in the local container. + # livenessProbe: + # httpGet: + # path: /proxy/healthz + # port: http + # readinessProbe: + # httpGet: + # path: /proxy/healthz + # port: http + # initialDelaySeconds: 20 + # periodSeconds: 5 + # startupProbe: + # httpGet: + # path: /proxy/healthz + # port: http + # initialDelaySeconds: 20 + # periodSeconds: 5 + # failureThreshold: 120 + # {{- end }} # Increase the sleep before SIGTERM to 25s. I had this as 5s previously and it wasn't enough. lifecycle: preStop: diff --git a/charts/operator-wandb/templates/_ingress.tpl b/charts/operator-wandb/templates/_ingress.tpl index 7b6c5c95..4040f263 100644 --- a/charts/operator-wandb/templates/_ingress.tpl +++ b/charts/operator-wandb/templates/_ingress.tpl @@ -54,92 +54,22 @@ It expects a dictionary with two entries: port: number: 8080 {{- end }} -# {{- if .Values.global.beta.api.enabled }} -# - pathType: Prefix -# path: /api -# backend: -# service: -# name: {{ $.Release.Name }}-api -# port: -# number: 8080 -# - pathType: Prefix -# path: /ready -# backend: -# service: -# name: {{ $.Release.Name }}-api -# port: -# number: 8080 -# - pathType: Prefix -# path: /graphql -# backend: -# service: -# name: {{ $.Release.Name }}-api -# port: -# number: 8080 -# - pathType: Prefix -# path: /proxy -# backend: -# service: -# name: {{ $.Release.Name }}-api -# port: -# number: 8080 -# - pathType: Prefix -# path: /files -# backend: -# service: -# name: {{ $.Release.Name }}-api -# port: -# number: 8080 -# - pathType: Prefix -# path: /debug -# backend: -# service: -# name: {{ $.Release.Name }}-api -# port: -# number: 8080 -# - pathType: Prefix -# path: /service-redirect -# backend: -# service: -# name: {{ $.Release.Name }}-api -# port: -# number: 8080 -# - pathType: Prefix -# path: /service-dangerzone -# backend: -# service: -# name: {{ $.Release.Name }}-api -# port: -# number: 8080 -# - pathType: Prefix -# path: /artifacts -# backend: -# service: -# name: {{ $.Release.Name }}-api -# port: -# number: 8080 -# - pathType: Prefix -# path: /oidc -# backend: -# service: -# name: {{ $.Release.Name }}-api -# port: -# number: 8080 -# - pathType: Prefix -# path: /analytics -# backend: -# service: -# name: {{ $.Release.Name }}-api -# port: -# number: 8080 -# - pathType: Prefix -# path: /scim -# backend: -# service: -# name: {{ $.Release.Name }}-api -# port: -# number: 8080 -# {{- end }} +{{- if .Values.global.beta.api.enabled }} +- pathType: Prefix + path: /api + backend: + service: + name: {{ $.Release.Name }}-api + port: + number: 8080 +- pathType: Prefix + path: /graphql + backend: + service: + name: {{ $.Release.Name }}-api + port: + number: 8080 +{{- end }} - pathType: Prefix path: /console backend: From 680444edf06427c77f5fca604d990fe01ad1df37 Mon Sep 17 00:00:00 2001 From: Zachary Blasczyk Date: Mon, 13 Jan 2025 13:10:18 -0600 Subject: [PATCH 37/44] fix the settings migration hook dependencies --- charts/operator-wandb/templates/bucket.yaml | 12 ++++++++++++ .../templates/settings-migration-hook.yaml | 4 ++++ charts/operator-wandb/values.yaml | 9 +++++---- 3 files changed, 21 insertions(+), 4 deletions(-) diff --git a/charts/operator-wandb/templates/bucket.yaml b/charts/operator-wandb/templates/bucket.yaml index 5accc35a..efe9ee29 100644 --- a/charts/operator-wandb/templates/bucket.yaml +++ b/charts/operator-wandb/templates/bucket.yaml @@ -4,6 +4,12 @@ metadata: name: {{ include "wandb.bucket.config" . }} labels: {{- include "wandb.commonLabels" . | nindent 4 }} + {{- if .Values.settingsMigrationHook.install }} + {{- with .Values.global.settingsMigrationHook.helmHookAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} data: {{- with include "wandb.bucket" . | fromYaml }} BUCKET_NAME: "{{ .name }}" @@ -19,6 +25,12 @@ metadata: name: {{ include "wandb.bucket.secret" . }} labels: {{- include "wandb.commonLabels" . | nindent 4 }} + {{- if .Values.settingsMigrationHook.install }} + {{- with .Values.global.settingsMigrationHook.helmHookAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} data: {{- with include "wandb.bucket" . | fromYaml }} {{- if .accessKey }} diff --git a/charts/operator-wandb/templates/settings-migration-hook.yaml b/charts/operator-wandb/templates/settings-migration-hook.yaml index 4f29d32e..eb94ecc6 100644 --- a/charts/operator-wandb/templates/settings-migration-hook.yaml +++ b/charts/operator-wandb/templates/settings-migration-hook.yaml @@ -5,6 +5,10 @@ metadata: name: {{ .Release.Name }}-smh-secret labels: {{- include "wandb.commonLabels" . | nindent 4 }} + {{- with .Values.global.settingsMigrationHook.helmHookAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} stringData: SMH_DEBUG: {{ .Values.global.settingsMigrationHook.debug | quote }} SMH_DRY_RUN: {{ .Values.global.settingsMigrationHook.dryRun | quote }} diff --git a/charts/operator-wandb/values.yaml b/charts/operator-wandb/values.yaml index 446a49ab..fadbae59 100644 --- a/charts/operator-wandb/values.yaml +++ b/charts/operator-wandb/values.yaml @@ -187,6 +187,9 @@ global: settingsMigrationHook: debug: false dryRun: true + helmHookAnnotations: &helmHookAnnotations + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": before-hook-creation # Creates a backend config to set custom values to used by the gke load balancer # https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-configuration#create_backendconfig @@ -799,14 +802,12 @@ settingsMigrationHook: "{{ .Release.Name }}-bucket": "secretRef" kind: Job helmHookAnnotations: - "helm.sh/hook": pre-install,pre-upgrade - "helm.sh/hook-delete-policy": before-hook-creation + <<: *helmHookAnnotations jobs: smh: ttlSecondsAfterFinished: 3600 annotations: - "helm.sh/hook": pre-install,pre-upgrade - "helm.sh/hook-delete-policy": before-hook-creation + <<: *helmHookAnnotations containers: smh: image: From dc1047c4dd46e1ba19a413f912bbe383fac08e8a Mon Sep 17 00:00:00 2001 From: Zachary Blasczyk Date: Mon, 13 Jan 2025 13:18:09 -0600 Subject: [PATCH 38/44] force the job to be created after the secrets, configmaps, role, role binding, and sa --- charts/operator-wandb/values.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/charts/operator-wandb/values.yaml b/charts/operator-wandb/values.yaml index fadbae59..68b32937 100644 --- a/charts/operator-wandb/values.yaml +++ b/charts/operator-wandb/values.yaml @@ -808,6 +808,8 @@ settingsMigrationHook: ttlSecondsAfterFinished: 3600 annotations: <<: *helmHookAnnotations + # This ensures that the job is created last + "helm.sh/hook-weight": "10" containers: smh: image: From edd84609d3733b3bfc49a352eb0db87426fa94db Mon Sep 17 00:00:00 2001 From: Zachary Blasczyk Date: Mon, 13 Jan 2025 17:35:19 -0600 Subject: [PATCH 39/44] ensure the azure storage key is set if pressent --- charts/operator-wandb/values.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/charts/operator-wandb/values.yaml b/charts/operator-wandb/values.yaml index 68b32937..2f4beeb2 100644 --- a/charts/operator-wandb/values.yaml +++ b/charts/operator-wandb/values.yaml @@ -797,6 +797,12 @@ settingsMigrationHook: value: "wandb-spec-user" SMH_K8S_NAMESPACE: value: "default" + AZURE_STORAGE_KEY: + valueFrom: + secretKeyRef: + name: '{{ (include "wandb.bucket" . | fromYaml).secretName }}' + key: '{{ (include "wandb.bucket" . | fromYaml).accessKeyName }}' + optional: true envFrom: "{{ .Release.Name }}-bucket-configmap": "configMapRef" "{{ .Release.Name }}-bucket": "secretRef" From 4df930dfe4e8fe2b44feee305e59b190995de799 Mon Sep 17 00:00:00 2001 From: Zachary Blasczyk Date: Mon, 13 Jan 2025 17:36:23 -0600 Subject: [PATCH 40/44] azure storage key for glue and gorilla --- charts/operator-wandb/values.yaml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/charts/operator-wandb/values.yaml b/charts/operator-wandb/values.yaml index 2f4beeb2..4a9a70ae 100644 --- a/charts/operator-wandb/values.yaml +++ b/charts/operator-wandb/values.yaml @@ -509,6 +509,12 @@ glue: value: '{{ (include "wandb.bucket" . | fromYaml).url }}' GORILLA_STORAGE_BUCKET: value: '{{ (include "wandb.bucket" . | fromYaml).url }}' + AZURE_STORAGE_KEY: + valueFrom: + secretKeyRef: + name: '{{ (include "wandb.bucket" . | fromYaml).secretName }}' + key: '{{ (include "wandb.bucket" . | fromYaml).accessKeyName }}' + optional: true envFrom: "wandb-mysql": "secretRef" "{{ .Release.Name }}-bucket-configmap": "configMapRef" @@ -668,6 +674,12 @@ api: value: '{{ (include "wandb.bucket" . | fromYaml).url }}' GORILLA_PORT: value: "8080" + AZURE_STORAGE_KEY: + valueFrom: + secretKeyRef: + name: '{{ (include "wandb.bucket" . | fromYaml).secretName }}' + key: '{{ (include "wandb.bucket" . | fromYaml).accessKeyName }}' + optional: true envFrom: "wandb-mysql": "secretRef" "{{ .Release.Name }}-bucket-configmap": "configMapRef" From 12fc44e9f0ae60269937e431e44159657ccc50ca Mon Sep 17 00:00:00 2001 From: Zachary Blasczyk Date: Mon, 13 Jan 2025 18:11:18 -0600 Subject: [PATCH 41/44] change to post-install hook to stop the dependency madness --- charts/operator-wandb/templates/bucket.yaml | 12 ------------ .../templates/settings-migration-hook.yaml | 1 - charts/operator-wandb/values.yaml | 8 +++----- 3 files changed, 3 insertions(+), 18 deletions(-) diff --git a/charts/operator-wandb/templates/bucket.yaml b/charts/operator-wandb/templates/bucket.yaml index efe9ee29..5accc35a 100644 --- a/charts/operator-wandb/templates/bucket.yaml +++ b/charts/operator-wandb/templates/bucket.yaml @@ -4,12 +4,6 @@ metadata: name: {{ include "wandb.bucket.config" . }} labels: {{- include "wandb.commonLabels" . | nindent 4 }} - {{- if .Values.settingsMigrationHook.install }} - {{- with .Values.global.settingsMigrationHook.helmHookAnnotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} - {{- end }} data: {{- with include "wandb.bucket" . | fromYaml }} BUCKET_NAME: "{{ .name }}" @@ -25,12 +19,6 @@ metadata: name: {{ include "wandb.bucket.secret" . }} labels: {{- include "wandb.commonLabels" . | nindent 4 }} - {{- if .Values.settingsMigrationHook.install }} - {{- with .Values.global.settingsMigrationHook.helmHookAnnotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} - {{- end }} data: {{- with include "wandb.bucket" . | fromYaml }} {{- if .accessKey }} diff --git a/charts/operator-wandb/templates/settings-migration-hook.yaml b/charts/operator-wandb/templates/settings-migration-hook.yaml index eb94ecc6..3d3ce349 100644 --- a/charts/operator-wandb/templates/settings-migration-hook.yaml +++ b/charts/operator-wandb/templates/settings-migration-hook.yaml @@ -17,4 +17,3 @@ stringData: AWS_S3_KMS_ID: "{{ .kmsKey }}" {{- end }} {{- end }} - diff --git a/charts/operator-wandb/values.yaml b/charts/operator-wandb/values.yaml index 4a9a70ae..25f2e8d2 100644 --- a/charts/operator-wandb/values.yaml +++ b/charts/operator-wandb/values.yaml @@ -187,9 +187,6 @@ global: settingsMigrationHook: debug: false dryRun: true - helmHookAnnotations: &helmHookAnnotations - "helm.sh/hook": pre-install,pre-upgrade - "helm.sh/hook-delete-policy": before-hook-creation # Creates a backend config to set custom values to used by the gke load balancer # https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-configuration#create_backendconfig @@ -819,8 +816,9 @@ settingsMigrationHook: "{{ .Release.Name }}-bucket-configmap": "configMapRef" "{{ .Release.Name }}-bucket": "secretRef" kind: Job - helmHookAnnotations: - <<: *helmHookAnnotations + helmHookAnnotations: &helmHookAnnotations + "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation jobs: smh: ttlSecondsAfterFinished: 3600 From a4d892e63e9e103ca66d4a10142fc52c0caf8f7d Mon Sep 17 00:00:00 2001 From: Zachary Blasczyk Date: Mon, 13 Jan 2025 18:27:30 -0600 Subject: [PATCH 42/44] SMH job --- charts/operator-wandb/Chart.lock | 4 ++-- charts/operator-wandb/Chart.yaml | 4 ++-- .../templates/settings-migration-hook.yaml | 10 +++------- charts/operator-wandb/values.yaml | 9 +-------- charts/wandb-base/templates/role.yaml | 4 ---- charts/wandb-base/templates/rolebinding.yaml | 4 ---- charts/wandb-base/templates/serviceaccount.yaml | 6 ------ charts/wandb-base/values.yaml | 2 -- 8 files changed, 8 insertions(+), 35 deletions(-) diff --git a/charts/operator-wandb/Chart.lock b/charts/operator-wandb/Chart.lock index a33edb05..d911438a 100644 --- a/charts/operator-wandb/Chart.lock +++ b/charts/operator-wandb/Chart.lock @@ -62,5 +62,5 @@ dependencies: - name: wandb-base repository: file://../wandb-base version: 0.3.0 -digest: sha256:c0bbd695dffdd8b72a2453d6eb113bc048f7c89a31d2b929baa77cf5e77f6d63 -generated: "2025-01-13T12:35:58.707616-06:00" +digest: sha256:3ee5e247e2de8e6911c512fc5c1ef58a463d545365f1c5d3c0f4be28e2ee29fd +generated: "2025-01-13T18:23:28.474058-06:00" diff --git a/charts/operator-wandb/Chart.yaml b/charts/operator-wandb/Chart.yaml index 0e9978d4..8efe711d 100644 --- a/charts/operator-wandb/Chart.yaml +++ b/charts/operator-wandb/Chart.yaml @@ -95,7 +95,7 @@ dependencies: repository: file://../wandb-base version: "*.*.*" - name: wandb-base - alias: settingsMigrationHook - condition: settingsMigrationHook.install + alias: settingsMigrationJob + condition: settingsMigrationJob.install repository: file://../wandb-base version: "*.*.*" diff --git a/charts/operator-wandb/templates/settings-migration-hook.yaml b/charts/operator-wandb/templates/settings-migration-hook.yaml index 3d3ce349..6c9cbcdf 100644 --- a/charts/operator-wandb/templates/settings-migration-hook.yaml +++ b/charts/operator-wandb/templates/settings-migration-hook.yaml @@ -1,17 +1,13 @@ -{{- if .Values.settingsMigrationHook.install }} +{{- if .Values.settingsMigrationJob.install }} apiVersion: v1 kind: Secret metadata: name: {{ .Release.Name }}-smh-secret labels: {{- include "wandb.commonLabels" . | nindent 4 }} - {{- with .Values.global.settingsMigrationHook.helmHookAnnotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} stringData: - SMH_DEBUG: {{ .Values.global.settingsMigrationHook.debug | quote }} - SMH_DRY_RUN: {{ .Values.global.settingsMigrationHook.dryRun | quote }} + SMH_DEBUG: {{ .Values.global.settingsMigrationJob.debug | quote }} + SMH_DRY_RUN: {{ .Values.global.settingsMigrationJob.dryRun | quote }} {{- with include "wandb.bucket" . | fromYaml }} AWS_REGION: "{{ .region }}" AWS_S3_KMS_ID: "{{ .kmsKey }}" diff --git a/charts/operator-wandb/values.yaml b/charts/operator-wandb/values.yaml index 25f2e8d2..6b6482b4 100644 --- a/charts/operator-wandb/values.yaml +++ b/charts/operator-wandb/values.yaml @@ -781,7 +781,7 @@ api: path: redis_ca.pem optional: true -settingsMigrationHook: +settingsMigrationJob: install: false service: enabled: false @@ -816,16 +816,9 @@ settingsMigrationHook: "{{ .Release.Name }}-bucket-configmap": "configMapRef" "{{ .Release.Name }}-bucket": "secretRef" kind: Job - helmHookAnnotations: &helmHookAnnotations - "helm.sh/hook": post-install,post-upgrade - "helm.sh/hook-delete-policy": before-hook-creation jobs: smh: ttlSecondsAfterFinished: 3600 - annotations: - <<: *helmHookAnnotations - # This ensures that the job is created last - "helm.sh/hook-weight": "10" containers: smh: image: diff --git a/charts/wandb-base/templates/role.yaml b/charts/wandb-base/templates/role.yaml index 28be34c6..69d5e906 100644 --- a/charts/wandb-base/templates/role.yaml +++ b/charts/wandb-base/templates/role.yaml @@ -5,10 +5,6 @@ metadata: name: {{ include "wandb-base.fullname" .}} labels: {{- include "wandb-base.labels" . | nindent 4 }} - {{- with .Values.helmHookAnnotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} rules: {{- with .Values.role.rules }} {{- toYaml . | nindent 4 }} diff --git a/charts/wandb-base/templates/rolebinding.yaml b/charts/wandb-base/templates/rolebinding.yaml index 6d7c6931..747fdb44 100644 --- a/charts/wandb-base/templates/rolebinding.yaml +++ b/charts/wandb-base/templates/rolebinding.yaml @@ -5,10 +5,6 @@ metadata: name: {{ include "wandb-base.fullname" . }} labels: {{- include "wandb-base.labels" . | nindent 4 }} - {{- with .Values.helmHookAnnotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} subjects: - kind: ServiceAccount name: {{ include "wandb-base.serviceAccountName" . }} diff --git a/charts/wandb-base/templates/serviceaccount.yaml b/charts/wandb-base/templates/serviceaccount.yaml index cc747902..ea4cf196 100644 --- a/charts/wandb-base/templates/serviceaccount.yaml +++ b/charts/wandb-base/templates/serviceaccount.yaml @@ -5,15 +5,9 @@ metadata: name: {{ include "wandb-base.serviceAccountName" . }} labels: {{- include "wandb-base.labels" . | nindent 4 }} - {{- if or .Values.helmHookAnnotations .Values.serviceAccount.annotations }} annotations: {{- with .Values.serviceAccount.annotations }} {{- toYaml . | nindent 4 }} {{- end }} - {{- with .Values.helmHookAnnotations }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- end }} - automountServiceAccountToken: {{ .Values.serviceAccount.automount }} {{- end }} diff --git a/charts/wandb-base/values.yaml b/charts/wandb-base/values.yaml index c7c7dfe6..4adf0491 100644 --- a/charts/wandb-base/values.yaml +++ b/charts/wandb-base/values.yaml @@ -18,8 +18,6 @@ imagePullSecrets: [] nameOverride: "" fullnameOverride: "" -helmHookAnnotations: {} - env: {} envFrom: {} From d657252334af83a2be5a30eb1ac5b9df241c823c Mon Sep 17 00:00:00 2001 From: Zachary Blasczyk Date: Mon, 13 Jan 2025 18:46:35 -0600 Subject: [PATCH 43/44] rename to smj --- .../templates/settings-migration-hook.yaml | 6 +++--- charts/operator-wandb/values.yaml | 18 +++++++++--------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/charts/operator-wandb/templates/settings-migration-hook.yaml b/charts/operator-wandb/templates/settings-migration-hook.yaml index 6c9cbcdf..9d1d42f2 100644 --- a/charts/operator-wandb/templates/settings-migration-hook.yaml +++ b/charts/operator-wandb/templates/settings-migration-hook.yaml @@ -2,12 +2,12 @@ apiVersion: v1 kind: Secret metadata: - name: {{ .Release.Name }}-smh-secret + name: {{ .Release.Name }}-smj-secret labels: {{- include "wandb.commonLabels" . | nindent 4 }} stringData: - SMH_DEBUG: {{ .Values.global.settingsMigrationJob.debug | quote }} - SMH_DRY_RUN: {{ .Values.global.settingsMigrationJob.dryRun | quote }} + SMJ_DEBUG: {{ .Values.global.settingsMigrationJob.debug | quote }} + SMJ_DRY_RUN: {{ .Values.global.settingsMigrationJob.dryRun | quote }} {{- with include "wandb.bucket" . | fromYaml }} AWS_REGION: "{{ .region }}" AWS_S3_KMS_ID: "{{ .kmsKey }}" diff --git a/charts/operator-wandb/values.yaml b/charts/operator-wandb/values.yaml index 6b6482b4..f7aed1b1 100644 --- a/charts/operator-wandb/values.yaml +++ b/charts/operator-wandb/values.yaml @@ -184,7 +184,7 @@ global: executor: enabled: false - settingsMigrationHook: + settingsMigrationJob: debug: false dryRun: true @@ -798,13 +798,13 @@ settingsMigrationJob: - update - patch env: - SMH_FILE_STORE: + SMJ_FILE_STORE: value: '{{ (include "wandb.bucket" . | fromYaml).url }}' - SMH_K8S_ACTIVE_SPEC_SECRET_NAME: + SMJ_K8S_ACTIVE_SPEC_SECRET_NAME: value: "wandb-spec-active" - SMH_K8S_USER_SPEC_SECRET_NAME: + SMJ_K8S_USER_SPEC_SECRET_NAME: value: "wandb-spec-user" - SMH_K8S_NAMESPACE: + SMJ_K8S_NAMESPACE: value: "default" AZURE_STORAGE_KEY: valueFrom: @@ -817,13 +817,13 @@ settingsMigrationJob: "{{ .Release.Name }}-bucket": "secretRef" kind: Job jobs: - smh: + smj: ttlSecondsAfterFinished: 3600 containers: - smh: + smj: image: repository: wandb/megabinary tag: latest envFrom: - "{{ .Release.Name }}-smh-secret": "secretRef" - args: ["settings-migration-hook"] + "{{ .Release.Name }}-smj-secret": "secretRef" + args: ["settings-migration-job"] From 33b4af425209064f3396611501585e8a113eeb1c Mon Sep 17 00:00:00 2001 From: Zachary Blasczyk Date: Mon, 13 Jan 2025 19:29:50 -0600 Subject: [PATCH 44/44] Rename --- .../{settings-migration-hook.yaml => settings-migration-job.yaml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename charts/operator-wandb/templates/{settings-migration-hook.yaml => settings-migration-job.yaml} (100%) diff --git a/charts/operator-wandb/templates/settings-migration-hook.yaml b/charts/operator-wandb/templates/settings-migration-job.yaml similarity index 100% rename from charts/operator-wandb/templates/settings-migration-hook.yaml rename to charts/operator-wandb/templates/settings-migration-job.yaml