Closed bzamecnik closed 1 year ago
Hi @bzamecnik There is active work done on improving the helm chart, see here I'm sure you'll be happy to know the PVC is being removed (it will be used configuration only, I think :) Please feel free to join the conversation
Hi @bmartinn, thanks for the info. Good to hear about further development of the chart. I've looked through the PR but I can't see any changes in apiserver-deployment.yaml related to the configuration file. If I understand it correctly the PVCs defined in persistent-storage.yaml are gonna be replaced by definition within the dependent charts but apiserver-pv1
for /opt/clearml/config
remains.
Can I make a small PR just setting TRAINS_CONFIG_DIR=/opt/clearml/config:/opt/clearml/secrets
regardless of the FlexVolume so that we can use existing .Values.apiserver.volumeMounts
?
Closing this as the issue has been resolved. Please see our new repository - https://github.com/allegroai/clearml-helm-charts
I'm trying to deploy ClearML via Helm (or more precisely Flux/Helm Operator) and need to enable user authentication. Unfortunately the documentation and the Helm chart is not quite clear how to do that.
For running via pip or in docker it was just a matter of modifying the
/opt/clearml/config/apiserver.conf
file. In the Helm chart the whole/opt/clearml/config
directory seems to be at a persistent volume claim. There is some way to use FlexVolume & Azure keyvault by mounting another volume to/opt/clearml/secrets
and adding it toTRAINS_CONFIG_DIR
. I can imagine using.Values.apiserver.volumeMounts
to mount another volume from sealed secret, butTRAINS_CONFIG_DIR
can't be modified fromvalues.yaml
in another way thanuse_secrets_flexvolume
.IMHO in in the apiserver deployment
TRAINS_CONFIG_DIR
could be set/opt/clearml/config:/opt/clearml/secrets
by default allowing the user to mount any other volume with the secrets.A possibility (for now, without modifiying the Helm chart) would be to deploy the app without ingress, modify the config file in the persistent volume manually and then redeploy with ingress enabled. But that's a manual step, I'd like to avoid.