search

allegroai / clearml-server-helm

ClearML Server for Kubernetes Clusters Using Helm
https://allegroai.github.io/clearml-server-helm/
Other
17 stars 15 forks source link

Configuring user authentication #6

Closed bzamecnik closed 1 year ago

bzamecnik commented 3 years ago

I'm trying to deploy ClearML via Helm (or more precisely Flux/Helm Operator) and need to enable user authentication. Unfortunately the documentation and the Helm chart is not quite clear how to do that.

For running via pip or in docker it was just a matter of modifying the /opt/clearml/config/apiserver.conf file. In the Helm chart the whole /opt/clearml/config directory seems to be at a persistent volume claim. There is some way to use FlexVolume & Azure keyvault by mounting another volume to /opt/clearml/secrets and adding it to TRAINS_CONFIG_DIR. I can imagine using .Values.apiserver.volumeMounts to mount another volume from sealed secret, but TRAINS_CONFIG_DIR can't be modified from values.yaml in another way than use_secrets_flexvolume.

IMHO in in the apiserver deployment TRAINS_CONFIG_DIR could be set /opt/clearml/config:/opt/clearml/secrets by default allowing the user to mount any other volume with the secrets.

A possibility (for now, without modifiying the Helm chart) would be to deploy the app without ingress, modify the config file in the persistent volume manually and then redeploy with ingress enabled. But that's a manual step, I'd like to avoid.

bmartinn commented 3 years ago

Hi @bzamecnik There is active work done on improving the helm chart, see here I'm sure you'll be happy to know the PVC is being removed (it will be used configuration only, I think :) Please feel free to join the conversation

bzamecnik commented 3 years ago

Hi @bmartinn, thanks for the info. Good to hear about further development of the chart. I've looked through the PR but I can't see any changes in apiserver-deployment.yaml related to the configuration file. If I understand it correctly the PVCs defined in persistent-storage.yaml are gonna be replaced by definition within the dependent charts but apiserver-pv1 for /opt/clearml/config remains.

Can I make a small PR just setting TRAINS_CONFIG_DIR=/opt/clearml/config:/opt/clearml/secrets regardless of the FlexVolume so that we can use existing .Values.apiserver.volumeMounts?

jkhenning commented 1 year ago

Closing this as the issue has been resolved. Please see our new repository - https://github.com/allegroai/clearml-helm-charts