Fixed Users

[SpontaneousDuck]

Hello,

So what is the best way to set and add fixed users when using the Helm install? The link to optional configuration at the bottom of the readme is broken and only links to the main ClearML repository. I found docs saying I need to edit the clearML config file but where does that sit in Kubernetes and is there a way to change it without just shelling in to the container? I am working on getting the server set up and really need to limit the users who can access it.

Thanks for the help!

[bzamecnik]

Hi @SpontaneousDuck, I've been trying to solve exactly this issue just a few days ago (see https://github.com/allegroai/clearml-server-helm/issues/6). So far the easiest solution that I can think of is that I make a PR setting the env var TRAINS_CONFIG_DIR=/opt/clearml/config:/opt/clearml/secrets by default, so that we can configure another volume in values overrides.

Otherwise with the current helm chart it seems that the only hack (when not using Azure) is to deploy the service without authentication (possible risk), modify the config file in the persistent volume and restart. Then possibly add a public ingress.

[bmartinn]

@bzamecnik Thanks! ❤️ the PR :)

@SpontaneousDuck we are working on improving the Helm installation, but for the configuration files you have to provide a mount point. Do notice that this is a read-only mount point that is actually only accesses at service boot time. I think that @bzamecnik PR should work quite well regardless of the k8s deployment, WDYT?

[SpontaneousDuck]

So this would make it so the users config will go in a separate volume which we will be able to configure? Thanks for looking at this!

[clearml-bot]

Hi @SpontaneousDuck,

The users config will be an optional part of the server's config file, which in most cases will be pretty empty save for these values (all other configurations will likely be in environment variables). It will still require a reconfiguration and an apiserver service restart, though.