From 28246f247aec630b47e8097f21c8cc411bd752ea Mon Sep 17 00:00:00 2001 From: Krzysztof Begiedza Date: Sat, 19 Feb 2022 19:40:32 +0100 Subject: [PATCH 1/6] Added better readme --- helm-chart/README.md | 168 +++++++++++++++++++++++++++++++------------ 1 file changed, 124 insertions(+), 44 deletions(-) diff --git a/helm-chart/README.md b/helm-chart/README.md index b135b0584483..a870978725af 100644 --- a/helm-chart/README.md +++ b/helm-chart/README.md @@ -1,58 +1,138 @@ -# FAQ -## What should be configured before installation? -1. You should have configured connection to existed k8s cluster -2. Helm must be installed -3. You should download chart external dependencies, using following commands: -``` - helm repo add bitnami https://charts.bitnami.com/bitnami - helm repo update - helm dependency update -``` -4. (Optional) Install ingress of your choice (for example: ) -5. (Optional) Create certificates for https (for example: ) -6. (Optional) Create values.override.yaml and override there parameters you want -7. Change postgresql password as described below -8. Add ingress to values.override.yaml(example also below) -7. Deploy cvat using command below -## How to deploy new version of chart to cluster? -Execute following command: -```helm upgrade --install ./helm-chart -f ./helm-chart/values.yaml -f values.override.yaml(if exists) --namespace ``` -## How to create superuser? -``` -HELM_RELEASE_NAMESPACE="" &&\ -HELM_RELEASE_NAME="" &&\ -BACKEND_POD_NAME=$(kubectl get pod --namespace $HELM_RELEASE_NAMESPACE -l tier=backend,app.kubernetes.io/instance=$HELM_RELEASE_NAME -o jsonpath='{.items[0].metadata.name}') &&\ -kubectl exec -it --namespace $HELM_RELEASE_NAMESPACE $BACKEND_POD_NAME -c cvat-backend-app-container -- python manage.py createsuperuser -``` -## How to change embedded postgresql password? -There are several passwords used here, for security reasons - better change them all. +# CVAT chart manual + +- [CVAT chart manual](#cvat-chart-manual) + - [Prerequisites](#prerequisites) + - [Installing dependencies](#installing-dependencies) + - [Optional steps](#optional-steps) + - [Configuration](#configuration) + - [Postgresql password?](#postgresql-password) + - [Ingress parameters](#ingress-parameters) + - [Deployment](#deployment) + - [With overrides:](#with-overrides) + - [Without overrides:](#without-overrides) + - [Post-deployment configuration](#post-deployment-configuration) + - [How to create superuser?](#how-to-create-superuser) + - [FAQ](#faq) + - [What is kubernetes and how it is working?](#what-is-kubernetes-and-how-it-is-working) + - [What is helm and how it is working?](#what-is-helm-and-how-it-is-working) + - [How to enable ingress:](#how-to-enable-ingress) + - [How to understand what diff will be inflicted by 'helm upgrade'?](#how-to-understand-what-diff-will-be-inflicted-by-helm-upgrade) + - [I want to use my own postgresql/redis with your chart.](#i-want-to-use-my-own-postgresqlredis-with-your-chart) + - [I want to override some settings in values.yaml.](#i-want-to-override-some-settings-in-valuesyaml) + - [Why you used external charts to provide redis and postgres?](#why-you-used-external-charts-to-provide-redis-and-postgres) + +## Prerequisites +1. Installed and configured [kubernetes](https://kubernetes.io/) cluster. +2. Installed [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl) +3. Installed [Helm](https://helm.sh/). +4. Installed [dependencies](#installing-dependencies) + +### Installing dependencies +To install and/or update run: +```sh +helm repo add bitnami https://charts.bitnami.com/bitnami +helm repo update +helm dependency update ``` + +### Optional steps +1. Install ingress of your choice (for example: ) +2. Create certificates for https (for example: ) + +## Configuration +1. Create `values.override.yaml` file inside `helm-chart` directory. +2. Fill `values.override.yaml` with new parameters for chart. +3. Override [postgresql password](#postgresql-password) +4. (Optional) Add [ingress parameters](#ingress-parameters) + +### Postgresql password? +Put below into your `values.override.yaml` +```yaml postgresql: secret: - password: cvat_postgresql - postgres_password: cvat_postgresql_postgres - replication_password: cvat_postgresql_replica -``` -Or, if you know how to work with k8s - you could create your own secret and use it here: + password: + postgres_password: + replication_password: ``` +Or create your own secret and use it with: +```yaml postgresql: global: postgresql: - existingSecret: cvat-postgres-secret + existingSecret: +``` + +### Ingress parameters +Paste below parameters to `values.override.yaml` +```yaml +ingress: + enabled: true + annotations: + kubernetes.io/ingress.class: nginx + kubernetes.io/tls-acme: "true" + ingress.kubernetes.io/ssl-redirect: "true" + nginx.ingress.kubernetes.io/use-regex: "true" + nginx.ingress.kubernetes.io/secure-backends: "true" + nginx.ingress.kubernetes.io/proxy-body-size: "0" + nginx.ingress.kubernetes.io/proxy-send-timeout: "120" + nginx.ingress.kubernetes.io/proxy-read-timeout: "120" + cert-manager.io/cluster-issuer: + hosts: + - host: + paths: + - path: "/api/.*|git/.*|tensorflow/.*|auto_annotation/.*|analytics/.*|static/.*|admin|admin/.*|documentation/.*|dextr/.*|reid/.*" + service: + name: -backend-service + port: 8080 + - path: "/" + pathType: "Prefix" + service: + name: -frontend-service + port: 80 + + tls: + - hosts: + - + secretName: ingress-tls-cvat ``` -## How to describe ingress: + +## Deployment +Make sure you are using correct kubernetes context. You can check it with `kubectl config current-context`. + +Execute following command from repo root directory +### With overrides: +```helm upgrade -n -i --create-namespace ./helm-chart -f ./helm-chart/values.yaml -f ./helm-chart/values.override.yaml``` + +### Without overrides: +```helm upgrade -n -i --create-namespace ./helm-chart -f ./helm-chart/values.yaml``` + +## Post-deployment configuration + +1. Create [super user](#how-to-create-superuser) + +### How to create superuser? +```sh +HELM_RELEASE_NAMESPACE="" &&\ +HELM_RELEASE_NAME="" &&\ +BACKEND_POD_NAME=$(kubectl get pod --namespace $HELM_RELEASE_NAMESPACE -l tier=backend,app.kubernetes.io/instance=$HELM_RELEASE_NAME -o jsonpath='{.items[0].metadata.name}') &&\ +kubectl exec -it --namespace $HELM_RELEASE_NAMESPACE $BACKEND_POD_NAME -c cvat-backend-app-container -- python manage.py createsuperuser +``` + +## FAQ + +### What is kubernetes and how it is working? +See +### What is helm and how it is working? +See +### How to enable ingress: Just set `ingress.enabled:` to `true`, then copy example, uncomment it and change values there -## How to understand what diff will be inflicted by 'helm upgrade'? +### How to understand what diff will be inflicted by 'helm upgrade'? You can use for that -## I want to use my own postgresql/redis with your chart. +### I want to use my own postgresql/redis with your chart. Just set `postgresql.enabled` or `redis.enabled` to `false`, as described below. Then - put your instance params to "external" field -## I want to override some settings in values.yaml. +### I want to override some settings in values.yaml. Just create file `values.override.yaml` and place your changes here, using same structure as in `values.yaml`. Then reference it in helm update/install command using `-f` flag -## Why you used external charts to provide redis and postgres? -Because they definitely know what they do better then we are, so we are getting more quality and less support -## What is kubernetes and how it is working? -See -## What is helm and how it is working? -See +### Why you used external charts to provide redis and postgres? +Because they definitely know what they do better then we are, so we are getting more quality and less support \ No newline at end of file From a764ba7c6d383a9ff884b0c95d678291e0f28e18 Mon Sep 17 00:00:00 2001 From: Krzysztof Begiedza Date: Sat, 19 Feb 2022 19:40:46 +0100 Subject: [PATCH 2/6] Fixed format --- helm-chart/values.yaml | 23 +++++++++++------------ 1 file changed, 11 insertions(+), 12 deletions(-) diff --git a/helm-chart/values.yaml b/helm-chart/values.yaml index f4d1b6137c98..a4ed06c48518 100644 --- a/helm-chart/values.yaml +++ b/helm-chart/values.yaml @@ -2,7 +2,6 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. - imagePullSecrets: [] nameOverride: "" fullnameOverride: "" @@ -31,8 +30,8 @@ cvat: # - e2e-az1 # - e2e-az2 envs: - ALLOWED_HOSTS: "*" - DJANGO_MODWSGI_EXTRA_ARGS: "" + ALLOWED_HOSTS: "*" + DJANGO_MODWSGI_EXTRA_ARGS: "" additionalEnv: [] # Example: # - name: volume-from-secret @@ -56,8 +55,8 @@ cvat: protocol: TCP name: http defaultStorage: - enabled: true - size: 20Gi + enabled: true + size: 20Gi frontend: replicas: 1 image: openvino/cvat_ui @@ -110,7 +109,7 @@ postgresql: user: postgres password: postgres dbname: cvat - # If not external following config will be applied by default + # If not external following config will be applied by default global: postgresql: existingSecret: cvat-postgres-secret @@ -129,7 +128,7 @@ redis: #See https://github.com/bitnami/charts/blob/master/bitnami/redis/ for more info enabled: true external: - host: 127.0.0.1 + host: 127.0.0.1 usePassword: false cluster: enabled: false @@ -146,21 +145,21 @@ ingress: # nginx.ingress.kubernetes.io/proxy-body-size: "0" # nginx.ingress.kubernetes.io/proxy-send-timeout: "120" # nginx.ingress.kubernetes.io/proxy-read-timeout: "120" -# cert-manager.io/cluster-issuer: example.issuer.name +# cert-manager.io/cluster-issuer: # hosts: -# - host: cvat.example.com +# - host: # paths: # - path: "/api/.*|git/.*|tensorflow/.*|auto_annotation/.*|analytics/.*|static/.*|admin|admin/.*|documentation/.*|dextr/.*|reid/.*" # service: -# name: cvt-test-backend-service +# name: -backend-service # port: 8080 # - path : "/" # pathType: "Prefix" # service: -# name: cvt-test-frontend-service +# name: -frontend-service # port: 80 # # tls: # - hosts: -# - cvat.example.com +# - # secretName: ingress-tls-cvat From f62ee00872883aaf3e94a9be455ab99154c15017 Mon Sep 17 00:00:00 2001 From: Krzysztof Begiedza Date: Sat, 19 Feb 2022 19:40:56 +0100 Subject: [PATCH 3/6] Added init container for backend service --- .../templates/cvat_backend/deployment.yml | 69 +++++++++++++++++++ 1 file changed, 69 insertions(+) diff --git a/helm-chart/templates/cvat_backend/deployment.yml b/helm-chart/templates/cvat_backend/deployment.yml index 86cd22d2fab2..4fd23dd12e9d 100644 --- a/helm-chart/templates/cvat_backend/deployment.yml +++ b/helm-chart/templates/cvat_backend/deployment.yml @@ -143,6 +143,75 @@ spec: {{- toYaml . | nindent 10 }} {{- end }} {{- end }} + - name: cvat-backend-migrate-database + image: {{ .Values.cvat.backend.image }}:{{ .Values.cvat.backend.tag }} + command: ["python", "./manage.py", "migrate"] + {{- with .Values.cvat.backend.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + env: + - name: DJANGO_MODWSGI_EXTRA_ARGS + value: {{ .Values.cvat.backend.envs.DJANGO_MODWSGI_EXTRA_ARGS}} + {{- if .Values.redis.enabled }} + - name: CVAT_REDIS_HOST + value: "{{ .Release.Name }}-redis-master" + {{- else }} + - name: CVAT_REDIS_HOST + value: "{{ .Values.redis.external.host }}" + {{- end }} + {{- if .Values.postgresql.enabled }} + - name: CVAT_POSTGRES_HOST + valueFrom: + secretKeyRef: + name: "{{ .Release.Name }}-{{ .Values.postgresql.secret.name }}" + key: postgresql-hostname + - name: CVAT_POSTGRES_USER + valueFrom: + secretKeyRef: + name: "{{ .Release.Name }}-{{ .Values.postgresql.secret.name }}" + key: postgresql-username + - name: CVAT_POSTGRES_DBNAME + valueFrom: + secretKeyRef: + name: "{{ .Release.Name }}-{{ .Values.postgresql.secret.name }}" + key: postgresql-database + - name: CVAT_POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: "{{ .Release.Name }}-{{ .Values.postgresql.secret.name }}" + key: postgresql-password + {{- else }} + - name: CVAT_POSTGRES_HOST + value: "{{ .Values.postgresql.external.host }}" + - name: CVAT_POSTGRES_USER + value: "{{ .Values.postgresql.external.user }}" + - name: CVAT_POSTGRES_DBNAME + value: "{{ .Values.postgresql.external.dbname }}" + - name: CVAT_POSTGRES_PASSWORD + value: "{{ .Values.postgresql.external.password }}" + {{- end }} + {{- with .Values.cvat.backend.additionalEnv }} + {{- toYaml . | nindent 10 }} + {{- end }} + ports: + - containerPort: 8080 + volumeMounts: + - mountPath: /home/django/data + name: cvat-backend-data + subPath: data + - mountPath: /home/django/keys + name: cvat-backend-data + subPath: keys + - mountPath: /home/django/logs + name: cvat-backend-data + subPath: logs + - mountPath: /home/django/models + name: cvat-backend-data + subPath: models + {{- with .Values.cvat.backend.additionalVolumeMounts }} + {{- toYaml . | nindent 10 }} + {{- end }} {{- with .Values.cvat.backend.affinity }} affinity: {{- toYaml . | nindent 8 }} From 712c98b20db004b315e993f5925ec27c7fed3a75 Mon Sep 17 00:00:00 2001 From: Krzysztof Begiedza Date: Sat, 19 Feb 2022 19:53:05 +0100 Subject: [PATCH 4/6] Changelog update --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index e8e37d70e02d..44180564e231 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -34,6 +34,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Basic page with jobs list, basic filtration to this list () - Added OpenCV.js TrackerMIL as tracking tool () - Ability to continue working from the latest frame where an annotator was before () +- Helm chart: Init container with migrations for backend-service () ### Changed @@ -42,6 +43,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - API versioning scheme: using accept header versioning instead of namespace versioning () - Replaced 'django_sendfile' with 'django_sendfile2' () - Use drf-spectacular instead of drf-yasg for swagger documentation () +- Improved helm chart readme () ### Deprecated - Job field "status" is not used in UI anymore, but it has not been removed from the database yet () From 563186d900c06d326131ce0dc192bdb9cb25c50a Mon Sep 17 00:00:00 2001 From: Krzysztof Begiedza Date: Mon, 21 Feb 2022 18:59:38 +0100 Subject: [PATCH 5/6] Removed init container --- .../templates/cvat_backend/deployment.yml | 69 ------------------- 1 file changed, 69 deletions(-) diff --git a/helm-chart/templates/cvat_backend/deployment.yml b/helm-chart/templates/cvat_backend/deployment.yml index 4fd23dd12e9d..86cd22d2fab2 100644 --- a/helm-chart/templates/cvat_backend/deployment.yml +++ b/helm-chart/templates/cvat_backend/deployment.yml @@ -143,75 +143,6 @@ spec: {{- toYaml . | nindent 10 }} {{- end }} {{- end }} - - name: cvat-backend-migrate-database - image: {{ .Values.cvat.backend.image }}:{{ .Values.cvat.backend.tag }} - command: ["python", "./manage.py", "migrate"] - {{- with .Values.cvat.backend.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - env: - - name: DJANGO_MODWSGI_EXTRA_ARGS - value: {{ .Values.cvat.backend.envs.DJANGO_MODWSGI_EXTRA_ARGS}} - {{- if .Values.redis.enabled }} - - name: CVAT_REDIS_HOST - value: "{{ .Release.Name }}-redis-master" - {{- else }} - - name: CVAT_REDIS_HOST - value: "{{ .Values.redis.external.host }}" - {{- end }} - {{- if .Values.postgresql.enabled }} - - name: CVAT_POSTGRES_HOST - valueFrom: - secretKeyRef: - name: "{{ .Release.Name }}-{{ .Values.postgresql.secret.name }}" - key: postgresql-hostname - - name: CVAT_POSTGRES_USER - valueFrom: - secretKeyRef: - name: "{{ .Release.Name }}-{{ .Values.postgresql.secret.name }}" - key: postgresql-username - - name: CVAT_POSTGRES_DBNAME - valueFrom: - secretKeyRef: - name: "{{ .Release.Name }}-{{ .Values.postgresql.secret.name }}" - key: postgresql-database - - name: CVAT_POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: "{{ .Release.Name }}-{{ .Values.postgresql.secret.name }}" - key: postgresql-password - {{- else }} - - name: CVAT_POSTGRES_HOST - value: "{{ .Values.postgresql.external.host }}" - - name: CVAT_POSTGRES_USER - value: "{{ .Values.postgresql.external.user }}" - - name: CVAT_POSTGRES_DBNAME - value: "{{ .Values.postgresql.external.dbname }}" - - name: CVAT_POSTGRES_PASSWORD - value: "{{ .Values.postgresql.external.password }}" - {{- end }} - {{- with .Values.cvat.backend.additionalEnv }} - {{- toYaml . | nindent 10 }} - {{- end }} - ports: - - containerPort: 8080 - volumeMounts: - - mountPath: /home/django/data - name: cvat-backend-data - subPath: data - - mountPath: /home/django/keys - name: cvat-backend-data - subPath: keys - - mountPath: /home/django/logs - name: cvat-backend-data - subPath: logs - - mountPath: /home/django/models - name: cvat-backend-data - subPath: models - {{- with .Values.cvat.backend.additionalVolumeMounts }} - {{- toYaml . | nindent 10 }} - {{- end }} {{- with .Values.cvat.backend.affinity }} affinity: {{- toYaml . | nindent 8 }} From 99e36f5abcdc245fa74e257143588e6fc7e2ab73 Mon Sep 17 00:00:00 2001 From: Krzysztof Begiedza Date: Mon, 21 Feb 2022 19:00:32 +0100 Subject: [PATCH 6/6] Changelog update --- CHANGELOG.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 44180564e231..bf7efca26cb7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -34,8 +34,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Basic page with jobs list, basic filtration to this list () - Added OpenCV.js TrackerMIL as tracking tool () - Ability to continue working from the latest frame where an annotator was before () -- Helm chart: Init container with migrations for backend-service () - ### Changed - Users don't have access to a task object anymore if they are assigneed only on some jobs of the task ()