Skip to content

Commit

Permalink
Make forwardauth optional for ClearML
Browse files Browse the repository at this point in the history
  • Loading branch information
@aktech
aktech committed Sep 21, 2021
1 parent 0436edd commit 17bba4b
Show file tree
Hide file tree
Showing 6 changed files with 27 additions and 3 deletions.
14 changes: 14 additions & 0 deletions docs/source/admin_guide/clearml.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,3 +44,17 @@ google_cloud_platform:
## Accessing the ClearML server

The ClearML server can be accessed at: `app.clearml.your-qhub-domain.com`

## Authentication

The ClearML dashboard is secured by default with JupyterHub OAuth
via Traefik ForwardAuth. You can disable it via a flag in the QHub
config yaml:

```yaml
clearml:
enabled: true
enable_forward_auth: false
```

This is especially useful for accessing ClearML programmatically.
1 change: 1 addition & 0 deletions qhub/schema.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,7 @@ class Monitoring(Base):

class ClearML(Base):
enabled: bool
enable_forward_auth: typing.Optional[bool]


# ============== Prefect =============
Expand Down
3 changes: 2 additions & 1 deletion qhub/template/cookiecutter.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,8 @@
"enabled": null
},
"clearml": {
"enabled": null
"enabled": null,
"enable_forward_auth": null
},
"prefect": {
"enabled": null,
Expand Down
3 changes: 3 additions & 0 deletions qhub/template/{{ cookiecutter.repo_directory }}/infrastructure/kubernetes.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -257,6 +257,9 @@ module "clearml" {
namespace = var.environment
external-url = var.endpoint
tls = module.qhub.tls
{% if cookiecutter.clearml.enable_forward_auth is defined -%}
enable-forward-auth = {{ cookiecutter.clearml.enable_forward_auth | default(false,true) | jsonify }}
{% endif -%}
depends_on = [
module.qhub
]
Expand Down
4 changes: 2 additions & 2 deletions ...kiecutter.repo_directory }}/infrastructure/modules/kubernetes/services/clearml/ingress.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,12 +8,12 @@ locals {
clearml_apiserver = "${local.clearml-prefix}-apiserver"

forward_auth_middleware = "traefik-forward-auth"
clearml_middleware = [
clearml_middleware = var.enable-forward-auth ? [
{
name = local.forward_auth_middleware
namespace = var.namespace
}
]
] : []
}

resource "kubernetes_manifest" "clearml-app" {
Expand Down
5 changes: 5 additions & 0 deletions ...ecutter.repo_directory }}/infrastructure/modules/kubernetes/services/clearml/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,3 +25,8 @@ variable "external-url" {
variable "tls" {
description = "TLS configuration"
}

variable "enable-forward-auth" {
type = bool
default = true
}

0 comments on commit 17bba4b

Please sign in to comment.