diff --git a/charts/operator-wandb/Chart.yaml b/charts/operator-wandb/Chart.yaml index 1c8f5a36..6c24ae9a 100644 --- a/charts/operator-wandb/Chart.yaml +++ b/charts/operator-wandb/Chart.yaml @@ -52,3 +52,7 @@ dependencies: version: "*.*.*" repository: file://charts/flat-run-fields-updater condition: flat-run-fields-updater.install + - name: nginx + version: "*.*.*" + repository: file://charts/nginx + condition: nginx.install diff --git a/charts/operator-wandb/charts/nginx/.helmignore b/charts/operator-wandb/charts/nginx/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/charts/operator-wandb/charts/nginx/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/operator-wandb/charts/nginx/Chart.yaml b/charts/operator-wandb/charts/nginx/Chart.yaml new file mode 100644 index 00000000..8a7adc44 --- /dev/null +++ b/charts/operator-wandb/charts/nginx/Chart.yaml @@ -0,0 +1,15 @@ +apiVersion: v2 +name: nginx +type: application +description: A Helm chart for Kubernetes + +version: 0.1.0 +appVersion: "0.33.0" + +home: https://wandb.ai +icon: https://wandb.ai/logo.svg + +maintainers: + - name: wandb + email: support@wandb.com + url: https://wandb.com diff --git a/charts/operator-wandb/charts/nginx/README.md b/charts/operator-wandb/charts/nginx/README.md new file mode 100644 index 00000000..5436d248 --- /dev/null +++ b/charts/operator-wandb/charts/nginx/README.md @@ -0,0 +1 @@ +# nginx diff --git a/charts/operator-wandb/charts/nginx/templates/_helpers.tpl b/charts/operator-wandb/charts/nginx/templates/_helpers.tpl new file mode 100644 index 00000000..1249fae5 --- /dev/null +++ b/charts/operator-wandb/charts/nginx/templates/_helpers.tpl @@ -0,0 +1,129 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "nginx.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified nginx name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "nginx.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "nginx.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "nginx.labels" -}} +helm.sh/chart: {{ include "nginx.chart" . }} +{{ include "nginx.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +wandb.com/app-name: {{ include "nginx.chart" . }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "nginx.selectorLabels" -}} +app.kubernetes.io/name: {{ include "nginx.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "nginx.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "nginx.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + +{{/* +Returns the extraEnv keys and values to inject into containers. + +Global values will override any chart-specific values. +*/}} +{{- define "nginx.extraEnv" -}} +{{- $allExtraEnv := merge (default (dict) .local.extraEnv) .global.extraEnv -}} +{{- range $key, $value := $allExtraEnv }} +- name: {{ $key }} + value: {{ $value | quote }} +{{- end -}} +{{- end -}} + +{{/* +Returns a list of _common_ labels to be shared across all +app deployments and other shared objects. +*/}} +{{- define "nginx.commonLabels" -}} +{{- $commonLabels := default (dict) .Values.common.labels -}} +{{- if $commonLabels }} +{{- range $key, $value := $commonLabels }} +{{ $key }}: {{ $value | quote }} +{{- end }} +{{- end -}} +{{- end -}} + +{{/* +Returns a list of _pod_ labels to be shared across all +nginx deployments. +*/}} +{{- define "nginx.podLabels" -}} +{{- range $key, $value := .Values.pod.labels }} +{{ $key }}: {{ $value | quote }} +{{- end }} +{{- end -}} + +{{- define "nginx.redis" -}} +{{- $cs := include "wandb.redis.connectionString" . }} +{{- $ca := include "wandb.redis.caCert" . }} +{{- if $ca }} +{{- printf "%s?tls=true&caCertPath=/etc/ssl/certs/redis_ca.pem&ttlInSeconds=604800" $cs -}} +{{- else }} +{{- print $cs -}} +{{- end }} +{{- end }} + +{{- define "nginx.bucket" -}} +{{- $bucket := "" -}} +{{- if eq .Values.global.bucket.provider "az" -}} +{{- $bucket = printf "az://%s/%s" .Values.global.bucket.name .Values.global.bucket.path -}} +{{- end -}} +{{- if eq .Values.global.bucket.provider "gcs" -}} +{{- $bucket = printf "gs://%s" .Values.global.bucket.name -}} +{{- end -}} +{{- if eq .Values.global.bucket.provider "s3" -}} +{{- if and .Values.global.bucket.accessKey .Values.global.bucket.secretKey -}} +{{- $bucket = printf "s3://%s:%s@%s/%s" .Values.global.bucket.accessKey .Values.global.bucket.secretKey .Values.global.bucket.name .Values.global.bucket.path -}} +{{- else -}} +{{- $bucket = printf "s3://%s/%s" .Values.global.bucket.name .Values.global.bucket.path -}} +{{- end -}} +{{- end -}} +{{- trimSuffix "/" $bucket -}} +{{- end -}} \ No newline at end of file diff --git a/charts/operator-wandb/charts/nginx/templates/configmap.yaml b/charts/operator-wandb/charts/nginx/templates/configmap.yaml new file mode 100644 index 00000000..ede7a03b --- /dev/null +++ b/charts/operator-wandb/charts/nginx/templates/configmap.yaml @@ -0,0 +1,39 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "nginx.fullname" . }} + labels: + {{- include "wandb.commonLabels" . | nindent 4 }} + {{- include "nginx.commonLabels" . | nindent 4 }} + {{- include "nginx.labels" . | nindent 4 }} + {{- if .Values.configMap.labels -}} + {{- toYaml .Values.configMap.labels | nindent 4 }} + {{- end }} + annotations: + {{- if .Values.configMap.annotations -}} + {{- toYaml .Values.configMap.annotations | nindent 4 }} + {{- end }} +data: + nginx.conf: | + user nginx; + worker_processes auto; + error_log /var/log/nginx/error.log; + pid /var/run/nginx.pid; + + events { + worker_connections 1024; + } + + http { + server { + listen 80; + + location / { + proxy_pass http://{{ .Release.Name }}-app; + } + + location /console { + proxy_pass http://{{ .Release.Name }}-console; + } + } + } diff --git a/charts/operator-wandb/charts/nginx/templates/deployment.yaml b/charts/operator-wandb/charts/nginx/templates/deployment.yaml new file mode 100644 index 00000000..59bd4fd0 --- /dev/null +++ b/charts/operator-wandb/charts/nginx/templates/deployment.yaml @@ -0,0 +1,69 @@ +{{- if .Values.enabled }} +{{- $imageCfg := dict "global" $.Values.global.image "local" $.Values.image -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "nginx.fullname" . }} + labels: + {{- include "wandb.commonLabels" . | nindent 4 }} + {{- include "nginx.commonLabels" . | nindent 4 }} + {{- include "nginx.labels" . | nindent 4 }} + {{- if .Values.deployment.labels -}} + {{- toYaml .Values.deployment.labels | nindent 4 }} + {{- end }} + annotations: + {{- include "wandb.deploymentAnnotations" $ | nindent 4 }} + {{- if .Values.deployment.annotations -}} + {{- toYaml .Values.deployment.annotations | nindent 4 }} + {{- end }} +spec: + replicas: 1 + selector: + matchLabels: + {{- include "wandb.selectorLabels" $ | nindent 6 }} + {{- include "nginx.labels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "wandb.podLabels" . | nindent 8 }} + {{- include "nginx.commonLabels" . | nindent 8 }} + {{- include "nginx.podLabels" . | nindent 8 }} + {{- include "nginx.labels" . | nindent 8 }} + annotations: + checksum/configmap: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + {{- if .Values.pod.annotations -}} + {{- toYaml .Values.pod.annotations | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ include "app.serviceAccountName" . }} + {{- if .tolerations }} + tolerations: + {{- toYaml .tolerations | nindent 8 }} + {{- end }} + {{- include "wandb.nodeSelector" . | nindent 6 }} + {{- include "wandb.priorityClassName" . | nindent 6 }} + {{- include "wandb.podSecurityContext" .Values.pod.securityContext | nindent 6 }} + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + volumeMounts: + {{- if ne (include "wandb.redis.caCert" .) "" }} + - name: {{ include "nginx.fullname" . }}-redis-ca + mountPath: /etc/ssl/certs/redis_ca.pem + subPath: redis_ca.pem + {{- end }} + ports: + - containerPort: 80 + {{- include "nginx.extraEnv" (dict "global" $.Values.global "local" .Values) | nindent 12 }} + {{- include "wandb.extraEnvFrom" (dict "root" $ "local" .) | nindent 12 }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + volumeMounts: + - name: config-volume + mountPath: /etc/nginx/nginx.conf + subPath: nginx.conf + volumes: + - name: config-volume + configMap: + name: {{ include "nginx.fullname" . }} +{{- end }} diff --git a/charts/operator-wandb/charts/nginx/templates/hpa.yaml b/charts/operator-wandb/charts/nginx/templates/hpa.yaml new file mode 100644 index 00000000..800c01b9 --- /dev/null +++ b/charts/operator-wandb/charts/nginx/templates/hpa.yaml @@ -0,0 +1,23 @@ +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "nginx.fullname" . }} + namespace: {{ $.Release.Namespace }} + labels: + {{- include "wandb.commonLabels" . | nindent 4 }} + {{- include "nginx.commonLabels" . | nindent 4 }} + {{- include "nginx.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "nginx.fullname" . }} + minReplicas: 1 + maxReplicas: 1 + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: 70 diff --git a/charts/operator-wandb/charts/nginx/templates/role.yaml b/charts/operator-wandb/charts/nginx/templates/role.yaml new file mode 100644 index 00000000..11bd36d3 --- /dev/null +++ b/charts/operator-wandb/charts/nginx/templates/role.yaml @@ -0,0 +1,23 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "app.fullname" . }} + namespace: {{ $.Release.Namespace }} + labels: + {{- include "wandb.commonLabels" . | nindent 4 }} + {{- include "app.commonLabels" . | nindent 4 }} + {{- include "app.labels" . | nindent 4 }} + {{- if .Values.role.labels -}} + {{- toYaml .Values.role.labels | nindent 4 }} + {{- end }} + annotations: + {{- if .Values.role.annotations -}} + {{- toYaml .Values.role.annotations | nindent 4 }} + {{- end }} +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "create", "update", "delete"] + - apiGroups: [""] + resources: ["namespaces"] + verbs: ["get"] \ No newline at end of file diff --git a/charts/operator-wandb/charts/nginx/templates/rolebinding.yaml b/charts/operator-wandb/charts/nginx/templates/rolebinding.yaml new file mode 100644 index 00000000..3441d038 --- /dev/null +++ b/charts/operator-wandb/charts/nginx/templates/rolebinding.yaml @@ -0,0 +1,23 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "app.fullname" . }} + labels: + {{- include "wandb.commonLabels" . | nindent 4 }} + {{- include "app.commonLabels" . | nindent 4 }} + {{- include "app.labels" . | nindent 4 }} + {{- if .Values.role.labels -}} + {{- toYaml .Values.role.labels | nindent 4 }} + {{- end }} + annotations: + {{- if .Values.role.annotations -}} + {{- toYaml .Values.role.annotations | nindent 4 }} + {{- end }} +roleRef: + kind: ClusterRole + apiGroup: rbac.authorization.k8s.io + name: {{ include "app.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ include "app.fullname" . }} + namespace: {{ .Release.Namespace }} diff --git a/charts/operator-wandb/charts/nginx/templates/service.yaml b/charts/operator-wandb/charts/nginx/templates/service.yaml new file mode 100644 index 00000000..910c81bf --- /dev/null +++ b/charts/operator-wandb/charts/nginx/templates/service.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "nginx.fullname" . }} + labels: + {{- include "wandb.commonLabels" . | nindent 4 }} + {{- include "nginx.labels" . | nindent 4 }} + {{- include "nginx.commonLabels" . | nindent 4 }} + {{- if .Values.service.labels -}} + {{- toYaml .Values.service.labels | nindent 4 }} + {{- end }} + annotations: + {{- if .Values.service.annotations -}} + {{- toYaml .Values.service.annotations | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.service.type }} + ports: + - protocol: TCP + port: 80 + targetPort: 80 + selector: + {{- include "nginx.labels" . | nindent 4 }} \ No newline at end of file diff --git a/charts/operator-wandb/charts/nginx/templates/serviceaccount.yaml b/charts/operator-wandb/charts/nginx/templates/serviceaccount.yaml new file mode 100644 index 00000000..c3824d12 --- /dev/null +++ b/charts/operator-wandb/charts/nginx/templates/serviceaccount.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "app.serviceAccountName" . }} + namespace: {{ $.Release.Namespace }} + labels: + {{- include "wandb.commonLabels" . | nindent 4 }} + {{- include "app.commonLabels" . | nindent 4 }} + {{- include "app.labels" . | nindent 4 }} + {{- if .Values.serviceAccount.labels -}} + {{- toYaml .Values.serviceAccount.labels | nindent 4 }} + {{- end }} + annotations: + {{- if .Values.serviceAccount.annotations -}} + {{- toYaml .Values.serviceAccount.annotations | nindent 4 }} + {{- end }} diff --git a/charts/operator-wandb/charts/nginx/values.yaml b/charts/operator-wandb/charts/nginx/values.yaml new file mode 100644 index 00000000..56b78f70 --- /dev/null +++ b/charts/operator-wandb/charts/nginx/values.yaml @@ -0,0 +1,52 @@ +nameOverride: "" +fullnameOverride: "" + +image: + repository: nginx/local + tag: latest + pullPolicy: Always + # pullSecrets: [] + +# Tolerations for pod scheduling +tolerations: [] + +extraEnv: {} +extraEnvFrom: {} + +pod: + securityContext: + fsGroup: 0 + fsGroupChangePolicy: "OnRootMismatch" + labels: {} + annotations: {} + +common: + labels: {} + +deployment: + labels: {} + annotations: {} + +service: + type: ClusterIP + annotations: {} + labels: {} + +resources: + # We usually recommend not to specify default resources and to leave this as a + # conscious choice for the user. This also increases chances charts run on + # environments with little resources, such as Minikube. If you do want to + # specify resources, uncomment the following lines, adjust them as necessary, + # and remove the curly braces after 'resources:'. + requests: + cpu: 100m + memory: 1Gi + limits: + cpu: 4000m + memory: 8Gi + +serviceAccount: + create: true + +role: {} +roleBinding: {} diff --git a/charts/operator-wandb/templates/ingress.yaml b/charts/operator-wandb/templates/ingress.yaml index b204845f..f502b60c 100644 --- a/charts/operator-wandb/templates/ingress.yaml +++ b/charts/operator-wandb/templates/ingress.yaml @@ -3,7 +3,6 @@ apiVersion: cert-manager.io/v1 kind: Issuer metadata: name: {{ .Release.Name }}-issuer - namespace: {{ .Release.Namespace }} labels: {{- include "wandb.commonLabels" . | nindent 4 }} spec: @@ -20,7 +19,8 @@ spec: ingress: class: {{ .Values.ingress.class }} {{- end }} -{{- if .Values.ingress.install }} + +{{- if eq .Values.ingress.use "native" }} --- apiVersion: networking.k8s.io/v1 kind: Ingress diff --git a/charts/operator-wandb/values.yaml b/charts/operator-wandb/values.yaml index 91d73a88..5b6b8108 100644 --- a/charts/operator-wandb/values.yaml +++ b/charts/operator-wandb/values.yaml @@ -103,7 +103,7 @@ global: runUpdatesShadowTopic: "" ingress: - install: true + use: "native" nameOverride: "" defaultBackend: "app" annotations: {} @@ -117,6 +117,12 @@ ingress: server: https://acme-v02.api.letsencrypt.org/directory email: support@wandb.com +nginx: + install: false + image: + repository: wandb/local + tag: latest + parquet: install: true image: