I'll try that. How can I make it to use authentication too?

aha got it..
I assume env vars would be configured according to this doc:
https://allegro.ai/clearml/docs/docs/deploying_clearml/clearml_server_config.html#dynamic-environment-variables

Thanks!

I'm using a simple pyhocon code to test it and it won't decode. So it won't reach the code to ovverride settings at all.

The K8sIntegration can be made into a nice operator for example and deeply integrate into ClearML itself. :grinning_face_with_star_eyes:

Huh it works now…!

no...

standard URI
according to:
https://elasticsearch-py.readthedocs.io/en/v7.12.1/#tls-ssl-and-authentication

Okayyy. I'll try this. Thanks for your help Jake!

No it doesn’t work from entirely new browser too. 😞
As this is a staging instance. let me remove and deploy without these changes.

Ok I think I might have found the problem.

I am already changing the chart, it would be no problem. But which env vars?

https://github.com/allegroai/clearml-server/blob/babfcbb70701fc725448556d1e691cdfd1292949/apiserver/es_factory.py

https://allegro.ai/clearml/docs/docs/deploying_clearml/clearml_server_config.html

The login prompt doesn’t appear (I tried removing cookies and all too)

Hmm maybe this will work
https://elasticsearch-py.readthedocs.io/en/v7.12.1/#tls-ssl-and-authentication

I'll try that and report back

CLEARML__SECURE__HTTP__SESSION_SECRET__APISERVER
Does this one need to be changed?

Oh well it doesn’t work for me then… I keep getting errors.

oh great!
let me take a look at this. There’s a lot of custom tooling so integration is very important.

cc: FiercePenguin76 ^^^

Yes.
ClearML has all these awesome dashboards. I was thinking maybe there will be some deploy to prod/staging/shadow button so you can do everything from there. (Like Gitlab CI/CD if you have seen that)
That would be ideal.

I want to find a good deployment framework (if exists) and integrate it into our ClearML workflow).
like get latest release with prod tag from clearml api and apply that to k8s.
something along those lines

ah ok. So only solution is changing the hardcoded one…
I will be looking into docs to find the right env variable. If you know it I’d appreciate you telling me 😄 SuccessfulKoala55

I’m using it in clearml k8s integration. So i’d rather avoid all extra stuff and bind the jupyter directly. Then use Istio, etc to secure access to it. I don’t think using ssh tunnels brings about any functionality or advantages of any sort when using kubernetes.

I actually got the idea to disable istio for the container. I think that'll work considering api-server doesn't need to be accessed directly from outside.

I'll test that and then your approach. If nothing works then I'll post again 😄

Thanks for your help Jake

we’re running it with the older helm chart if that matters. anyways I can’t see anything related to Gunicorn in chart or configs.

- name: CLEARML__APISERVER__PRE_POPULATE__ENABLED value: "false" - name: CLEARML__APISERVER__PRE_POPULATE__ZIP_FILES value: /opt/clearml/db-pre-populate - name: CLEARML_SERVER_DEPLOYMENT_TYPE value: helm-cloud

The rest are clearly credentials…

It's concating them together:
[WARNING] [elasticsearch] GET http://[ https://elasti ....

How is it going to access to actual pod? Is it a headless service?

Yes I see. But the current env doesn't reach there because it cannot be decoded by pyhocon.

of course because the tuple is valid in Python.
but there's no way I can supply a tuple in the HOCON format (of json for that matter(