Examples: query, "exact match", wildcard*, wild?ard, wild*rd
Fuzzy search: cake~ (finds cakes, bake)
Term boost: "red velvet"^4, chocolate^2
Field grouping: tags:(+work -"fun-stuff")
Escaping: Escape characters +-&|!(){}[]^"~*?:\ with \, e.g. \+
Range search: properties.timestamp:[1587729413488 TO *] (inclusive), properties.title:{A TO Z}(excluding A and Z)
Combinations: chocolate AND vanilla, chocolate OR vanilla, (chocolate OR vanilla) NOT "vanilla pudding"
Field search: properties.title:"The Title" AND text
Profile picture
ColorfulBeetle67
Moderator
1 Question, 8 Answers
  Active since 10 January 2023
  Last activity one year ago

Reputation

0

Badges 1

3 × Eureka!
0 Votes
5 Answers
950 Views
0 Votes 5 Answers 950 Views
Securing ClearML in k8s
2 years ago
0 Securing Clearml In K8S

Thank you for the confirmation SuccessfulKoala55

Another option is to pass these settings as environment variables, if that can suit your requirements

The issue with the environment variables is that the helm chart updated the env variables from a secret as shown https://github.com/allegroai/clearml-helm-charts/blob/e16060f2ad9f7075531e132ad9f8155dc5e7870f/charts/clearml/templates/deployment-apiserver.yaml#L80 . If I additional pass the auth information using extraEnvs I am n...

2 years ago
0 Securing Clearml In K8S

SuccessfulKoala55 With enableConfigVolume approach , I have to ensure that a apiserver.conf with the credentials is added to the storage volume?

2 years ago
0 Securing Clearml In K8S

Hi folks. I am trying to set up Clear ML in our k8s cluster and would like to expose the Webserver and API server outisde our cluster. I am bit lost with the configuration settings and the ways to do it securely in k8s. I read https://clearml.slack.com/archives/CTK20V944/p1630682666183600 discussion and like smos I am also a bit shaky when it comes to web security. Is there some documentation explaining in simple terms what the different keys/secrets are used for?
“CLEARML__SECURE__HTTP__...

2 years ago
0 Hi, We’Re Deploying Clearml On The Eks And Have An Issue With Authenticating The Server With The S3 Bucket. The Connection To S3 Bucket Is Not Working. Our Current Diagnosis: Clearml Internally Uses Aws_Access_Key_Id And Aws_Secret_Access_Key. But We A

Right, basically someone needs to configure the “regular” environment variables for boto to use the IAM role,

clearml

will basically uses boto, so it should be transparent. does that make sense ? How do you spin the job on the k8s cluster and how do you configure it?

Yep I was thinking the same that the design choice must have been inspired by transparency. At the moment we just use the sdk to log training runs, model eartifacts etc and upload the model. We dont use t...

2 years ago
0 Hi, We’Re Deploying Clearml On The Eks And Have An Issue With Authenticating The Server With The S3 Bucket. The Connection To S3 Bucket Is Not Working. Our Current Diagnosis: Clearml Internally Uses Aws_Access_Key_Id And Aws_Secret_Access_Key. But We A

AgitatedDove14 TBH, the IAM role scenario I havent tested out since I couldnt get it to work with temp credentials. I can get back to you on this!

And yes I assumed from the docs that the OS env will overwrite the config file ( which I dint provide since I set the credtials based on your answer on https://stackoverflow.com/questions/66216294/clearml-how-to-change-clearml-conf-file-in-aws-sagemaker ) . But somehow it does not work with temp credentials ( where apart from the secret access...

2 years ago
0 Hi, We’Re Deploying Clearml On The Eks And Have An Issue With Authenticating The Server With The S3 Bucket. The Connection To S3 Bucket Is Not Working. Our Current Diagnosis: Clearml Internally Uses Aws_Access_Key_Id And Aws_Secret_Access_Key. But We A

Hi. Its regarding boto clients inside kubernetes cluster and clients in machines of the developers.
In case of clients in the kubernetes cluster we use IAM policies attached to the serviceaccount to enable access to the s3 bucket. In this case I wonder how clearml sdk gets access to the s3 bucket if it relies on secret access key and access key id.
In case of clients in the machines of developer, we use https://github.com/Versent/saml2aws to retrieve temporary credentials. Since these are ...

2 years ago