Examples: query, "exact match", wildcard*, wild?ard, wild*rd
Fuzzy search: cake~ (finds cakes, bake)
Term boost: "red velvet"^4, chocolate^2
Field grouping: tags:(+work -"fun-stuff")
Escaping: Escape characters +-&|!(){}[]^"~*?:\ with \, e.g. \+
Range search: properties.timestamp:[1587729413488 TO *] (inclusive), properties.title:{A TO Z}(excluding A and Z)
Combinations: chocolate AND vanilla, chocolate OR vanilla, (chocolate OR vanilla) NOT "vanilla pudding"
Field search: properties.title:"The Title" AND text
Answered
With The Helm Charts, What Is The Recommend Way To Automate Getting An Api Secret Pair For The K8 Glue Agent So You Dont Have To Go Into The Ui And Generate One In Between The Server And Agent Helm Releases?

With the Helm charts, what is the recommend way to automate getting an api secret pair for the k8 glue agent so you dont have to go into the UI and generate one in between the server and agent helm releases?

  
  
Posted one year ago
Votes Newest

Answers 14


Right now, Ive been helm deploying the server, generating a app cred pair in the ui, then pasting it into clearml.agentk8sglueKey: and agentk8sglueSecret: in the clearml-agent values.yaml, then helm deploying the k8glue agent. Which seems like there should be a more straightforward way to do this...

  
  
Posted one year ago

I have to admit, I'm not sure...
Let me talk to backend guys, in theory you are correct the "initial secret" can be injected via the helm env var, but I'm not sure how that would work in this specific case

  
  
Posted one year ago

Yes you have to spin the server in order to generate the access/secret key...

  
  
Posted one year ago

Ahhh yes upon re-reading your message I see what you were saying... Bummer... that seems like a bit of an oversight tbh. Any idea if you can (once of the server is up) generate credentials programmatically (not through the UI) in some way like maybe directly through the api server?

  
  
Posted one year ago

Hmm but doesnt a lot of the helm chart already work like that (like here for example https://github.com/allegroai/clearml-helm-charts/blob/main/charts/clearml/templates/secrets.yaml )? So like just imagine adding some optional additional secrets chart(s) like the one above that are randomly generated at deployment time (unless the user wants to hard code them into values.yaml) only their purpose would be to create the creds for the agent, then the agent just refences them by name via existingAgentk8sglueSecret: which already exists in the chart and boom shouldnt that work?

  
  
Posted one year ago

Ballpark something like this as optional in the server charts... but I am new to Helm so maybe again I am missing something.

  
  
Posted one year ago

Hi ZippyAlligator65
You mean like env vars?

  
  
Posted one year ago

I think you are correct and the first time you spin the server it is not possible (I mean you need it up to get the access/secerey and only then you can insert them into the helm values) ... 😞

  
  
Posted one year ago

So essentially, the server helm chart creates randomly generated secret pair and deploys it as a shared k8 secret that pods can access. The server pod and the agent pod can now both access the secrets as environment variables .

  
  
Posted one year ago

Yeah sort of, for example in the clearml-agent values.yaml there is a clearml.existingAgentk8sglueSecret param. But in the clearml-server helm chart, I am not seeing a way to like create this secret so that both the server container and agent conatiner could ultimately reference it as env variables. https://github.com/allegroai/clearml-helm-charts/blob/main/charts/clearml-agent/values.yaml#L19

  
  
Posted one year ago

I see you concern but I dont think we are talking about the same thing... Maybe I am misunderstanding the server's capabilities, is there some method that when the server starts, credentials will be populated via environment variables? Like where the documentation refers to "fixed users" you can provide via config. Then the helm side, you use something like this: https://itnext.io/manage-auto-generated-secrets-in-your-helm-charts-5aee48ba6918 So essentially, the point of the actual string secret is generated is in the helm chart, it deployed as a shared k8 secret, both the server and agent access it via env variables.

  
  
Posted one year ago

Right exactly, but its just not clear how to accomplish that through the clearml-server values.yaml file. Is it possible to via the standard helm charts just by changing the values or do I have to make custom helm charts?

  
  
Posted one year ago

So essentially, the server helm chart creates randomly generated secret pair and deploys it as a shared k8 secret that pods can access.

This is the tricky part, for the helm chart to be able to create it, it means it can login to the server it means there is a secret embedded in the helm chart that lets you access the default server. you see my point ?

  
  
Posted one year ago

Bummer... that seems like a bit of an oversight tbh.

There is never a solution for those, unless the helm chart "knows" something about the server before spinning it the first time, which basically means a predefined access-key, I do not think we want that 😉

  
  
Posted one year ago
940 Views
14 Answers
one year ago
one year ago
Tags