Examples: query, "exact match", wildcard*, wild?ard, wild*rd
Fuzzy search: cake~ (finds cakes, bake)
Term boost: "red velvet"^4, chocolate^2
Field grouping: tags:(+work -"fun-stuff")
Escaping: Escape characters +-&|!(){}[]^"~*?:\ with \, e.g. \+
Range search: properties.timestamp:[1587729413488 TO *] (inclusive), properties.title:{A TO Z}(excluding A and Z)
Combinations: chocolate AND vanilla, chocolate OR vanilla, (chocolate OR vanilla) NOT "vanilla pudding"
Field search: properties.title:"The Title" AND text
Answered
Securing Clearml In K8S

Securing ClearML in k8s

  
  
Posted one year ago
Votes Newest

Answers 5


SuccessfulKoala55 With enableConfigVolume approach , I have to ensure that a apiserver.conf with the credentials is added to the storage volume?

  
  
Posted one year ago

Thank you for the confirmation SuccessfulKoala55

Another option is to pass these settings as environment variables, if that can suit your requirements

The issue with the environment variables is that the helm chart updated the env variables from a secret as shown https://github.com/allegroai/clearml-helm-charts/blob/e16060f2ad9f7075531e132ad9f8155dc5e7870f/charts/clearml/templates/deployment-apiserver.yaml#L80 . If I additional pass the auth information using extraEnvs I am not sure which value would be update. Hence I have raised an https://github.com/allegroai/clearml-helm-charts/issues/60 requesting the flexibility.

  
  
Posted one year ago

Hi folks. I am trying to set up Clear ML in our k8s cluster and would like to expose the Webserver and API server outisde our cluster. I am bit lost with the configuration settings and the ways to do it securely in k8s. I read https://clearml.slack.com/archives/CTK20V944/p1630682666183600 discussion and like smos I am also a bit shaky when it comes to web security. Is there some documentation explaining in simple terms what the different keys/secrets are used for?
“CLEARML__SECURE__HTTP__SESSION_SECRET__APISERVER”: “”,
“CLEARML__SECURE__AUTH__TOKEN_SECRET”: “”,
“CLEARML__SECURE__CREDENTIALS__APISERVER__USER_KEY”: “”,
“CLEARML__SECURE__CREDENTIALS__APISERVER__USER_SECRET”: “”,
“CLEARML__SECURE__CREDENTIALS__WEBSERVER__USER_KEY”: “”,
“CLEARML__SECURE__CREDENTIALS__WEBSERVER__USER_SECRET”: “”,
“CLEARML__SECURE__CREDENTIALS__TESTS__USER_KEY”: “”,
“CLEARML__SECURE__CREDENTIALS__TESTS__USER_SECRET”: “”.

I am setting up the cluster using the helm charts from https://github.com/allegroai/clearml-helm-charts . I understand that some key/secret pair are needed for internal access for the clearML components and the details in apiserver.conf is needed for user access. If I understand right at the moment the apiserver.conf can be sett using additonalconfigs as in the discussion https://clearml.slack.com/archives/CTK20V944/p1648044291291519 . But this means the configs are commited to git (from were the our helm charts are deployed to our cluster) . This we can all agree that is not safe. I also notice that this config can be mounted as a volume or secret or a configmap as suggested https://clearml.slack.com/archives/CTK20V944/p1627029627387300 . Is there any update on the same?

  
  
Posted one year ago

Yes, sounds right

  
  
Posted one year ago

Hi ColorfulBeetle67 ,

I also notice that this config can be mounted as a volume or secret or a configmap as suggested

That's indeed an option...

Another option is to pass these settings as environment variables, if that can suit your requirements

  
  
Posted one year ago
457 Views
5 Answers
one year ago
one year ago
Tags
Similar posts