Examples: query, "exact match", wildcard*, wild?ard, wild*rd
Fuzzy search: cake~ (finds cakes, bake)
Term boost: "red velvet"^4, chocolate^2
Field grouping: tags:(+work -"fun-stuff")
Escaping: Escape characters +-&|!(){}[]^"~*?:\ with \, e.g. \+
Range search: properties.timestamp:[1587729413488 TO *] (inclusive), properties.title:{A TO Z}(excluding A and Z)
Combinations: chocolate AND vanilla, chocolate OR vanilla, (chocolate OR vanilla) NOT "vanilla pudding"
Field search: properties.title:"The Title" AND text
Unanswered
Securing Clearml In K8S


Hi folks. I am trying to set up Clear ML in our k8s cluster and would like to expose the Webserver and API server outisde our cluster. I am bit lost with the configuration settings and the ways to do it securely in k8s. I read https://clearml.slack.com/archives/CTK20V944/p1630682666183600 discussion and like smos I am also a bit shaky when it comes to web security. Is there some documentation explaining in simple terms what the different keys/secrets are used for?
“CLEARML__SECURE__HTTP__SESSION_SECRET__APISERVER”: “”,
“CLEARML__SECURE__AUTH__TOKEN_SECRET”: “”,
“CLEARML__SECURE__CREDENTIALS__APISERVER__USER_KEY”: “”,
“CLEARML__SECURE__CREDENTIALS__APISERVER__USER_SECRET”: “”,
“CLEARML__SECURE__CREDENTIALS__WEBSERVER__USER_KEY”: “”,
“CLEARML__SECURE__CREDENTIALS__WEBSERVER__USER_SECRET”: “”,
“CLEARML__SECURE__CREDENTIALS__TESTS__USER_KEY”: “”,
“CLEARML__SECURE__CREDENTIALS__TESTS__USER_SECRET”: “”.

I am setting up the cluster using the helm charts from https://github.com/allegroai/clearml-helm-charts . I understand that some key/secret pair are needed for internal access for the clearML components and the details in apiserver.conf is needed for user access. If I understand right at the moment the apiserver.conf can be sett using additonalconfigs as in the discussion https://clearml.slack.com/archives/CTK20V944/p1648044291291519 . But this means the configs are commited to git (from were the our helm charts are deployed to our cluster) . This we can all agree that is not safe. I also notice that this config can be mounted as a volume or secret or a configmap as suggested https://clearml.slack.com/archives/CTK20V944/p1627029627387300 . Is there any update on the same?

  
  
Posted 2 years ago
156 Views
0 Answers
2 years ago
one year ago