Examples: query, "exact match", wildcard*, wild?ard, wild*rd
Fuzzy search: cake~ (finds cakes, bake)
Term boost: "red velvet"^4, chocolate^2
Field grouping: tags:(+work -"fun-stuff")
Escaping: Escape characters +-&|!(){}[]^"~*?:\ with \, e.g. \+
Range search: properties.timestamp:[1587729413488 TO *] (inclusive), properties.title:{A TO Z}(excluding A and Z)
Combinations: chocolate AND vanilla, chocolate OR vanilla, (chocolate OR vanilla) NOT "vanilla pudding"
Field search: properties.title:"The Title" AND text
Answered
Hi, We Are Using Gitlab And It Is A Security Requirement To Use Ssh Keys To Access The Repos For Each Individual. We Are Also Using K8S Glue. Is There Any Provisions To Do This Seamlessly?

Hi, we are using GitLab and it is a security requirement to use ssh keys to access the repos for each individual. We are also using k8s glue. Is there any provisions to do this seamlessly?

  
  
Posted 2 years ago
Votes Newest

Answers 10


Thanks SuccessfulKoala55 . Just pm'ed him.

  
  
Posted 2 years ago

Hi, scenario as follows.

client.py runs task.execute_remotely(queue='myqueue', exit_process=True) The API section of clearml.conf at client side is read in. client side calls clearml server and insert task into queue. K8S glue retrieves task from queue. Spawn a K8S pod. K8S pod performs git clone Error. ssh keys not found.
Each individual has their own key in the gitlab profile and gitlab is configured to only work via ssh.
We can't place the key in the image as this is as good as giving out the key for others to steal. We can't use the TRAINS_AGENT_GIT_USER as Gitlab is configured to only allows SSH.

  
  
Posted 2 years ago

It's not currently supported, but can be done by changing the k8s-glue pod-spinning code

  
  
Posted 2 years ago

Thanks SuccessfulKoala55 . I can try my hand on a patch. But the pod spinning is handled by the k8s glue, which has no link to the client side. How should the client pass the key over to k8s glue during runtime via clearml server?

  
  
Posted 2 years ago

I'm not sure exactly, you'll have to ask him 🙂

  
  
Posted 2 years ago

And any roadmap on this? The organisation's on ssh auth is firm. This can end up not possible to use ClearML for remote execution.

  
  
Posted 2 years ago

Hi SubstantialElk6 , what exactly is missing?

  
  
Posted 2 years ago

what feature on this paid roadmap are you referring to? I am indeed communicating with Noem on paid features.

  
  
Posted 2 years ago

You're quite right on that point, right now you can have some sort of user credentials store next to the k8s glue, but I know the ClearML paid roadmap has plans to support this kind of user-specific server-side configuration.

  
  
Posted 2 years ago

Hey SubstantialElk6 , this will require mounting the .ssh dir as part of the pod spinning, based on the SSH secret of the user

  
  
Posted 2 years ago
511 Views
10 Answers
2 years ago
one year ago
Tags