Examples: query, "exact match", wildcard*, wild?ard, wild*rd
Fuzzy search: cake~ (finds cakes, bake)
Term boost: "red velvet"^4, chocolate^2
Field grouping: tags:(+work -"fun-stuff")
Escaping: Escape characters +-&|!(){}[]^"~*?:\ with \, e.g. \+
Range search: properties.timestamp:[1587729413488 TO *] (inclusive), properties.title:{A TO Z}(excluding A and Z)
Combinations: chocolate AND vanilla, chocolate OR vanilla, (chocolate OR vanilla) NOT "vanilla pudding"
Field search: properties.title:"The Title" AND text
Answered
[Clearml-Session Discussion] I Have Modified Clearml-Session And Clearml-Agent To Provide Gpu Resources To Our Company As A Tool, And It Is Being Well-Utilized By Data Scientists And Mlops Engineers In Our Company. Here’S What I Modified:

[clearml-session discussion]
I have modified clearml-session and clearml-agent to provide GPU resources to our company as a tool, and it is being well-utilized by data scientists and MLOps engineers in our company. Here’s what I modified:

  • Opened container ports for VS Code, JupyterLab, and SSH.
  • Added NodePort to the service to directly access via public IP:NodePort (previously only SSH was available, but now NodePort is added for VS Code and JupyterLab as well), allowing direct access without SSH tunneling.
  • Considering security vulnerabilities, SSH allows access with password or RSA key, VS Code requires a password, and JupyterLab allows access with a token.
  • Since using the clearml-session CLI was inconvenient, I modified it to run as a task, allowing anyone who can access clearml-server to clone and enqueue the task.The modifications I made have proven to be more convenient than using the clearml-session CLI, and all our developers are using it effectively. What do you think about this? Would you be willing to accept my Pull Request if I submit it?
  
  
Posted one year ago
Votes Newest

Answers 3


Hi @<1524922424720625664:profile|TartLeopard58>

  • Opened container ports for VS Code, JupyterLab, and SSH.I think that by default it uses the host network so it can take care of that, are you saying you added k8s integration ?
  • Added NodePort to the service to directly access via public IP:NodePort (previously only SSH was available, but now NodePort is added for VS Code and JupyterLab as well), allowing direct access without SSH tunneling.Interesting!
  • Considering security vulnerabilities, SSH allows access with password or RSA key, VS Code requires a password, and JupyterLab allows access with a token."SSH allows access with password" it is a very long random password, not sure I see a risk here, wdyt?
  • Since using the clearml-session CLI was inconvenient, I modified it to run as a task, allowing anyone who can access clearml-server to clone and enqueue the task.I'm assuming this only works if you are adding an HTTP/s routing ?

I'm with @<1529271085315395584:profile|AmusedCat74> , would love to learn more on what you did, sounds like a great addition

  
  
Posted one year ago

@<1523701205467926528:profile|AgitatedDove14> @<1529271085315395584:profile|AmusedCat74> Hi guys 🙌

  • I think that by default it uses the host network so it can take care of that, are you saying you added k8s integration ?-> Yes, i modified clearml-agent helm chart.
  • “SSH allows access with password” it is a very long random password, not sure I see a risk here, wdyt?-> Currently, when enqueueing a task, clearml-session generates a long random password for SSH and VS Code and displays it in the user properties(see pic). We only run the tasks when needed and turn them off when not in use. However, I understand that it may be less secure compared to using SSH tunneling. However, convenience is prioritized more in our company.
  • I’m assuming this only works if you are adding an HTTP/s routing ?-> I haven’t added any HTTP/s routing myself. When creating services for SSH, VS Code, and Jupyter in the service-sessions.yaml file of the clearml-agent Helm chart, I used nodePort for each service. Later, when enqueueing tasks, the clearml-session script is aware of these nodePorts and generates the corresponding URLs.
    I must admit that this approach is somewhat hardcoded. I wanted to use Istio, similar to Kubeflow Notebook, to create URLs like “<public ip>/jupyter/?ns=<namespace>“. So, as I’m planning to enhance the system, I thought it would be good to get your opinion in advance and consider submitting a PR to your side.
    image
  
  
Posted one year ago

I’ve had some issues with clearml sessions. I’d be interested in seeing a PR. Would you mind posting a link please?

  
  
Posted one year ago
1K Views
3 Answers
one year ago
one year ago
Tags