Skip to content

Commit

Permalink
azure storage secret (#13)
Browse files Browse the repository at this point in the history
Adding azure storage access key secret as a value.
This gets stored in a k8s secret and mounted as an environment variable in kaniko builds.
This is a kaniko requirement.
  • Loading branch information
bcsherma authored Jun 14, 2023
1 parent 22dec74 commit 5456c8b
Show file tree
Hide file tree
Showing 5 changed files with 23 additions and 2 deletions.
2 changes: 1 addition & 1 deletion charts/launch-agent/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ apiVersion: v2
name: launch-agent
description: A Helm chart for running the W&B Launch Agent in Kubernetes
type: application
version: 0.4.0
version: 0.5.0
maintainers:
- name: wandb
email: support@wandb.com
Expand Down
2 changes: 2 additions & 0 deletions charts/launch-agent/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -32,3 +32,5 @@ Below is a table describing chart variables, their type, whether the user is req
| `launchConfig` | string | **Yes** | n/a | Launch agent configuration file contents. This config will be mounted at `/home/launch_agent/.config/wandb` in the agent container. For more details on how this config is structured, see [these docs](https://docs.wandb.ai/guides/launch/run-agent).
| `gitCreds` | string | No | `null` | If set, the conents of this string will be stored in a k8s secret and then mounted in the agent container at `~/.git-credentials` and used to grant the agent permission to clone private repositories via https. For more information on what the contents of this file should look like, see the [official git documentation](https://git-scm.com/docs/git-credential-store#_storage_format).
| `volcano` | bool | No | `true` | Controls whether the volcano scheduler should be installed in your cluster along with the agent. Set to `false` to disable volcano install.
| `serviceAccount.annotations` | object | No | `{}` | Annotations to add to the service account created for the agent.
| `azureStorageAccessKey` | string | No | "" | Azure storage access key required for kaniko to acces build contexts in azure blob storage.
3 changes: 3 additions & 0 deletions charts/launch-agent/templates/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,9 @@ spec:
metadata:
labels:
app: launch-agent
{{- if .Values.agent.labels }}
{{- toYaml .Values.agent.labels | trim | nindent 8 }}
{{- end }}
spec:
serviceAccountName: wandb-launch-serviceaccount
containers:
Expand Down
13 changes: 13 additions & 0 deletions charts/launch-agent/templates/secret.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ stringData:
password: {{ required "Please set agent.apiKey to a W&B API key" .Values.agent.apiKey }}

{{- if .Values.gitCreds }}
---
apiVersion: v1
kind: Secret
metadata:
Expand All @@ -19,4 +20,16 @@ stringData:
.gitconfig: |
[credential]
helper = store
{{ end }}

{{ if .Values.azureStorageAccessKey }}
---
apiVersion: v1
kind: Secret
metadata:
name: azure-storage-access-key
namespace: wandb
type: kubernetes.io/basic-auth
stringData:
password: {{ .Values.azureStorageAccessKey }}
{{ end }}
5 changes: 4 additions & 1 deletion charts/launch-agent/values.yaml
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
agent:
labels: {}
# W&B API key.
apiKey: ""
# Container image to use for the agent.
Expand All @@ -25,4 +26,6 @@ gitCreds: |
# Annotations for the wandb service account. Useful when setting up workload identity on gcp.
serviceAccount:
annotations:
iam.gke.io/gcp-service-account:

# Set to access key for azure storage if using kaniko with azure.
azureStorageAccessKey: ""

0 comments on commit 5456c8b

Please sign in to comment.