diff --git a/charts/operator-wandb/Chart.yaml b/charts/operator-wandb/Chart.yaml index 35d6aa6b..8760d780 100644 --- a/charts/operator-wandb/Chart.yaml +++ b/charts/operator-wandb/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: operator-wandb description: A Helm chart for deploying W&B to Kubernetes type: application -version: 0.3.4 +version: 0.4.0 appVersion: 1.0.0 icon: https://wandb.ai/logo.svg diff --git a/charts/operator-wandb/charts/app/templates/deployment.yaml b/charts/operator-wandb/charts/app/templates/deployment.yaml index bef7d714..4dc3f3d6 100644 --- a/charts/operator-wandb/charts/app/templates/deployment.yaml +++ b/charts/operator-wandb/charts/app/templates/deployment.yaml @@ -131,13 +131,16 @@ spec: key: SLACK_SECRET - name: OIDC_SECRET - value: {{ .Values.global.oidc.secret }} + value: {{ .Values.global.auth.oidc.secret }} - name: OIDC_CLIENT_ID - value: {{ .Values.global.oidc.clientId }} + value: {{ .Values.global.auth.oidc.clientId }} - name: OIDC_AUTH_METHOD - value: {{ .Values.global.oidc.authMethod }} + value: {{ .Values.global.auth.oidc.authMethod }} - name: OIDC_ISSUER - value: {{ .Values.global.oidc.issuer }} + value: {{ .Values.global.auth.oidc.issuer }} + + - name: GORILLA_SESSION_LENGTH + value: "{{ .Values.global.auth.oidc.sessionLengthHours }}h" - name: BUCKET value: {{ .Values.global.storage.connectionString }} diff --git a/charts/operator-wandb/charts/app/values.yaml b/charts/operator-wandb/charts/app/values.yaml index 01e96f91..9f71eba5 100644 --- a/charts/operator-wandb/charts/app/values.yaml +++ b/charts/operator-wandb/charts/app/values.yaml @@ -58,4 +58,4 @@ resources: memory: 1Gi limits: cpu: 4000m - memory: 8Gi \ No newline at end of file + memory: 8Gi diff --git a/charts/operator-wandb/templates/ingress.yaml b/charts/operator-wandb/templates/ingress.yaml index 31da5cd0..6ca996ec 100644 --- a/charts/operator-wandb/templates/ingress.yaml +++ b/charts/operator-wandb/templates/ingress.yaml @@ -1,17 +1,77 @@ +{{- if .Values.ingress.issuer.create }} +{{- if eq .Values.ingress.issuer.type "google" }} +--- +apiVersion: networking.gke.io/v1 +kind: ManagedCertificate +metadata: + name: {{ .Release.Name }}-cert + namespace: {{ .Release.Namespace }} + labels: + {{- include "wandb.commonLabels" . | nindent 4 }} +spec: + domains: + - {{ replace "https://" "" (replace "http://" "" .Values.global.host) }} +{{- else }} +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: {{ .Release.Name }}-issuer + namespace: {{ .Release.Namespace }} + labels: + {{- include "wandb.commonLabels" . | nindent 4 }} +spec: + acme: + # The ACME server URL + server: {{ .Values.ingress.issuer.server | quote }} + email: {{ .Values.ingress.issuer.email | quote }} + # Name of a secret used to store the ACME account private key + privateKeySecretRef: + name: {{ .Release.Name }}-acme-key + # Enable the HTTP-01 challenge provider + solvers: + - http01: + ingress: + class: {{ .Values.ingress.class }} +{{- end }} +{{- end }} +--- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: {{ .Release.Name }} labels: {{- include "wandb.commonLabels" . | nindent 4 }} - {{- if .Values.global.ingress.labels -}} - {{- toYaml .Values.global.ingress.labels | nindent 4 }} + {{- if .Values.ingress.labels -}} + {{- toYaml .Values.ingress.labels | nindent 4 }} {{- end }} annotations: - {{- if .Values.global.ingress.annotations -}} - {{- toYaml .Values.global.ingress.annotations | nindent 4 }} + {{- if .Values.ingress.issuer.create }} + {{- if eq .Values.ingress.issuer.type "google" }} + "networking.gke.io/managed-certificates" : "{{ .Release.Name }}-cert" + {{- else }} + "cert-manager.io/issuer": "{{ .Release.Name }}-issuer" + "cert-manager.io/acme-challenge-type": "http01" + {{- end }} + "kubernetes.io/ingress.allow-http" : "false" + {{- end }} + + {{- if .Values.ingress.annotations -}} + {{- toYaml .Values.ingress.annotations | nindent 4 }} {{- end }} spec: + ingressClassName: {{ .Values.ingress.class }} + + {{- if .Values.ingress.issuer.create }} + {{- if ne .Values.ingress.issuer.type "google" }} + tls: + - host: [{{ replace "https://" "" (replace "http://" "" .Values.global.host) }}] + secretName: {{ .Release.Name }}-tls + {{- end }} + {{- else }} + tls: {{ toYaml .Values.ingress.tls | nindent 4 }} + {{- end }} + rules: - http: paths: @@ -22,9 +82,10 @@ spec: name: {{ .Release.Name }}-console port: number: 8082 + defaultBackend: service: - {{- if eq .Values.global.ingress.defaultBackend "console" }} + {{- if eq .Values.ingress.defaultBackend "console" }} name: {{ .Release.Name }}-console port: number: 8082 diff --git a/charts/operator-wandb/values.yaml b/charts/operator-wandb/values.yaml index b2ecda07..e70bc8e3 100644 --- a/charts/operator-wandb/values.yaml +++ b/charts/operator-wandb/values.yaml @@ -43,11 +43,13 @@ global: user: "wandb" password: "" - oidc: - clientId: "" - secret: "" - authMethod: "" - issuer: "" + auth: + sessionLengthHours: 720 + oidc: + clientId: "" + secret: "" + authMethod: "" + issuer: "" storage: connectionString: "" @@ -61,10 +63,16 @@ global: parameters: {} caCert: "" - ingress: - defaultBackend: "app" - annotations: {} - labels: {} +ingress: + defaultBackend: "app" + annotations: {} + labels: {} + tls: [] + class: "" + issuer: + create: false + server: https://acme-v02.api.letsencrypt.org/directory + email: support@wandb.com slack: secret: ""