Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Add custom CA support to Launch Agent #74

Merged
merged 3 commits into from
Feb 5, 2024
Merged

feat: Add custom CA support to Launch Agent #74

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
0a7077b
feat: Add custom CA support to Launch Agent
flamarion Feb 2, 2024
5828282
Fix minor version
flamarion Feb 2, 2024
53f4d1c
New line at the end of values.yaml to make the lint happy
flamarion Feb 2, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion charts/launch-agent/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ name: launch-agent
icon: https://em-content.zobj.net/thumbs/240/apple/354/rocket_1f680.png
description: A Helm chart for running the W&B Launch Agent in Kubernetes
type: application
version: 0.11.9
version: 0.12.0
maintainers:
- name: wandb
email: [email protected]
Expand Down
3 changes: 2 additions & 1 deletion charts/launch-agent/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ The table below describes all the available variables in the chart:
| `agent.nodeSelector` | object | No | `{}` | Node selector for the agent pod. |
| `agent.resources` | object | No | Limit to 1 CPU, 1Gi RAM | Pod spec resources block for the agent. true |
| `agent.startTimeout` | int | No | `1800` | Timeout in seconds that the agent will wait for a job to start before timing out. |
| `agent.minAvailable` | int | No | `1` | Keep at 1 to prevent voluntary disruptions of the agent pod. Set to 0 to enable voluntary disruptions.
| `agent.minAvailable` | int | No | `1` | Keep at 1 to prevent voluntary disruptions of the agent pod. Set to 0 to enable voluntary disruptions. |
| `namespace` | string | No | `wandb` | The namespace to deploy the agent into. |
| `additionalTargetNamespaces` | list(string) | No | [`wandb`,`default`] | A list of namespaces the agent can run jobs in. |
| `baseUrl` | string | No | `https://api.wandb.ai` | URL of your W&B server api. |
Expand All @@ -60,3 +60,4 @@ The table below describes all the available variables in the chart:
| `azureStorageAccessKey` | string | No | "" | Azure storage access key required for kaniko to acces build contexts in azure blob storage. |
| `additionalEnvVars` | map(string) | No | {} | Map with environment variables to be set in the Launch Agent pod. |
| `additionalSecretEnvVars` | map(string) | No | {} | Map with environment variables to be stored in the `launch-agent-secret-env-vars` secret and set in the Launch Agent Pod |
| `customCABundle` | object | No | {} | ConfigMap name and key with the CA Bundle content |
20 changes: 19 additions & 1 deletion charts/launch-agent/templates/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ metadata:
namespace: {{ .Values.namespace }}
annotations:
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
checksum/config: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
spec:
replicas: 1
strategy:
Expand Down Expand Up @@ -73,6 +73,10 @@ spec:
key: {{ .name }}
{{- end }}
{{- end }}
{{- if and .Values.customCABundle.configMap.name .Values.customCABundle.configMap.key }}
- name: REQUESTS_CA_BUNDLE
value: /usr/local/share/ca-certificates/custom-ca.crt
{{- end }}
volumeMounts:
- name: wandb-launch-config
mountPath: /home/launch_agent/.config/wandb
Expand All @@ -85,6 +89,12 @@ spec:
mountPath: /home/launch_agent/
readOnly: true
{{ end }}
{{- if and .Values.customCABundle.configMap.name .Values.customCABundle.configMap.key }}
- name: custom-cabundle
mountPath: /usr/local/share/ca-certificates/custom-ca.crt
subPath: custom-ca.crt
readOnly: true
{{ end }}
volumes:
- name: wandb-launch-config
configMap:
Expand All @@ -97,6 +107,14 @@ spec:
secret:
secretName: git-config
{{ end}}
{{- if and .Values.customCABundle.configMap.name .Values.customCABundle.configMap.key }}
- name: custom-cabundle
configMap:
name: {{ .Values.customCABundle.configMap.name }}
items:
- key: {{ .Values.customCABundle.configMap.key }}
path: custom-ca.crt
{{- end}}
nodeSelector:
{{- toYaml .Values.agent.nodeSelector | nindent 8 }}
---
Expand Down
8 changes: 8 additions & 0 deletions charts/launch-agent/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -63,3 +63,11 @@ serviceAccount:

# Set to access key for azure storage if using kaniko with azure.
azureStorageAccessKey: ""

# Configure the agent to use a custom CA certificate bundle.
# This is useful if you need to use a self-signed certificate.
# The value should be the name of a configMap with the contents of the CA bundle.
customCABundle:
configMap:
name:
key: