Skip to content

Commit

Permalink
Merge pull request #10 from whylabs/dev/aberg/add-managed-sa-#86azc4mux
Browse files Browse the repository at this point in the history
Add managed ServiceAccount
  • Loading branch information
AnchorArray authored Feb 14, 2024
2 parents 7441ff5 + 855fba4 commit 0922988
Show file tree
Hide file tree
Showing 7 changed files with 82 additions and 32 deletions.
7 changes: 7 additions & 0 deletions charts/langkit/CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,13 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning]
(https://semver.org/spec/v2.0.0.html).

## [0.8.0] - 2023-02-14 :heart:

### Added

- Added managed `ServiceAccount` with configurations for `annotations` to
support authentication methods such as AWS IRSA.

## [0.7.0] - 2023-02-12

### Changed
Expand Down
2 changes: 1 addition & 1 deletion charts/langkit/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,5 +2,5 @@ apiVersion: v2
name: langkit
description: A Helm chart for LangKit container deployment
type: application
version: 0.7.0
version: 0.8.0
appVersion: "1.0.2.dev4"
40 changes: 23 additions & 17 deletions charts/langkit/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -55,22 +55,22 @@ View the difference between the current state and desired state.
# helm plugin install https://github.com/databus23/helm-diff
helm diff upgrade \
--allow-unreleased \
langkit langkit-0.7.0.tgz
langkit langkit-0.8.0.tgz
```

### Install/Update
```shell
helm upgrade --install \
--create-namespace \
--namespace langkit \
langkit langkit-0.7.0.tgz
langkit langkit-0.8.0.tgz
```

### Uninstall
```shell
helm uninstall \
--namespace langkit \
langkit langkit-0.7.0.tgz
langkit langkit-0.8.0.tgz
```

## Development
Expand All @@ -88,6 +88,11 @@ helm-docs --dry-run

| Key | Type | Default | Description |
|-----|------|---------|-------------|
| affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].podAffinityTerm.labelSelector.matchExpressions[0].key | string | `"app.kubernetes.io/name"` | |
| affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].podAffinityTerm.labelSelector.matchExpressions[0].operator | string | `"In"` | |
| affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].podAffinityTerm.labelSelector.matchExpressions[0].values[0] | string | `"langkit"` | |
| affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].podAffinityTerm.topologyKey | string | `"kubernetes.io/hostname"` | |
| affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].weight | int | `100` | |
| containers.env[0].name | string | `"HOME"` | |
| containers.env[0].value | string | `"/home"` | |
| containers.env[1].name | string | `"HF_HOME"` | |
Expand All @@ -96,13 +101,11 @@ helm-docs --dry-run
| containers.securityContext.runAsUser | int | `1000` | |
| containers.volumeMounts[0].mountPath | string | `"/tmp"` | |
| containers.volumeMounts[0].name | string | `"temp-dir"` | |
| containers.volumeMounts[1].mountPath | string | `"/root/.config"` | |
| containers.volumeMounts[1].name | string | `"root-config"` | |
| containers.volumeMounts[2].mountPath | string | `"/home"` | |
| containers.volumeMounts[2].name | string | `"home"` | |
| containers.volumeMounts[1].mountPath | string | `"/home"` | |
| containers.volumeMounts[1].name | string | `"home"` | |
| fullnameOverride | string | `""` | |
| image.containerPort | int | `8000` | |
| image.pullPolicy | string | `"IfNotPresent"` | |
| image.pullPolicy | string | `"Always"` | |
| image.repository | string | `"whylabs/whylogs"` | |
| image.tag | string | `"py-llm-1.0.2.dev4"` | |
| imagePullSecrets | list | `[]` | |
Expand All @@ -113,10 +116,11 @@ helm-docs --dry-run
| ingress.hosts[0].paths[0].path | string | `"/"` | |
| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | |
| ingress.tls | list | `[]` | |
| initContainers.volumeMounts[0].mountPath | string | `"/root/.config"` | |
| initContainers.volumeMounts[0].name | string | `"root-config"` | |
| initContainers.volumeMounts[1].mountPath | string | `"/home"` | |
| initContainers.volumeMounts[1].name | string | `"home"` | |
| initContainers.command[0] | string | `"sh"` | |
| initContainers.command[1] | string | `"-c"` | |
| initContainers.command[2] | string | `"cp -R /opt/whylogs-container/.cache /home/"` | |
| initContainers.volumeMounts[0].mountPath | string | `"/home"` | |
| initContainers.volumeMounts[0].name | string | `"home"` | |
| livenessProbe.initialDelaySeconds | int | `15` | |
| livenessProbe.periodSeconds | int | `10` | |
| livenessProbe.tcpSocket.port | int | `8000` | |
Expand All @@ -133,17 +137,19 @@ helm-docs --dry-run
| resources.limits.memory | string | `"16Gi"` | |
| resources.requests.cpu | string | `"4"` | |
| resources.requests.memory | string | `"8Gi"` | |
| secrets.langkitApiSecret.name | string | `"langkit-api-secret"` | |
| secrets.whylabsApiKey.name | string | `"whylabs-api-key"` | |
| secrets.langkitApiSecret | object | `{"name":"langkit-api-secret"}` | from-literal=CONTAINER_PASSWORD=<llangkit-api-secret> |
| secrets.whylabsApiKey | object | `{"name":"whylabs-api-key"}` | from-literal=WHYLABS_API_KEY=<whylabs-api-key> |
| service.port | int | `80` | |
| service.type | string | `"ClusterIP"` | |
| serviceAccount.annotations | object | `{}` | |
| serviceAccount.automount | bool | `true` | |
| serviceAccount.create | bool | `true` | |
| serviceAccount.name | string | `""` | |
| tolerations | list | `[]` | |
| volumes[0].emptyDir | object | `{}` | |
| volumes[0].name | string | `"temp-dir"` | |
| volumes[1].emptyDir | object | `{}` | |
| volumes[1].name | string | `"root-config"` | |
| volumes[2].emptyDir | object | `{}` | |
| volumes[2].name | string | `"home"` | |
| volumes[1].name | string | `"home"` | |

----------------------------------------------
Autogenerated from chart metadata using [helm-docs v1.12.0](https://github.com/norwoodj/helm-docs/releases/v1.12.0)
11 changes: 11 additions & 0 deletions charts/langkit/templates/_helpers.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -49,3 +49,14 @@ Selector labels
app.kubernetes.io/name: langkit
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}

{{/*
Create the name of the service account to use
*/}}
{{- define "langkit.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "langkit.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}
1 change: 1 addition & 0 deletions charts/langkit/templates/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ spec:
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "langkit.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.pod.securityContext | nindent 8 }}
initContainers:
Expand Down
13 changes: 13 additions & 0 deletions charts/langkit/templates/serviceaccount.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "langkit.serviceAccountName" . }}
labels:
{{- include "langkit.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
{{- end }}
40 changes: 26 additions & 14 deletions charts/langkit/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,17 +3,26 @@ replicaCount: 3
nameOverride: ""
fullnameOverride: ""

serviceAccount:
# Specifies whether a service account should be created
create: true
# Automatically mount a ServiceAccount's API credentials?
automount: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""

ingress:
enabled: false
className: ""
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- host: chart-example.local
paths:
- path: /
pathType: ImplementationSpecific
hosts: []
# - host: chart-example.local
# paths:
# - path: /
# pathType: ImplementationSpecific
tls: []
# - secretName: chart-example-tls
# hosts:
Expand All @@ -36,6 +45,7 @@ pod:
# runAsUser: 1000

containers:
# containers.securityContext -- (object) Container security context
securityContext:
readOnlyRootFilesystem: true
runAsUser: 1000
Expand All @@ -44,19 +54,23 @@ containers:
# - ALL
# runAsNonRoot: true
# runAsUser: 1000
# containers.env -- (list) Environment variables for the containers
env:
- name: HOME
value: "/home"
- name: HF_HOME
value: "/home/.cache/hf_home"
# containers.volumeMounts -- (list) Volume mounts for containers
volumeMounts:
- name: temp-dir
mountPath: /tmp
- name: home
mountPath: /home

initContainers:
# initContainers.command -- (list) Command for init container
command: ["sh", "-c", "cp -R /opt/whylogs-container/.cache /home/"]
# initContainers.volumeMounts -- (list) Volume mounts for init container
volumeMounts:
- name: home
mountPath: /home
Expand All @@ -74,15 +88,11 @@ resources:
memory: 16Gi

secrets:
# kubectl create secret generic whylabs-api-key \
# --namespace=langkit \
# --from-literal=WHYLABS_API_KEY=<whylabs-api-key>
whylabsApiKey:
whylabsApiKey:
# -- Name of the secret that stores the WhyLabs API Key
name: whylabs-api-key
# kubectl create secret generic langkit-api-secret \
# --namespace=langkit \
# --from-literal=CONTAINER_PASSWORD=<llangkit-api-secret>
langkitApiSecret:
# -- Name of the secret that stores the WhyLabs LangKit API Secret
name: langkit-api-secret

livenessProbe:
Expand All @@ -104,6 +114,7 @@ tolerations: []
# operator: Equal
# value: spot

# @ignored
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
Expand All @@ -117,6 +128,7 @@ affinity:
values:
- langkit

# volumes -- (list) Volumes to create
volumes:
- name: temp-dir
emptyDir: {}
Expand Down

0 comments on commit 0922988

Please sign in to comment.