Skip to content

Commit

Permalink
Draft: adding support for proxy cache
Browse files Browse the repository at this point in the history
  • Loading branch information
AnchorArray committed Nov 16, 2024
1 parent 075bdef commit d298b90
Show file tree
Hide file tree
Showing 6 changed files with 169 additions and 5 deletions.
2 changes: 1 addition & 1 deletion charts/guardrails/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,5 +2,5 @@ apiVersion: v2
name: guardrails
description: A Helm chart for WhyLabs Guardrails
type: application
version: 0.3.1
version: 0.4.0
appVersion: "2.0.1"
12 changes: 8 additions & 4 deletions charts/guardrails/README.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# guardrails

![Version: 0.3.1](https://img.shields.io/badge/Version-0.3.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.0.1](https://img.shields.io/badge/AppVersion-2.0.1-informational?style=flat-square)
![Version: 0.4.0](https://img.shields.io/badge/Version-0.4.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.0.1](https://img.shields.io/badge/AppVersion-2.0.1-informational?style=flat-square)

A Helm chart for WhyLabs Guardrails

Expand Down Expand Up @@ -110,14 +110,14 @@ release_name=""
# the working directory or --destination path
helm pull \
oci://ghcr.io/whylabs/guardrails \
--version 0.3.1
--version 0.4.0
# Requires the helm-diff plugin to be installed:
# helm plugin install https://github.com/databus23/helm-diff
helm diff upgrade \
--allow-unreleased \
--namespace "${target_namespace}" \
"${release_name}" guardrails-0.3.1.tgz
"${release_name}" guardrails-0.4.0.tgz
```
After you've installed the repo you can install the chart.
Expand All @@ -126,7 +126,7 @@ After you've installed the repo you can install the chart.
helm upgrade --install \
--create-namespace \
--namespace "${target_namespace}" \
"${release_name}" guardrails-0.3.1.tgz
"${release_name}" guardrails-0.4.0.tgz
```

## Exposing Guardrails Outside Kubernetes
Expand Down Expand Up @@ -196,6 +196,10 @@ utilization.
|-----|------|---------|-------------|
| affinity | object | `{}` | Affinity settings for `Pod` [scheduling](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/). If an explicit label selector is not provided for pod affinity or pod anti-affinity one will be created from the pod selector labels. |
| autoscaling | object | `{"enabled":false,"maxReplicas":100,"minReplicas":1,"targetCPUUtilizationPercentage":70}` | [Horizontal Pod Autoscaler](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) configuration for the `guardrails` container. |
| cache.annotations | object | `{}` | |
| cache.enable | bool | `false` | |
| cache.labels | object | `{}` | |
| cache.replicaCount | int | `1` | |
| commonLabels | object | `{}` | Labels to add to all chart resources. |
| env | object | `{}` | [Environment variables](https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/) for the `guardrails` container. |
| envFrom | list | `[{"secretRef":{"name":"whylabs-guardrails-api-key","optional":true}},{"secretRef":{"name":"whylabs-guardrails-api-secret","optional":true}}]` | Create environment variables from Kubernetes secrets or config maps. |
Expand Down
63 changes: 63 additions & 0 deletions charts/guardrails/templates/configmap-cache.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
{{- if .Values.cache.enable }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Release.Name }}-cache
data:
nginx.conf: |
pid /tmp/nginx.pid;
events {
worker_connections 1024;
}
http {
proxy_cache_path /tmp/nginx_cache levels=1:2 keys_zone=my_cache:10m max_size=1g
inactive=60m use_temp_path=off;
client_body_temp_path /tmp/client_temp;
proxy_temp_path /tmp/proxy_temp_path;
fastcgi_temp_path /tmp/fastcgi_temp;
uwsgi_temp_path /tmp/uwsgi_temp;
scgi_temp_path /tmp/scgi_temp;
server {
listen 8080;
server_name localhost;
location /v1/policy/list {
include cache_config.conf;
include common_proxy.conf;
proxy_cache_key "$request_uri|$http_x_whylabs_organization";
}
location /v1/organizations/managed-organizations {
include cache_config.conf;
include common_proxy.conf;
proxy_cache_key "$request_uri|$http_x_whylabs_organization";
}
location /v1/policy {
include cache_config.conf;
include common_proxy.conf;
proxy_cache_key "$request_uri|$http_x_whylabs_organization";
}
location /v1/api-key/validate {
include cache_config.conf;
include common_proxy.conf;
proxy_cache_key "$request_uri|$http_x_api_key";
}
location / {
include common_proxy.conf;
}
}
}
cache_config.conf: |
proxy_cache my_cache;
proxy_cache_valid 200 403 1m;
proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504;
add_header X-Cache-Status $upstream_cache_status always;
common_proxy.conf: |
proxy_pass https://songbird.development.whylabsdev.com;
proxy_set_header Host songbird.development.whylabsdev.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Accept $http_accept;
proxy_set_header Accept-Encoding $http_accept_encoding;
proxy_set_header X-API-Key $http_x_api_key;
proxy_set_header X-WhyLabs-Organization $http_x_whylabs_organization;
{{- end }}
76 changes: 76 additions & 0 deletions charts/guardrails/templates/deployment-cache.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,76 @@
{{- if .Values.cache.enable }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ .Release.Name }}-cache
labels:
{{- include "guardrails.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.cache.replicaCount }}
selector:
matchLabels:
app: {{ .Release.Name }}-cache
template:
metadata:
{{- with .Values.cache.annotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "guardrails.labels" . | nindent 8 }}
app: {{ .Release.Name }}-cache
spec:
serviceAccountName: {{ include "guardrails.serviceAccountName" . }}
containers:
- name: nginx
securityContext:
privileged: false
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 101
runAsGroup: 101
fsGroup: 101
capabilities:
drop: ["ALL"]
image: "nginxinc/nginx-unprivileged:latest"
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- name: http
containerPort: 8080
protocol: TCP
volumeMounts:
- name: nginx-config
mountPath: /etc/nginx/nginx.conf
subPath: nginx.conf
- name: nginx-config
mountPath: /etc/nginx/cache_config.conf
subPath: cache_config.conf
- name: nginx-config
mountPath: /etc/nginx/common_proxy.conf
subPath: common_proxy.conf
- name: nginx-temp
mountPath: /tmp
- name: nginx-cache
mountPath: /var/cache/nginx
volumes:
- name: nginx-temp
emptyDir: {}
- name: nginx-cache
emptyDir: {}
- name: nginx-config
configMap:
name: {{ include "guardrails.fullname" . }}-cache
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
15 changes: 15 additions & 0 deletions charts/guardrails/templates/service-cache.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
{{- if .Values.cache.enable }}
apiVersion: v1
kind: Service
metadata:
name: {{ .Release.Name }}-cache
spec:
type: ClusterIP
ports:
- name: http
protocol: TCP
port: 80
targetPort: 8080
selector:
app: {{ .Release.Name }}-cache
{{- end }}
6 changes: 6 additions & 0 deletions charts/guardrails/values.yaml
Original file line number Diff line number Diff line change
@@ -1,3 +1,9 @@
cache:
enable: false
replicaCount: 1
annotations: {}
labels: {}

# -- Number of replicas for the service.
replicaCount: 4

Expand Down

0 comments on commit d298b90

Please sign in to comment.