From 29a5913348a19a3709c82a531b4fbaa90e0dd2b9 Mon Sep 17 00:00:00 2001 From: AnchorArray Date: Fri, 26 Apr 2024 12:52:53 -0700 Subject: [PATCH 1/6] [WIP] Initial pass of guardrails Helm chart --- charts/guardrails/.helmignore | 23 +++ charts/guardrails/CHANGELOG.md | 13 ++ charts/guardrails/Chart.yaml | 24 +++ charts/guardrails/README.md | 73 +++++++++ charts/guardrails/README.md.gotmpl | 45 ++++++ charts/guardrails/templates/NOTES.txt | 55 +++++++ charts/guardrails/templates/_helpers.tpl | 65 +++++++++ charts/guardrails/templates/deployment.yaml | 96 ++++++++++++ charts/guardrails/templates/hpa.yaml | 32 ++++ charts/guardrails/templates/ingress.yaml | 61 ++++++++ charts/guardrails/templates/service.yaml | 19 +++ .../guardrails/templates/serviceaccount.yaml | 13 ++ .../templates/tests/test-connection.yaml | 15 ++ charts/guardrails/values.yaml | 138 ++++++++++++++++++ 14 files changed, 672 insertions(+) create mode 100644 charts/guardrails/.helmignore create mode 100644 charts/guardrails/CHANGELOG.md create mode 100644 charts/guardrails/Chart.yaml create mode 100644 charts/guardrails/README.md create mode 100644 charts/guardrails/README.md.gotmpl create mode 100644 charts/guardrails/templates/NOTES.txt create mode 100644 charts/guardrails/templates/_helpers.tpl create mode 100644 charts/guardrails/templates/deployment.yaml create mode 100644 charts/guardrails/templates/hpa.yaml create mode 100644 charts/guardrails/templates/ingress.yaml create mode 100644 charts/guardrails/templates/service.yaml create mode 100644 charts/guardrails/templates/serviceaccount.yaml create mode 100644 charts/guardrails/templates/tests/test-connection.yaml create mode 100644 charts/guardrails/values.yaml diff --git a/charts/guardrails/.helmignore b/charts/guardrails/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/charts/guardrails/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/guardrails/CHANGELOG.md b/charts/guardrails/CHANGELOG.md new file mode 100644 index 0000000..3b11b18 --- /dev/null +++ b/charts/guardrails/CHANGELOG.md @@ -0,0 +1,13 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning] +(https://semver.org/spec/v2.0.0.html). + +## [0.1.0] - 2024-04-26 + +### Added + +- Initial release of `guardrails` Helm chart diff --git a/charts/guardrails/Chart.yaml b/charts/guardrails/Chart.yaml new file mode 100644 index 0000000..54ab574 --- /dev/null +++ b/charts/guardrails/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: guardrails +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" diff --git a/charts/guardrails/README.md b/charts/guardrails/README.md new file mode 100644 index 0000000..e5c5e74 --- /dev/null +++ b/charts/guardrails/README.md @@ -0,0 +1,73 @@ +# guardrails + +![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.16.0](https://img.shields.io/badge/AppVersion-1.16.0-informational?style=flat-square) + +A Helm chart for Kubernetes + +## Installing the Chart + +```shell +# Downloads a .tgz file to the working directory or --destination path +helm pull \ + oci://ghcr.io/whylabs/guardrails \ + --version 0.1.0 + +helm diff upgrade \ + --allow-unreleased \ + --namespace \ + `# Specify the .tgz file as the chart` \ + guardrails guardrails-0.1.0.tgz +``` + +After you've installed the repo you can install the chart. + +```shell +helm upgrade --install \ + --create-namespace \ + --namespace \ + guardrails guardrails-0.1.0.tgz +``` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| affinity | object | `{}` | Affinity settings for `Pod` [scheduling](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/). If an explicit label selector is not provided for pod affinity or pod anti-affinity one will be created from the pod selector labels. | +| autoscaling.enabled | bool | `false` | | +| autoscaling.maxReplicas | int | `100` | | +| autoscaling.minReplicas | int | `1` | | +| autoscaling.targetCPUUtilizationPercentage | int | `80` | | +| commonLabels | object | `{}` | Labels to add to all chart resources. | +| env | object | `{}` | [Environment variables](https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/) for the `guardrails` container. | +| extraVolumeMounts | list | `[]` | Extra [volume mounts](https://kubernetes.io/docs/concepts/storage/volumes/) for the `guardrails` container. | +| extraVolumes | list | `[]` | Extra [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) for the `Pod`. | +| fullnameOverride | string | `""` | Override the full name of the chart. | +| image.pullPolicy | string | `"IfNotPresent"` | Image pull policy for the `guardrails` container. | +| image.repository | string | `"registry.gitlab.com/whylabs/whylogs-container"` | Image repository for the `guardrails` container. | +| image.tag | string | `"1.0.14"` | Image tag for the `guardrails` container, this will default to `.Chart.AppVersion` if not set. | +| imagePullSecrets[0] | list | `{"name":""}` | Image pull secrets for the `guardrails` container. Defaults to `whylabs-{{ .Release.Name }}-registry-credentials`. | +| ingress | object | `{"annotations":{},"className":"","enabled":false,"hosts":[{"host":"chart-example.local","paths":[{"path":"/","pathType":"ImplementationSpecific"}]}],"tls":[]}` | [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) configuration for the `guardrails` container. | +| livenessProbe | object | `{"failureThreshold":3,"httpGet":{"path":"/health","port":8000},"initialDelaySeconds":30,"periodSeconds":30}` | [Liveness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) configuration for the `guardrails` container. | +| nameOverride | string | `""` | Override the name of the chart. | +| nodeSelector | object | `{}` | Node labels to match for `Pod` [scheduling](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/). | +| podAnnotations | object | `{}` | Annotations to add to the `Pod`. | +| podLabels | object | `{}` | Labels to add to the `Pod`. | +| podSecurityContext | object | `{"runAsNonRoot":true}` | [Pod security context](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#podsecuritycontext-v1-core), this supports full customisation. | +| readinessProbe | object | `{"failureThreshold":10,"httpGet":{"path":"/health","port":8000},"initialDelaySeconds":30,"periodSeconds":30}` | [Readiness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) configuration for the `guardrails` container. | +| replicaCount | int | `2` | | +| resources | object | `{"limits":{"cpu":"4","memory":"4Gi"},"requests":{"cpu":"4","memory":"4Gi"}}` | [Resources](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the `guardrails` container. | +| securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"privileged":false,"readOnlyRootFilesystem":true,"runAsNonRoot":true,"runAsUser":1000}` | [Security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) for the `guardrails` container. | +| service.annotations | object | `{}` | Service annotations. | +| service.port | int | `80` | Service HTTP port. | +| service.targetPort | int | `8000` | The port on which the application container is listening. | +| service.type | string | `"ClusterIP"` | Service Type, i.e. ClusterIp, LoadBalancer, etc. | +| serviceAccount.annotations | object | `{}` | Annotations to add to the service account. | +| serviceAccount.automount | bool | `true` | Set this to `false` to [opt out of API credential automounting](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#opt-out-of-api-credential-automounting) for the `ServiceAccount`. | +| serviceAccount.create | bool | `true` | If `true`, create a new `ServiceAccount`. | +| serviceAccount.labels | object | `{}` | Labels to add to the service account. | +| serviceAccount.name | string | `""` | If this is set and `serviceAccount.create` is `true` this will be used for the created `ServiceAccount` name, if set and `serviceAccount.create` is `false` then this will define an existing `ServiceAccount` to use. | +| tolerations | list | `[]` | Node taints which will be tolerated for `Pod` [scheduling](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/). | + +---------------------------------------------- + +Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs/). \ No newline at end of file diff --git a/charts/guardrails/README.md.gotmpl b/charts/guardrails/README.md.gotmpl new file mode 100644 index 0000000..9bb6065 --- /dev/null +++ b/charts/guardrails/README.md.gotmpl @@ -0,0 +1,45 @@ +{{ template "chart.header" . }} +{{ template "chart.deprecationWarning" . }} + +{{ template "chart.badgesSection" . }} + +{{ template "chart.description" . }} + +{{ template "chart.homepageLine" . }} + +{{ template "chart.maintainersSection" . }} + +{{ template "chart.sourcesSection" . }} + +## Installing the Chart + +```shell +# Downloads a .tgz file to the working directory or --destination path +helm pull \ + oci://ghcr.io/whylabs/{{ template "chart.name" . }} \ + --version {{ template "chart.version" . }} + +helm diff upgrade \ + --allow-unreleased \ + --namespace \ + `# Specify the .tgz file as the chart` \ + {{ template "chart.name" . }} {{ template "chart.name" . }}-{{ template "chart.version" . }}.tgz +``` + +After you've installed the repo you can install the chart. + +```shell +helm upgrade --install \ + --create-namespace \ + --namespace \ + {{ template "chart.name" . }} {{ template "chart.name" . }}-{{ template "chart.version" . }}.tgz +``` + + +{{ template "chart.requirementsSection" . }} + +{{ template "chart.valuesSection" . }} + +---------------------------------------------- + +Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs/). \ No newline at end of file diff --git a/charts/guardrails/templates/NOTES.txt b/charts/guardrails/templates/NOTES.txt new file mode 100644 index 0000000..622823b --- /dev/null +++ b/charts/guardrails/templates/NOTES.txt @@ -0,0 +1,55 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "guardrails.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "guardrails.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "guardrails.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "guardrails.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} + +2. Ensure the necessary secrets are created. Your application requires specific secrets to function properly: + + - Secret for API Key: `whylabs-{{ .Release.Name }}-api-key` + - Secret for API Secret: `whylabs-{{ .Release.Name }}-api-secret` + - Secret for pulling private image: `whylabs-{{ .Release.Name }}-registry-credentials` + + You can create these secrets with the following commands: + ``` + kubectl create secret generic whylabs-{{ .Release.Name }}-api-key \ + --namespace {{ .Release.Namespace }} \ + --from-literal=WHYLABS_API_KEY='' + + kubectl create secret generic whylabs-{{ .Release.Name }}-api-secret \ + --namespace {{ .Release.Namespace }} \ + --from-literal=CONTAINER_PASSWORD='' + + kubectl create secret docker-registry whylabs-{{ .Release.Name }}-registry-credentials \ + --namespace {{ .Release.Namespace }} \ + --docker-server="registry.gitlab.com" \ + --docker-username="" \ + --docker-password="" \ + --docker-email="" + ``` + + Replace `` and other values with the actual values you need to use. + +3. After creating the secrets, verify that they are correctly set up by running: + + ``` + kubectl get secrets --namespace {{ .Release.Namespace }} + ``` + diff --git a/charts/guardrails/templates/_helpers.tpl b/charts/guardrails/templates/_helpers.tpl new file mode 100644 index 0000000..2bfeb80 --- /dev/null +++ b/charts/guardrails/templates/_helpers.tpl @@ -0,0 +1,65 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "guardrails.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "guardrails.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "guardrails.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "guardrails.labels" -}} +helm.sh/chart: {{ include "guardrails.chart" . }} +{{ include "guardrails.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- with .Values.commonLabels }} +{{ toYaml . }} +{{- end }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "guardrails.selectorLabels" -}} +app.kubernetes.io/name: {{ include "guardrails.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "guardrails.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "guardrails.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/charts/guardrails/templates/deployment.yaml b/charts/guardrails/templates/deployment.yaml new file mode 100644 index 0000000..7d57904 --- /dev/null +++ b/charts/guardrails/templates/deployment.yaml @@ -0,0 +1,96 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "guardrails.fullname" . }} + labels: + {{- include "guardrails.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "guardrails.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "guardrails.labels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + imagePullSecrets: + {{- if .Values.imagePullSecrets }} + {{- range .Values.imagePullSecrets }} + {{- if .name }} + - name: {{ .name }} + {{- else }} + - name: whylabs-{{ $.Release.Name }}-registry-credentials + {{- end }} + {{- end }} + {{- else }} + - name: whylabs-{{ .Release.Name }}-registry-credentials + {{- end }} + serviceAccountName: {{ include "guardrails.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.env }} + env: + {{ range $key, $value := .Values.env }} + - name: {{ $key }} + value: {{ $value | quote }} + {{- end }} + {{- end }} + envFrom: + - secretRef: + name: whylabs-{{ .Release.Name }}-api-key + - secretRef: + name: whylabs-{{ .Release.Name }}-api-secret + ports: + - name: http + containerPort: {{ .Values.service.port }} + protocol: TCP + livenessProbe: + {{- toYaml .Values.livenessProbe | nindent 12 }} + readinessProbe: + {{- toYaml .Values.readinessProbe | nindent 12 }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + volumeMounts: + - name: temp-dir + mountPath: /tmp + {{- if .Values.extraVolumeMounts }} + {{- with .extraVolumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.extraVolumes }} + volumes: + - name: temp-dir + emptyDir: {} + {{- with .Values.extraVolumes }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/guardrails/templates/hpa.yaml b/charts/guardrails/templates/hpa.yaml new file mode 100644 index 0000000..5635c08 --- /dev/null +++ b/charts/guardrails/templates/hpa.yaml @@ -0,0 +1,32 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "guardrails.fullname" . }} + labels: + {{- include "guardrails.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "guardrails.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/charts/guardrails/templates/ingress.yaml b/charts/guardrails/templates/ingress.yaml new file mode 100644 index 0000000..3496c60 --- /dev/null +++ b/charts/guardrails/templates/ingress.yaml @@ -0,0 +1,61 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "guardrails.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "guardrails.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/guardrails/templates/service.yaml b/charts/guardrails/templates/service.yaml new file mode 100644 index 0000000..085fe64 --- /dev/null +++ b/charts/guardrails/templates/service.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "guardrails.fullname" . }} + labels: + {{- include "guardrails.labels" . | nindent 4 }} + {{- if .Values.service.annotations }} + annotations: + {{- .Values.service.annotations | toYaml | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.service.type }} + ports: + - name: http + protocol: TCP + port: {{ .Values.service.port }} + targetPort: {{ .Values.service.targetPort }} + selector: + {{- include "guardrails.selectorLabels" . | nindent 4 }} diff --git a/charts/guardrails/templates/serviceaccount.yaml b/charts/guardrails/templates/serviceaccount.yaml new file mode 100644 index 0000000..7903869 --- /dev/null +++ b/charts/guardrails/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "guardrails.serviceAccountName" . }} + labels: + {{- include "guardrails.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/charts/guardrails/templates/tests/test-connection.yaml b/charts/guardrails/templates/tests/test-connection.yaml new file mode 100644 index 0000000..3041ce9 --- /dev/null +++ b/charts/guardrails/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "guardrails.fullname" . }}-test-connection" + labels: + {{- include "guardrails.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "guardrails.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/charts/guardrails/values.yaml b/charts/guardrails/values.yaml new file mode 100644 index 0000000..99334c3 --- /dev/null +++ b/charts/guardrails/values.yaml @@ -0,0 +1,138 @@ +# Default values for guardrails. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 2 + +image: + # -- Image repository for the `guardrails` container. + repository: registry.gitlab.com/whylabs/whylogs-container + # -- Image pull policy for the `guardrails` container. + pullPolicy: IfNotPresent + # -- (string) Image tag for the `guardrails` container, this will default to `.Chart.AppVersion` if not set. + tag: 1.0.14 + +imagePullSecrets: + # -- (list) Image pull secrets for the `guardrails` container. Defaults to `whylabs-{{ .Release.Name }}-registry-credentials`. + - name: "" + +# -- (string) Override the name of the chart. +nameOverride: "" + +# -- (string) Override the full name of the chart. +fullnameOverride: "" + +# -- Labels to add to all chart resources. +commonLabels: {} + +# -- [Environment variables](https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/) for the `guardrails` container. +env: {} + # MY_ENV_VAR: "my env var value" + +serviceAccount: + # -- If `true`, create a new `ServiceAccount`. + create: true + # -- (string) If this is set and `serviceAccount.create` is `true` this will be used for the created `ServiceAccount` name, if set and `serviceAccount.create` is `false` then this will define an existing `ServiceAccount` to use. + name: "" + # -- Labels to add to the service account. + labels: {} + # -- Annotations to add to the service account. + annotations: {} + # -- Set this to `false` to [opt out of API credential automounting](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#opt-out-of-api-credential-automounting) for the `ServiceAccount`. + automount: true + +service: + # -- Service annotations. + annotations: {} + # -- Service Type, i.e. ClusterIp, LoadBalancer, etc. + type: ClusterIP + # -- Service HTTP port. + port: 80 + # -- The port on which the application container is listening. + targetPort: 8000 + +# -- Annotations to add to the `Pod`. +podAnnotations: {} + +# -- Labels to add to the `Pod`. +podLabels: {} + +# -- [Pod security context](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#podsecuritycontext-v1-core), this supports full customisation. +podSecurityContext: + runAsNonRoot: true + +# -- [Security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) for the `guardrails` container. +securityContext: + privileged: false + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + capabilities: + drop: ["ALL"] + +# -- [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) configuration for the `guardrails` container. +ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +# -- [Resources](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the `guardrails` container. +resources: + requests: + cpu: "4" + memory: 4Gi + limits: + cpu: "4" + memory: 4Gi + +# -- [Liveness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) configuration for the `guardrails` container. +livenessProbe: + httpGet: + path: /health + port: 8000 + failureThreshold: 3 + initialDelaySeconds: 30 + periodSeconds: 30 + +# -- [Readiness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) configuration for the `guardrails` container. +readinessProbe: + httpGet: + path: /health + port: 8000 + failureThreshold: 10 + initialDelaySeconds: 30 + periodSeconds: 30 + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +# -- Extra [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) for the `Pod`. +extraVolumes: [] + +# -- Extra [volume mounts](https://kubernetes.io/docs/concepts/storage/volumes/) for the `guardrails` container. +extraVolumeMounts: [] + +# -- Node labels to match for `Pod` [scheduling](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/). +nodeSelector: {} + +# -- Node taints which will be tolerated for `Pod` [scheduling](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/). +tolerations: [] + +# -- Affinity settings for `Pod` [scheduling](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/). If an explicit label selector is not provided for pod affinity or pod anti-affinity one will be created from the pod selector labels. +affinity: {} From 6fcc5028a646b110f8d52fa79aa5e029141c73f2 Mon Sep 17 00:00:00 2001 From: AnchorArray Date: Wed, 8 May 2024 13:32:33 -0700 Subject: [PATCH 2/6] update guardrails chart and workflow to publish for testing --- .github/workflows/main.yaml | 8 ++++---- charts/guardrails/Chart.yaml | 22 ++------------------- charts/guardrails/templates/deployment.yaml | 14 ++++++------- charts/guardrails/values.yaml | 8 ++++---- 4 files changed, 17 insertions(+), 35 deletions(-) diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index 823f8da..34379b8 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -25,7 +25,7 @@ jobs: version: v3.14.0 - name: Package All Helm Charts - if: github.event_name == 'push' + # if: github.event_name == 'push' working-directory: ${{ github.workspace }}/charts run: | for dir in */ ; do @@ -36,14 +36,14 @@ jobs: shell: bash - name: Login to GHCR - if: github.event_name == 'push' + # if: github.event_name == 'push' run: | docker login ghcr.io \ -u ${{ github.repository_owner }} \ --password-stdin < <(echo "${{ secrets.GITHUB_TOKEN }}") - name: Publish Helm Charts to GHCR - if: github.event_name == 'push' + # if: github.event_name == 'push' working-directory: ${{ github.workspace }}/charts run: | for chart in *.tgz ; do @@ -52,5 +52,5 @@ jobs: ghcr_chart="ghcr.io/${{ github.repository_owner }}/${{ github.repository }}/${chart_name}:${chart_version}" helm push "$chart" oci://ghcr.io/${{ github.repository_owner }} done - shell: bash + shell: bash \ No newline at end of file diff --git a/charts/guardrails/Chart.yaml b/charts/guardrails/Chart.yaml index 54ab574..970bd2e 100644 --- a/charts/guardrails/Chart.yaml +++ b/charts/guardrails/Chart.yaml @@ -1,24 +1,6 @@ apiVersion: v2 name: guardrails -description: A Helm chart for Kubernetes - -# A chart can be either an 'application' or a 'library' chart. -# -# Application charts are a collection of templates that can be packaged into versioned archives -# to be deployed. -# -# Library charts provide useful utilities or functions for the chart developer. They're included as -# a dependency of application charts to inject those utilities and functions into the rendering -# pipeline. Library charts do not define any templates and therefore cannot be deployed. +description: A Helm chart for WhyLabs Guardrails type: application - -# This is the chart version. This version number should be incremented each time you make changes -# to the chart and its templates, including the app version. -# Versions are expected to follow Semantic Versioning (https://semver.org/) version: 0.1.0 - -# This is the version number of the application being deployed. This version number should be -# incremented each time you make changes to the application. Versions are not expected to -# follow Semantic Versioning. They should reflect the version the application is using. -# It is recommended to use it with quotes. -appVersion: "1.16.0" +appVersion: "1.0.14" diff --git a/charts/guardrails/templates/deployment.yaml b/charts/guardrails/templates/deployment.yaml index 7d57904..07cba1a 100644 --- a/charts/guardrails/templates/deployment.yaml +++ b/charts/guardrails/templates/deployment.yaml @@ -46,19 +46,19 @@ spec: imagePullPolicy: {{ .Values.image.pullPolicy }} {{- if .Values.env }} env: - {{ range $key, $value := .Values.env }} + {{- range $key, $value := .Values.env }} - name: {{ $key }} value: {{ $value | quote }} {{- end }} {{- end }} envFrom: - secretRef: - name: whylabs-{{ .Release.Name }}-api-key + name: whylabs-{{ .Release.Name }}-api-key - secretRef: - name: whylabs-{{ .Release.Name }}-api-secret + name: whylabs-{{ .Release.Name }}-api-secret ports: - name: http - containerPort: {{ .Values.service.port }} + containerPort: {{ .Values.service.targetPort }} protocol: TCP livenessProbe: {{- toYaml .Values.livenessProbe | nindent 12 }} @@ -74,13 +74,13 @@ spec: {{- toYaml . | nindent 12 }} {{- end }} {{- end }} - {{- if .Values.extraVolumes }} volumes: - name: temp-dir emptyDir: {} - {{- with .Values.extraVolumes }} + {{- if .Values.extraVolumes }} + {{- with .Values.extraVolumes }} {{- toYaml . | nindent 8 }} - {{- end }} + {{- end }} {{- end }} {{- with .Values.nodeSelector }} nodeSelector: diff --git a/charts/guardrails/values.yaml b/charts/guardrails/values.yaml index 99334c3..afb5c22 100644 --- a/charts/guardrails/values.yaml +++ b/charts/guardrails/values.yaml @@ -6,11 +6,11 @@ replicaCount: 2 image: # -- Image repository for the `guardrails` container. - repository: registry.gitlab.com/whylabs/whylogs-container + repository: registry.gitlab.com/whylabs/langkit-container # -- Image pull policy for the `guardrails` container. pullPolicy: IfNotPresent # -- (string) Image tag for the `guardrails` container, this will default to `.Chart.AppVersion` if not set. - tag: 1.0.14 + tag: "" imagePullSecrets: # -- (list) Image pull secrets for the `guardrails` container. Defaults to `whylabs-{{ .Release.Name }}-registry-credentials`. @@ -92,10 +92,10 @@ ingress: resources: requests: cpu: "4" - memory: 4Gi + memory: 6Gi limits: cpu: "4" - memory: 4Gi + memory: 6Gi # -- [Liveness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) configuration for the `guardrails` container. livenessProbe: From 372c88e0c8bab88d64fc1a21c58d1bd903a4d649 Mon Sep 17 00:00:00 2001 From: AnchorArray Date: Wed, 8 May 2024 13:40:17 -0700 Subject: [PATCH 3/6] remove unnecessary tests and update appversion to latest --- charts/guardrails/Chart.yaml | 2 +- .../templates/tests/test-connection.yaml | 15 --------------- 2 files changed, 1 insertion(+), 16 deletions(-) delete mode 100644 charts/guardrails/templates/tests/test-connection.yaml diff --git a/charts/guardrails/Chart.yaml b/charts/guardrails/Chart.yaml index 970bd2e..187875a 100644 --- a/charts/guardrails/Chart.yaml +++ b/charts/guardrails/Chart.yaml @@ -3,4 +3,4 @@ name: guardrails description: A Helm chart for WhyLabs Guardrails type: application version: 0.1.0 -appVersion: "1.0.14" +appVersion: "1.0.19" diff --git a/charts/guardrails/templates/tests/test-connection.yaml b/charts/guardrails/templates/tests/test-connection.yaml deleted file mode 100644 index 3041ce9..0000000 --- a/charts/guardrails/templates/tests/test-connection.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ include "guardrails.fullname" . }}-test-connection" - labels: - {{- include "guardrails.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": test -spec: - containers: - - name: wget - image: busybox - command: ['wget'] - args: ['{{ include "guardrails.fullname" . }}:{{ .Values.service.port }}'] - restartPolicy: Never From b4bb6b43f059a2d3f9858d42880703318ac640ef Mon Sep 17 00:00:00 2001 From: AnchorArray Date: Wed, 8 May 2024 15:11:12 -0700 Subject: [PATCH 4/6] adding pre-commit --- .pre-commit-config.yaml | 8 +++ charts/guardrails/CHANGELOG.md | 2 +- charts/guardrails/README.md | 16 +++-- charts/guardrails/README.md.gotmpl | 7 +- charts/langkit/README.md | 46 +++++-------- charts/langkit/README.md.gotmpl | 103 +++++++++++++++++++++++++++++ charts/whylogs/README.md | 82 +++++++++++++++++++++-- charts/whylogs/README.md.gotmpl | 78 ++++++++++++++++++++++ 8 files changed, 296 insertions(+), 46 deletions(-) create mode 100644 .pre-commit-config.yaml create mode 100644 charts/langkit/README.md.gotmpl create mode 100644 charts/whylogs/README.md.gotmpl diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 0000000..97ed1fa --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,8 @@ +repos: + - repo: https://github.com/norwoodj/helm-docs + rev: v1.2.0 + hooks: + - id: helm-docs + args: + - --chart-search-root=charts + - --template-files=README.md.gotmpl \ No newline at end of file diff --git a/charts/guardrails/CHANGELOG.md b/charts/guardrails/CHANGELOG.md index 3b11b18..d99e6a0 100644 --- a/charts/guardrails/CHANGELOG.md +++ b/charts/guardrails/CHANGELOG.md @@ -6,7 +6,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning] (https://semver.org/spec/v2.0.0.html). -## [0.1.0] - 2024-04-26 +## [0.1.0] - 2024-05-08 ### Added diff --git a/charts/guardrails/README.md b/charts/guardrails/README.md index e5c5e74..4e84aea 100644 --- a/charts/guardrails/README.md +++ b/charts/guardrails/README.md @@ -1,8 +1,8 @@ # guardrails -![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.16.0](https://img.shields.io/badge/AppVersion-1.16.0-informational?style=flat-square) +![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.19](https://img.shields.io/badge/AppVersion-1.0.19-informational?style=flat-square) -A Helm chart for Kubernetes +A Helm chart for WhyLabs Guardrails ## Installing the Chart @@ -16,7 +16,8 @@ helm diff upgrade \ --allow-unreleased \ --namespace \ `# Specify the .tgz file as the chart` \ - guardrails guardrails-0.1.0.tgz + guardrails + guardrails-0.1.0.tgz ``` After you've installed the repo you can install the chart. @@ -25,7 +26,8 @@ After you've installed the repo you can install the chart. helm upgrade --install \ --create-namespace \ --namespace \ - guardrails guardrails-0.1.0.tgz + guardrails + guardrails-0.1.0.tgz ``` ## Values @@ -43,8 +45,8 @@ helm upgrade --install \ | extraVolumes | list | `[]` | Extra [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) for the `Pod`. | | fullnameOverride | string | `""` | Override the full name of the chart. | | image.pullPolicy | string | `"IfNotPresent"` | Image pull policy for the `guardrails` container. | -| image.repository | string | `"registry.gitlab.com/whylabs/whylogs-container"` | Image repository for the `guardrails` container. | -| image.tag | string | `"1.0.14"` | Image tag for the `guardrails` container, this will default to `.Chart.AppVersion` if not set. | +| image.repository | string | `"registry.gitlab.com/whylabs/langkit-container"` | Image repository for the `guardrails` container. | +| image.tag | string | `""` | Image tag for the `guardrails` container, this will default to `.Chart.AppVersion` if not set. | | imagePullSecrets[0] | list | `{"name":""}` | Image pull secrets for the `guardrails` container. Defaults to `whylabs-{{ .Release.Name }}-registry-credentials`. | | ingress | object | `{"annotations":{},"className":"","enabled":false,"hosts":[{"host":"chart-example.local","paths":[{"path":"/","pathType":"ImplementationSpecific"}]}],"tls":[]}` | [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) configuration for the `guardrails` container. | | livenessProbe | object | `{"failureThreshold":3,"httpGet":{"path":"/health","port":8000},"initialDelaySeconds":30,"periodSeconds":30}` | [Liveness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) configuration for the `guardrails` container. | @@ -55,7 +57,7 @@ helm upgrade --install \ | podSecurityContext | object | `{"runAsNonRoot":true}` | [Pod security context](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#podsecuritycontext-v1-core), this supports full customisation. | | readinessProbe | object | `{"failureThreshold":10,"httpGet":{"path":"/health","port":8000},"initialDelaySeconds":30,"periodSeconds":30}` | [Readiness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) configuration for the `guardrails` container. | | replicaCount | int | `2` | | -| resources | object | `{"limits":{"cpu":"4","memory":"4Gi"},"requests":{"cpu":"4","memory":"4Gi"}}` | [Resources](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the `guardrails` container. | +| resources | object | `{"limits":{"cpu":"4","memory":"6Gi"},"requests":{"cpu":"4","memory":"6Gi"}}` | [Resources](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the `guardrails` container. | | securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"privileged":false,"readOnlyRootFilesystem":true,"runAsNonRoot":true,"runAsUser":1000}` | [Security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) for the `guardrails` container. | | service.annotations | object | `{}` | Service annotations. | | service.port | int | `80` | Service HTTP port. | diff --git a/charts/guardrails/README.md.gotmpl b/charts/guardrails/README.md.gotmpl index 9bb6065..43d2f88 100644 --- a/charts/guardrails/README.md.gotmpl +++ b/charts/guardrails/README.md.gotmpl @@ -23,7 +23,8 @@ helm diff upgrade \ --allow-unreleased \ --namespace \ `# Specify the .tgz file as the chart` \ - {{ template "chart.name" . }} {{ template "chart.name" . }}-{{ template "chart.version" . }}.tgz + {{ template "chart.name" . }} + {{ template "chart.name" . }}-{{ template "chart.version" . }}.tgz ``` After you've installed the repo you can install the chart. @@ -32,10 +33,10 @@ After you've installed the repo you can install the chart. helm upgrade --install \ --create-namespace \ --namespace \ - {{ template "chart.name" . }} {{ template "chart.name" . }}-{{ template "chart.version" . }}.tgz + {{ template "chart.name" . }} + {{ template "chart.name" . }}-{{ template "chart.version" . }}.tgz ``` - {{ template "chart.requirementsSection" . }} {{ template "chart.valuesSection" . }} diff --git a/charts/langkit/README.md b/charts/langkit/README.md index 203a994..d26bab1 100644 --- a/charts/langkit/README.md +++ b/charts/langkit/README.md @@ -1,15 +1,15 @@ -# LangKit Helm Chart +# langkit -![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) -![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) -![AppVersion: 1.16.0](https://img.shields.io/badge/AppVersion-1.16.0-informational?style=flat-square) +![Version: 0.16.0](https://img.shields.io/badge/Version-0.16.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.13](https://img.shields.io/badge/AppVersion-1.0.13-informational?style=flat-square) + +A Helm chart for LangKit container deployment > :warning: Review the [documentation on using WhyLab's Helm charts](../../README.md#how-to-use-whylabs-helm-repository) ## Prerequisites -NOTE: Change the `--namespace` value if you will be deploying into a namespace other -than `langkit`. +NOTE: Change the `--namespace` value to the target `Namespace` to deploy the +service. ### Credentials * Create a [WhyLabs API Key](https://docs.whylabs.ai/docs/whylabs-capabilities/#access-token-management) @@ -17,7 +17,7 @@ which must be stored in a `whylabs-api-key` Kubernetes secret, described below. ```shell kubectl create secret generic whylabs-api-key \ - --namespace=langkit \ + --namespace= \ --from-literal=WHYLABS_API_KEY= ``` @@ -26,7 +26,7 @@ described below. **This secret is required to call the container API endpoint**. ``` kubectl create secret generic langkit-api-secret \ - --namespace=langkit \ + --namespace= \ --from-literal=CONTAINER_PASSWORD= ``` @@ -38,12 +38,12 @@ kubectl create secret docker-registry langkit-gitlab-registry-secret \ --docker-username="project_55361491_bot_5a6afbd67224dd1583ccd6c7987354c3" \ --docker-password="" \ --docker-email="project_55361491_bot_5a6afbd67224dd1583ccd6c7987354c3@noreply.gitlab.com" \ - --namespace=langkit + --namespace= ``` ### LangKit Configuration -No LangKit configurations are required out of the box. However, for further customizations, +No LangKit configurations are required out of the box. However, for further customizations, review the [langkit-container-examples](https://github.com/whylabs/langkit-container-examples) repository for more details. @@ -58,7 +58,7 @@ Display the full YAML manifests as they will be applied. ```shell # This will use the "langkit" namespace -helm template --namespace langkit langkit . +helm template --namespace langkit . ``` ### Diff @@ -69,33 +69,22 @@ View the difference between the current state and desired state. # helm plugin install https://github.com/databus23/helm-diff helm diff upgrade \ --allow-unreleased \ - langkit langkit-0.12.0.tgz + langkit langkit-0.16.0.tgz ``` ### Install/Update ```shell helm upgrade --install \ --create-namespace \ - --namespace langkit \ - langkit langkit-0.12.0.tgz + --namespace \ + langkit langkit-0.16.0.tgz ``` ### Uninstall ```shell helm uninstall \ - --namespace langkit \ - langkit langkit-0.12.0.tgz -``` - -## Development - -### Generate Values Table - -The following command will output the [Values table](#values) below. Copy and -paste the table into this `README.md` file whenever this chart changes. - -```shell -helm-docs --dry-run + --namespace \ + langkit langkit-0.16.0.tgz ``` ## Values @@ -149,4 +138,5 @@ helm-docs --dry-run | volumes | list | `[{"emptyDir":{},"name":"temp-dir"}]` | Volumes to create | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.12.0](https://github.com/norwoodj/helm-docs/releases/v1.12.0) + +Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs/). \ No newline at end of file diff --git a/charts/langkit/README.md.gotmpl b/charts/langkit/README.md.gotmpl new file mode 100644 index 0000000..55e16f0 --- /dev/null +++ b/charts/langkit/README.md.gotmpl @@ -0,0 +1,103 @@ +{{ template "chart.header" . }} +{{ template "chart.deprecationWarning" . }} + +{{ template "chart.badgesSection" . }} + +{{ template "chart.description" . }} + +{{ template "chart.homepageLine" . }} + +{{ template "chart.maintainersSection" . }} + +{{ template "chart.sourcesSection" . }} + +> :warning: Review the [documentation on using WhyLab's Helm charts](../../README.md#how-to-use-whylabs-helm-repository) + +## Prerequisites + +NOTE: Change the `--namespace` value to the target `Namespace` to deploy the +service. + +### Credentials +* Create a [WhyLabs API Key](https://docs.whylabs.ai/docs/whylabs-capabilities/#access-token-management) +which must be stored in a `whylabs-api-key` Kubernetes secret, described below. + +```shell +kubectl create secret generic whylabs-api-key \ + --namespace= \ + --from-literal=WHYLABS_API_KEY= +``` + +* Generate a random value for the `langkit-api-secret` Kubernetes secret, also +described below. **This secret is required to call the container API endpoint**. + +``` +kubectl create secret generic langkit-api-secret \ + --namespace= \ + --from-literal=CONTAINER_PASSWORD= +``` + +* Create a secret with a WhyLabs provided GitLab token to pull the LangKit image + +``` +kubectl create secret docker-registry langkit-gitlab-registry-secret \ + --docker-server="registry.gitlab.com" \ + --docker-username="project_55361491_bot_5a6afbd67224dd1583ccd6c7987354c3" \ + --docker-password="" \ + --docker-email="project_55361491_bot_5a6afbd67224dd1583ccd6c7987354c3@noreply.gitlab.com" \ + --namespace= +``` + +### LangKit Configuration + +No LangKit configurations are required out of the box. However, for further customizations, +review the [langkit-container-examples](https://github.com/whylabs/langkit-container-examples) +repository for more details. + +### Hardware Requirements + +:rocket: For best performance, use Intel processors and ≥ `6 GiB` memory per replica. + +## Helm Chart Installation + +### Template +Display the full YAML manifests as they will be applied. + +```shell +# This will use the "langkit" namespace +helm template --namespace {{ template "chart.name" . }} . +``` + +### Diff +View the difference between the current state and desired state. + +```shell +# Requires the helm-diff plugin to be installed: +# helm plugin install https://github.com/databus23/helm-diff +helm diff upgrade \ + --allow-unreleased \ + {{ template "chart.name" . }} {{ template "chart.name" . }}-{{ template "chart.version" . }}.tgz +``` + +### Install/Update +```shell +helm upgrade --install \ + --create-namespace \ + --namespace \ + {{ template "chart.name" . }} {{ template "chart.name" . }}-{{ template "chart.version" . }}.tgz +``` + +### Uninstall +```shell +helm uninstall \ + --namespace \ + {{ template "chart.name" . }} {{ template "chart.name" . }}-{{ template "chart.version" . }}.tgz +``` + +{{ template "chart.requirementsSection" . }} + +{{ template "chart.valuesSection" . }} + +---------------------------------------------- + +Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs/). \ No newline at end of file diff --git a/charts/whylogs/README.md b/charts/whylogs/README.md index e253caf..7bfec72 100644 --- a/charts/whylogs/README.md +++ b/charts/whylogs/README.md @@ -1,7 +1,10 @@ -# WhyLogs Helm Chart +# whylogs -See [WhyLogs Documentation](https://docs.whylabs.ai/docs/integrations-whylogs-container/) -for more information +![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.14](https://img.shields.io/badge/AppVersion-1.0.14-informational?style=flat-square) + +A Helm chart for WhyLab's WhyLogs + +See [WhyLogs Documentation](https://docs.whylabs.ai/docs/integrations-whylogs-container/) for more information > :warning: Review the [documentation on using WhyLab's Helm charts](../../README.md#how-to-use-whylabs-helm-repository) @@ -15,7 +18,6 @@ the WhyLogs Helm chart. Create a [WhyLabs API Key](https://docs.whylabs.ai/docs/whylabs-capabilities/#access-token-management) which must be stored in a `whylabs-api-key` Kubernetes secret, described below. - ```shell whylabs_api_key="" whylogs_password="" @@ -40,7 +42,7 @@ View the difference between the current state and desired state. # helm plugin install https://github.com/databus23/helm-diff helm diff upgrade \ --allow-unreleased \ - whylogs "whylogs-${chart_version}.tgz" + whylogs "whylogs-0.1.0.tgz" ``` ### Install/Update @@ -48,12 +50,78 @@ helm diff upgrade \ helm upgrade --install \ --create-namespace \ --namespace "${namespace}" \ - whylogs "whylogs-${chart_version}.tgz" + whylogs "whylogs-0.1.0.tgz" ``` ### Uninstall ```shell helm uninstall \ --namespace "${namespace}" \ - whylogs "whylogs-${chart_version}.tgz" + whylogs "whylogs-0.1.0.tgz" ``` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| affinity | object | `{}` | | +| autoscaling.enabled | bool | `false` | | +| autoscaling.maxReplicas | int | `100` | | +| autoscaling.minReplicas | int | `1` | | +| autoscaling.targetCPUUtilizationPercentage | int | `80` | | +| env.DEFAULT_WHYLABS_DATASET_CADENCE | string | `"HOURLY"` | | +| env.DEFAULT_WHYLABS_UPLOAD_CADENCE | string | `"M"` | | +| env.DEFAULT_WHYLABS_UPLOAD_INTERVAL | string | `"15"` | | +| env.DISABLE_CONTAINER_PASSWORD | string | `"False"` | | +| env.FAIL_STARTUP_WITHOUT_CONFIG | string | `"False"` | | +| env.WHYLABS_ORG_ID | string | `"org-0"` | | +| envFromSecrets[0].secretRef.name | string | `"whylabs-api-key"` | | +| envFromSecrets[1].secretRef.name | string | `"whylogs-container-password"` | | +| fullnameOverride | string | `""` | | +| image.pullPolicy | string | `"IfNotPresent"` | | +| image.repository | string | `"registry.gitlab.com/whylabs/whylogs-container"` | | +| image.tag | string | `"1.0.14"` | | +| imagePullSecrets[0].name | string | `"gitlab-container-registry-auth"` | | +| ingress.annotations | object | `{}` | | +| ingress.className | string | `""` | | +| ingress.enabled | bool | `false` | | +| ingress.hosts[0].host | string | `"chart-example.local"` | | +| ingress.hosts[0].paths[0].path | string | `"/"` | | +| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | | +| ingress.tls | list | `[]` | | +| livenessProbe.failureThreshold | int | `3` | | +| livenessProbe.httpGet.path | string | `"/health"` | | +| livenessProbe.httpGet.port | int | `8000` | | +| livenessProbe.initialDelaySeconds | int | `30` | | +| livenessProbe.periodSeconds | int | `30` | | +| nameOverride | string | `""` | | +| nodeSelector | object | `{}` | | +| podAnnotations | object | `{}` | | +| podLabels | object | `{}` | | +| podSecurityContext | object | `{}` | | +| readinessProbe.failureThreshold | int | `10` | | +| readinessProbe.httpGet.path | string | `"/health"` | | +| readinessProbe.httpGet.port | int | `8000` | | +| readinessProbe.initialDelaySeconds | int | `30` | | +| readinessProbe.periodSeconds | int | `30` | | +| replicaCount | int | `1` | | +| resources | object | `{}` | | +| securityContext.readOnlyRootFilesystem | bool | `true` | | +| securityContext.runAsUser | int | `1000` | | +| service.annotations | object | `{}` | | +| service.port | int | `80` | | +| service.targetPort | int | `8000` | | +| service.type | string | `"ClusterIP"` | | +| serviceAccount.annotations | object | `{}` | | +| serviceAccount.automount | bool | `true` | | +| serviceAccount.create | bool | `true` | | +| serviceAccount.name | string | `""` | | +| tolerations | list | `[]` | | +| volumeMounts[0].mountPath | string | `"/tmp"` | | +| volumeMounts[0].name | string | `"temp-dir"` | | +| volumes[0].emptyDir | object | `{}` | | +| volumes[0].name | string | `"temp-dir"` | | + +---------------------------------------------- + +Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs/). \ No newline at end of file diff --git a/charts/whylogs/README.md.gotmpl b/charts/whylogs/README.md.gotmpl new file mode 100644 index 0000000..034b557 --- /dev/null +++ b/charts/whylogs/README.md.gotmpl @@ -0,0 +1,78 @@ +{{ template "chart.header" . }} +{{ template "chart.deprecationWarning" . }} + +{{ template "chart.badgesSection" . }} + +{{ template "chart.description" . }} + +{{ template "chart.homepageLine" . }} + +{{ template "chart.maintainersSection" . }} + +{{ template "chart.sourcesSection" . }} + +See [WhyLogs Documentation](https://docs.whylabs.ai/docs/integrations-whylogs-container/) for more information + +> :warning: Review the [documentation on using WhyLab's Helm charts](../../README.md#how-to-use-whylabs-helm-repository) + +## Prerequisites + +### Secrets + +The following configured secrets must exist in the cluster prior to deploying +the WhyLogs Helm chart. + +Create a [WhyLabs API Key](https://docs.whylabs.ai/docs/whylabs-capabilities/#access-token-management) +which must be stored in a `whylabs-api-key` Kubernetes secret, described below. + + +```shell +whylabs_api_key="" +whylogs_password="" +namespace="default" + +kubectl create secret generic whylabs-api-key \ + --namespace "${namespace}" \ + --from-literal=api-key="${whylabs_api_key}" + +kubectl create secret generic whylogs-container-password \ + --namespace "${namespace}" \ + --from-literal=passwordy="${whylogs_password}" +``` + +## Deployment + +### Diff +View the difference between the current state and desired state. + +```shell +# Requires the helm-diff plugin to be installed: +# helm plugin install https://github.com/databus23/helm-diff +helm diff upgrade \ + --allow-unreleased \ + {{ template "chart.name" . }} "{{ template "chart.name" . }}-{{ template "chart.version" . }}.tgz" +``` + +### Install/Update +```shell +helm upgrade --install \ + --create-namespace \ + --namespace "${namespace}" \ + {{ template "chart.name" . }} "{{ template "chart.name" . }}-{{ template "chart.version" . }}.tgz" +``` + +### Uninstall +```shell +helm uninstall \ + --namespace "${namespace}" \ + whylogs "{{ template "chart.name" . }}-{{ template "chart.version" . }}.tgz" +``` + + +{{ template "chart.requirementsSection" . }} + +{{ template "chart.valuesSection" . }} + +---------------------------------------------- + +Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs/). \ No newline at end of file From 24d8791df3d490f60bde9e4dd5c1f72e8a85e92b Mon Sep 17 00:00:00 2001 From: AnchorArray Date: Wed, 8 May 2024 17:14:07 -0700 Subject: [PATCH 5/6] pre-commit --- .pre-commit-config.yaml | 1 - charts/guardrails/README.md | 7 ++----- charts/guardrails/values.yaml | 6 ++---- charts/langkit/Chart.yaml | 1 + charts/langkit/README.md | 4 +++- charts/langkit/values.yaml | 1 + charts/whylogs/README.md | 2 +- charts/whylogs/values.yaml | 1 + 8 files changed, 11 insertions(+), 12 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 97ed1fa..3a26d9f 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -5,4 +5,3 @@ repos: - id: helm-docs args: - --chart-search-root=charts - - --template-files=README.md.gotmpl \ No newline at end of file diff --git a/charts/guardrails/README.md b/charts/guardrails/README.md index 4e84aea..44b7967 100644 --- a/charts/guardrails/README.md +++ b/charts/guardrails/README.md @@ -35,10 +35,7 @@ helm upgrade --install \ | Key | Type | Default | Description | |-----|------|---------|-------------| | affinity | object | `{}` | Affinity settings for `Pod` [scheduling](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/). If an explicit label selector is not provided for pod affinity or pod anti-affinity one will be created from the pod selector labels. | -| autoscaling.enabled | bool | `false` | | -| autoscaling.maxReplicas | int | `100` | | -| autoscaling.minReplicas | int | `1` | | -| autoscaling.targetCPUUtilizationPercentage | int | `80` | | +| autoscaling | object | `{"enabled":false,"maxReplicas":100,"minReplicas":1,"targetCPUUtilizationPercentage":80}` | [Horizontal Pod Autoscaler](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) configuration for the `guardrails` container. | | commonLabels | object | `{}` | Labels to add to all chart resources. | | env | object | `{}` | [Environment variables](https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/) for the `guardrails` container. | | extraVolumeMounts | list | `[]` | Extra [volume mounts](https://kubernetes.io/docs/concepts/storage/volumes/) for the `guardrails` container. | @@ -56,7 +53,7 @@ helm upgrade --install \ | podLabels | object | `{}` | Labels to add to the `Pod`. | | podSecurityContext | object | `{"runAsNonRoot":true}` | [Pod security context](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#podsecuritycontext-v1-core), this supports full customisation. | | readinessProbe | object | `{"failureThreshold":10,"httpGet":{"path":"/health","port":8000},"initialDelaySeconds":30,"periodSeconds":30}` | [Readiness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) configuration for the `guardrails` container. | -| replicaCount | int | `2` | | +| replicaCount | int | `2` | Number of replicas for the service. | | resources | object | `{"limits":{"cpu":"4","memory":"6Gi"},"requests":{"cpu":"4","memory":"6Gi"}}` | [Resources](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the `guardrails` container. | | securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"privileged":false,"readOnlyRootFilesystem":true,"runAsNonRoot":true,"runAsUser":1000}` | [Security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) for the `guardrails` container. | | service.annotations | object | `{}` | Service annotations. | diff --git a/charts/guardrails/values.yaml b/charts/guardrails/values.yaml index afb5c22..5863c28 100644 --- a/charts/guardrails/values.yaml +++ b/charts/guardrails/values.yaml @@ -1,7 +1,4 @@ -# Default values for guardrails. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - +# -- Number of replicas for the service. replicaCount: 2 image: @@ -115,6 +112,7 @@ readinessProbe: initialDelaySeconds: 30 periodSeconds: 30 +# -- [Horizontal Pod Autoscaler](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) configuration for the `guardrails` container. autoscaling: enabled: false minReplicas: 1 diff --git a/charts/langkit/Chart.yaml b/charts/langkit/Chart.yaml index d19cf3c..8f7cb60 100644 --- a/charts/langkit/Chart.yaml +++ b/charts/langkit/Chart.yaml @@ -4,3 +4,4 @@ description: A Helm chart for LangKit container deployment type: application version: 0.16.0 appVersion: "1.0.13" +deprecated: true diff --git a/charts/langkit/README.md b/charts/langkit/README.md index d26bab1..fd02e3a 100644 --- a/charts/langkit/README.md +++ b/charts/langkit/README.md @@ -1,5 +1,7 @@ # langkit +> **:exclamation: This Helm Chart is deprecated!** + ![Version: 0.16.0](https://img.shields.io/badge/Version-0.16.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.13](https://img.shields.io/badge/AppVersion-1.0.13-informational?style=flat-square) A Helm chart for LangKit container deployment @@ -120,7 +122,7 @@ helm uninstall \ | readinessProbe.httpGet.port | int | `8000` | | | readinessProbe.initialDelaySeconds | int | `30` | | | readinessProbe.periodSeconds | int | `30` | | -| replicaCount | int | `2` | | +| replicaCount | int | `2` | Number of replicas for the service. | | resources.limits.cpu | string | `"4"` | | | resources.limits.memory | string | `"4Gi"` | | | resources.requests.cpu | string | `"4"` | | diff --git a/charts/langkit/values.yaml b/charts/langkit/values.yaml index f85e8ce..3eb8ebb 100644 --- a/charts/langkit/values.yaml +++ b/charts/langkit/values.yaml @@ -1,3 +1,4 @@ +# -- Number of replicas for the service. replicaCount: 2 nameOverride: "" diff --git a/charts/whylogs/README.md b/charts/whylogs/README.md index 7bfec72..186772d 100644 --- a/charts/whylogs/README.md +++ b/charts/whylogs/README.md @@ -104,7 +104,7 @@ helm uninstall \ | readinessProbe.httpGet.port | int | `8000` | | | readinessProbe.initialDelaySeconds | int | `30` | | | readinessProbe.periodSeconds | int | `30` | | -| replicaCount | int | `1` | | +| replicaCount | int | `1` | Number of replicas for the service. | | resources | object | `{}` | | | securityContext.readOnlyRootFilesystem | bool | `true` | | | securityContext.runAsUser | int | `1000` | | diff --git a/charts/whylogs/values.yaml b/charts/whylogs/values.yaml index 0991ad1..3f2df13 100644 --- a/charts/whylogs/values.yaml +++ b/charts/whylogs/values.yaml @@ -1,3 +1,4 @@ +# -- Number of replicas for the service. replicaCount: 1 image: From 4ffd17c90efee53269c581fca4704e146237a4cd Mon Sep 17 00:00:00 2001 From: AnchorArray Date: Wed, 8 May 2024 17:39:05 -0700 Subject: [PATCH 6/6] put back ci jobs --- .github/workflows/main.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index 34379b8..15ddd71 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -25,7 +25,7 @@ jobs: version: v3.14.0 - name: Package All Helm Charts - # if: github.event_name == 'push' + if: github.event_name == 'push' working-directory: ${{ github.workspace }}/charts run: | for dir in */ ; do @@ -36,14 +36,14 @@ jobs: shell: bash - name: Login to GHCR - # if: github.event_name == 'push' + if: github.event_name == 'push' run: | docker login ghcr.io \ -u ${{ github.repository_owner }} \ --password-stdin < <(echo "${{ secrets.GITHUB_TOKEN }}") - name: Publish Helm Charts to GHCR - # if: github.event_name == 'push' + if: github.event_name == 'push' working-directory: ${{ github.workspace }}/charts run: | for chart in *.tgz ; do