Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add backend service #33

Closed
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions charts/guardrails/CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,12 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning]
(https://semver.org/spec/v2.0.0.html).

## [0.3.0] - 2024-08-21

### Added

- Backend service

## [0.2.1] - 2024-07-25

### Updated
Expand Down
2 changes: 1 addition & 1 deletion charts/guardrails/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,5 +2,5 @@ apiVersion: v2
name: guardrails
description: A Helm chart for WhyLabs Guardrails
type: application
version: 0.2.1
version: 0.3.0
appVersion: "1.0.23"
29 changes: 23 additions & 6 deletions charts/guardrails/README.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# guardrails

![Version: 0.2.1](https://img.shields.io/badge/Version-0.2.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.23](https://img.shields.io/badge/AppVersion-1.0.23-informational?style=flat-square)
![Version: 0.3.0](https://img.shields.io/badge/Version-0.3.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.23](https://img.shields.io/badge/AppVersion-1.0.23-informational?style=flat-square)

A Helm chart for WhyLabs Guardrails

Expand Down Expand Up @@ -75,14 +75,14 @@ release_name=""
# the working directory or --destination path
helm pull \
oci://ghcr.io/whylabs/guardrails \
--version 0.2.1
--version 0.3.0

# Requires the helm-diff plugin to be installed:
# helm plugin install https://github.com/databus23/helm-diff
helm diff upgrade \
--allow-unreleased \
--namespace "${target_namespace}" \
"${release_name}" guardrails-0.2.1.tgz
"${release_name}" guardrails-0.3.0.tgz
```

After you've installed the repo you can install the chart.
Expand All @@ -91,7 +91,7 @@ After you've installed the repo you can install the chart.
helm upgrade --install \
--create-namespace \
--namespace "${target_namespace}" \
"${release_name}" guardrails-0.2.1.tgz
"${release_name}" guardrails-0.3.0.tgz
```

## Exposing Guardrails Outside Kubernetes
Expand Down Expand Up @@ -161,14 +161,31 @@ utilization.
|-----|------|---------|-------------|
| affinity | object | `{}` | Affinity settings for `Pod` [scheduling](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/). If an explicit label selector is not provided for pod affinity or pod anti-affinity one will be created from the pod selector labels. |
| autoscaling | object | `{"enabled":false,"maxReplicas":100,"minReplicas":1,"targetCPUUtilizationPercentage":70}` | [Horizontal Pod Autoscaler](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) configuration for the `guardrails` container. |
| backend.enabled | bool | `true` | |
| backend.env | object | `{}` | [Environment variables](https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/) for the `guardrails` container. |
| backend.image.pullPolicy | string | `"IfNotPresent"` | Image pull policy for the `guardrails` container. |
| backend.image.repository | string | `"207285235248.dkr.ecr.us-west-2.amazonaws.com/guardrails-backend"` | Image repository for the `guardrails` container. |
| backend.image.tag | string | `"latest"` | Image tag for the `guardrails` container, this will default to `.Chart.AppVersion` if not set. |
| backend.livenessProbe | object | `{"failureThreshold":3,"httpGet":{"path":"/status","port":8080},"initialDelaySeconds":30,"periodSeconds":30}` | [Liveness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) configuration for the `guardrails` container. |
| backend.podAnnotations | object | `{}` | Annotations to add to the `Pod`. |
| backend.podLabels | object | `{}` | Labels to add to the `Pod`. |
| backend.podSecurityContext | object | `{"runAsNonRoot":true}` | [Pod security context](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#podsecuritycontext-v1-core), this supports full customisation. |
| backend.readinessProbe | object | `{"failureThreshold":10,"httpGet":{"path":"/status","port":8080},"initialDelaySeconds":30,"periodSeconds":30}` | [Readiness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) configuration for the `guardrails` container. |
| backend.replicaCount | int | `1` | |
| backend.resources | object | `{"limits":{"cpu":"1","ephemeral-storage":"250Mi","memory":"1Gi"},"requests":{"cpu":"1","ephemeral-storage":"250Mi","memory":"1Gi"}}` | [Resources](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the `guardrails` container. |
| backend.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"privileged":false,"readOnlyRootFilesystem":true,"runAsNonRoot":true,"runAsUser":1000}` | [Security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) for the `guardrails` container. |
| backend.service.annotations | object | `{}` | Service annotations. |
| backend.service.port | int | `80` | Service HTTP port. |
| backend.service.targetPort | int | `8080` | The port on which the application container is listening. |
| backend.service.type | string | `"ClusterIP"` | Service Type, i.e. ClusterIp, LoadBalancer, etc. |
| commonLabels | object | `{}` | Labels to add to all chart resources. |
| env | object | `{}` | [Environment variables](https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/) for the `guardrails` container. |
| extraVolumeMounts | list | `[]` | Extra [volume mounts](https://kubernetes.io/docs/concepts/storage/volumes/) for the `guardrails` container. |
| extraVolumes | list | `[]` | Extra [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) for the `Pod`. |
| fullnameOverride | string | `""` | Override the full name of the chart. |
| image.pullPolicy | string | `"IfNotPresent"` | Image pull policy for the `guardrails` container. |
| image.repository | string | `"registry.gitlab.com/whylabs/langkit-container"` | Image repository for the `guardrails` container. |
| image.tag | string | `""` | Image tag for the `guardrails` container, this will default to `.Chart.AppVersion` if not set. |
| image.repository | string | `"207285235248.dkr.ecr.us-west-2.amazonaws.com/guardrails"` | Image repository for the `guardrails` container. |
| image.tag | string | `"1.0.23"` | Image tag for the `guardrails` container, this will default to `.Chart.AppVersion` if not set. |
| imagePullSecrets[0] | list | `{"name":""}` | Image pull secrets for the `guardrails` container. Defaults to `whylabs-{{ .Release.Name }}-registry-credentials` if `name: ""`. To exclude The ImagePullSecret entirely, set `imagePullSecrets: []` and comment out the list items. |
| ingress | object | `{"annotations":{},"className":"","enabled":false,"hosts":[{"host":"chart-example.local","paths":[{"path":"/","pathType":"ImplementationSpecific"}]}],"tls":[]}` | [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) configuration for the `guardrails` container. |
| livenessProbe | object | `{"failureThreshold":3,"httpGet":{"path":"/health","port":8000},"initialDelaySeconds":30,"periodSeconds":30}` | [Liveness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) configuration for the `guardrails` container. |
Expand Down
23 changes: 23 additions & 0 deletions charts/guardrails/templates/_helpers.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,21 @@ app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- end }}

{{/*
Common labels - Backend
*/}}
{{- define "guardrails.backendLabels" -}}
helm.sh/chart: {{ include "guardrails.chart" . }}
{{ include "guardrails.backendSelectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- with .Values.commonLabels }}
{{ toYaml . }}
{{- end }}
{{- end }}

{{/*
Selector labels
*/}}
Expand All @@ -53,6 +68,14 @@ app.kubernetes.io/name: {{ include "guardrails.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}

{{/*
Backend Selector labels
*/}}
{{- define "guardrails.backendSelectorLabels" -}}
app.kubernetes.io/name: {{ include "guardrails.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}-backend
{{- end }}

{{/*
Create the name of the service account to use
*/}}
Expand Down
90 changes: 90 additions & 0 deletions charts/guardrails/templates/deployment-backend.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,90 @@
{{- if .Values.backend.enabled -}}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "guardrails.fullname" . }}-backend
labels:
{{- include "guardrails.backendLabels" . | nindent 4 }}
spec:
revisionHistoryLimit: 3
replicas: {{ .Values.backend.replicaCount }}
selector:
matchLabels:
{{- include "guardrails.backendSelectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.backend.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "guardrails.backendLabels" . | nindent 8 }}
{{- with .Values.backend.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- if gt (len .Values.imagePullSecrets) 0 }}
imagePullSecrets:
{{- range .Values.imagePullSecrets }}
{{- if .name }}
- name: {{ .name }}
{{- else }}
- name: whylabs-{{ $.Release.Name }}-registry-credentials
{{- end }}
{{- end }}
{{- end }}
serviceAccountName: {{ include "guardrails.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.backend.podSecurityContext | nindent 8 }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.backend.securityContext | nindent 12 }}
image: "{{ .Values.backend.image.repository }}:{{ .Values.backend.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.backend.image.pullPolicy }}
{{- if .Values.backend.env }}
env:
{{- range $key, $value := .Values.env }}
- name: {{ $key }}
value: {{ $value | quote }}
{{- end }}
{{- end }}
ports:
- name: http
containerPort: {{ .Values.backend.service.targetPort }}
protocol: TCP
livenessProbe:
{{- toYaml .Values.backend.livenessProbe | nindent 12 }}
readinessProbe:
{{- toYaml .Values.backend.readinessProbe | nindent 12 }}
resources:
{{- toYaml .Values.backend.resources | nindent 12 }}
volumeMounts:
- name: temp-dir
mountPath: /tmp
{{- if .Values.extraVolumeMounts }}
{{- with .extraVolumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
{{- end }}
volumes:
- name: temp-dir
emptyDir: {}
{{- if .Values.extraVolumes }}
{{- with .Values.extraVolumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end -}}
2 changes: 1 addition & 1 deletion charts/guardrails/templates/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ metadata:
labels:
{{- include "guardrails.labels" . | nindent 4 }}
spec:
revisionHistoryLimit: 1
revisionHistoryLimit: 3
{{- if not .Values.autoscaling.enabled }}
replicas: {{ .Values.replicaCount }}
{{- end }}
Expand Down
21 changes: 21 additions & 0 deletions charts/guardrails/templates/service-backend.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
{{- if .Values.backend.enabled -}}
apiVersion: v1
kind: Service
metadata:
name: {{ include "guardrails.fullname" . }}-backend
labels:
{{- include "guardrails.backendLabels" . | nindent 4 }}
{{- if .Values.backend.service.annotations }}
annotations:
{{- .Values.backend.service.annotations | toYaml | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.backend.service.type }}
ports:
- name: http
protocol: TCP
port: {{ .Values.backend.service.port }}
targetPort: {{ .Values.backend.service.targetPort }}
selector:
{{- include "guardrails.backendSelectorLabels" . | nindent 4 }}
{{- end -}}
80 changes: 78 additions & 2 deletions charts/guardrails/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,12 +3,12 @@ replicaCount: 4

image:
# -- Image repository for the `guardrails` container.
repository: registry.gitlab.com/whylabs/langkit-container
repository: 207285235248.dkr.ecr.us-west-2.amazonaws.com/guardrails
# -- Image pull policy for the `guardrails` container.
pullPolicy: IfNotPresent
# -- (string) Image tag for the `guardrails` container, this will default to
# `.Chart.AppVersion` if not set.
tag: ""
tag: "1.0.23"

imagePullSecrets:
# -- (list) Image pull secrets for the `guardrails` container. Defaults to
Expand Down Expand Up @@ -140,3 +140,79 @@ tolerations: []

# -- Affinity settings for `Pod` [scheduling](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/). If an explicit label selector is not provided for pod affinity or pod anti-affinity one will be created from the pod selector labels.
affinity: {}

backend:
enabled: true
replicaCount: 1

image:
# -- Image repository for the `guardrails` container.
repository: 207285235248.dkr.ecr.us-west-2.amazonaws.com/guardrails-backend
# -- Image pull policy for the `guardrails` container.
pullPolicy: IfNotPresent
# -- (string) Image tag for the `guardrails` container, this will default to
# `.Chart.AppVersion` if not set.
tag: "latest"

service:
# -- Service annotations.
annotations: {}
# -- Service Type, i.e. ClusterIp, LoadBalancer, etc.
type: ClusterIP
# -- Service HTTP port.
port: 80
# -- The port on which the application container is listening.
targetPort: 8080

# -- [Environment variables](https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/) for the `guardrails` container.
env: {}
# MY_ENV_VAR: "my env var value"

# -- Annotations to add to the `Pod`.
podAnnotations: {}

# -- Labels to add to the `Pod`.
podLabels: {}

# -- [Pod security context](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#podsecuritycontext-v1-core), this supports full customisation.
podSecurityContext:
runAsNonRoot: true

# -- [Security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) for the `guardrails` container.
securityContext:
privileged: false
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
capabilities:
drop: ["ALL"]

# -- [Resources](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the `guardrails` container.
resources:
requests:
cpu: "1"
memory: "1Gi"
ephemeral-storage: 250Mi
limits:
cpu: "1"
memory: "1Gi"
ephemeral-storage: 250Mi

# -- [Liveness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) configuration for the `guardrails` container.
livenessProbe:
httpGet:
path: /status
port: 8080
failureThreshold: 3
initialDelaySeconds: 30
periodSeconds: 30

# -- [Readiness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) configuration for the `guardrails` container.
readinessProbe:
httpGet:
path: /status
port: 8080
failureThreshold: 10
initialDelaySeconds: 30
periodSeconds: 30
Loading