From 2ef64002176c99ab988bfc6354dd7610b72fcac4 Mon Sep 17 00:00:00 2001 From: AnchorArray Date: Mon, 9 Dec 2024 14:06:08 -0700 Subject: [PATCH 1/3] Fix selector label incompatibility --- charts/guardrails/CHANGELOG.md | 20 +++++++--------- charts/guardrails/Chart.yaml | 2 +- charts/guardrails/README.md | 8 +++---- charts/guardrails/templates/_helpers.tpl | 24 +++++++++++++++++++ .../templates/deployment-nginx.yaml | 9 +++---- charts/guardrails/templates/deployment.yaml | 5 +--- .../guardrails/templates/service-nginx.yaml | 2 +- charts/guardrails/templates/service.yaml | 2 +- 8 files changed, 43 insertions(+), 29 deletions(-) diff --git a/charts/guardrails/CHANGELOG.md b/charts/guardrails/CHANGELOG.md index 2e4a4f5..6ca4132 100644 --- a/charts/guardrails/CHANGELOG.md +++ b/charts/guardrails/CHANGELOG.md @@ -6,24 +6,20 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning] (https://semver.org/spec/v2.0.0.html). -## [0.5.0] - 2024-12-02 - -### Added - -- Add caching support, enabled with `cache.enable: true` (default is `true`) -- HPA support for configuring scaling behavior +## [0.5.1] - 2024-12-09 -## [0.4.0] - 2024-11-26 +### Fixed -### Changed +- Reverted guardrails deployment selector labels change to be consistent with + previous chart versions. The cache layer deployment selector labels have been + updated to be independently unique. -- Default image tag from `2.0.1` to `2.2.2` +## [0.5.0] - 2024-12-02 ### Added -- Caching support enabled with `cache.enable: true` -- Horizontal Pod Autoscaler (HPA) support for configuring scaling behavior -- Startup probe to support more graceful startup and scaling behavior +- Add caching support, enabled with `cache.enable: true` (default is `true`) +- HPA support for configuring scaling behavior ## [0.3.1] - 2024-10-31 diff --git a/charts/guardrails/Chart.yaml b/charts/guardrails/Chart.yaml index 1087259..2291c68 100644 --- a/charts/guardrails/Chart.yaml +++ b/charts/guardrails/Chart.yaml @@ -2,6 +2,6 @@ apiVersion: v2 name: guardrails description: A Helm chart for WhyLabs Guardrails type: application -version: 0.5.0 +version: 0.5.1 appVersion: "2.2.2" icon: "https://whylabs.ai/_next/static/images/whylabs-favicon-192c009321aebbb96c19921a170fc880.png" diff --git a/charts/guardrails/README.md b/charts/guardrails/README.md index e72bd3a..0952484 100644 --- a/charts/guardrails/README.md +++ b/charts/guardrails/README.md @@ -1,6 +1,6 @@ # guardrails -![Version: 0.5.0](https://img.shields.io/badge/Version-0.5.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.2.2](https://img.shields.io/badge/AppVersion-2.2.2-informational?style=flat-square) +![Version: 0.5.1](https://img.shields.io/badge/Version-0.5.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.2.2](https://img.shields.io/badge/AppVersion-2.2.2-informational?style=flat-square) A Helm chart for WhyLabs Guardrails @@ -118,14 +118,14 @@ release_name="" # the working directory or --destination path helm pull \ oci://ghcr.io/whylabs/guardrails \ - --version 0.5.0 + --version 0.5.1 # Requires the helm-diff plugin to be installed: # helm plugin install https://github.com/databus23/helm-diff helm diff upgrade \ --allow-unreleased \ --namespace "${target_namespace}" \ - "${release_name}" guardrails-0.5.0.tgz + "${release_name}" guardrails-0.5.1.tgz ``` After you've installed the repo you can install the chart. @@ -134,7 +134,7 @@ After you've installed the repo you can install the chart. helm upgrade --install \ --create-namespace \ --namespace "${target_namespace}" \ - "${release_name}" guardrails-0.5.0.tgz + "${release_name}" guardrails-0.5.1.tgz ``` ## Exposing Guardrails Outside Kubernetes diff --git a/charts/guardrails/templates/_helpers.tpl b/charts/guardrails/templates/_helpers.tpl index 94d31ad..5a9296b 100644 --- a/charts/guardrails/templates/_helpers.tpl +++ b/charts/guardrails/templates/_helpers.tpl @@ -42,6 +42,22 @@ app.kubernetes.io/managed-by: {{ .Release.Service }} {{- with .Values.commonLabels }} {{ toYaml . }} {{- end }} +{{ include "guardrails.selectorLabels" . }} +{{- end }} + +{{/* +Cache labels +*/}} +{{- define "guardrails.cacheLabels" -}} +helm.sh/chart: {{ include "guardrails.chart" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- with .Values.commonLabels }} +{{ toYaml . }} +{{- end }} +{{ include "guardrails.cacheSelectorLabels" . }} {{- end }} {{/* @@ -52,6 +68,14 @@ app.kubernetes.io/name: {{ include "guardrails.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} +{{/* +Cache Selector labels +*/}} +{{- define "guardrails.cacheSelectorLabels" -}} +app.kubernetes.io/name: {{ include "guardrails.name" . }}-nginx +app.kubernetes.io/instance: {{ .Release.Name }}-nginx +{{- end }} + {{/* Create the name of the service account to use */}} diff --git a/charts/guardrails/templates/deployment-nginx.yaml b/charts/guardrails/templates/deployment-nginx.yaml index 450a3a6..ae070b4 100644 --- a/charts/guardrails/templates/deployment-nginx.yaml +++ b/charts/guardrails/templates/deployment-nginx.yaml @@ -4,12 +4,12 @@ kind: Deployment metadata: name: {{ .Release.Name }}-nginx labels: - {{- include "guardrails.labels" . | nindent 4 }} + {{- include "guardrails.cacheLabels" . | nindent 4 }} spec: replicas: {{ .Values.cache.replicaCount }} selector: matchLabels: - app: {{ .Release.Name }}-nginx + {{- include "guardrails.cacheSelectorLabels" . | nindent 8 }} template: metadata: {{- with .Values.cache.annotations }} @@ -17,10 +17,7 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} labels: - {{- include "guardrails.labels" . | nindent 8 }} - app: {{ .Release.Name }}-nginx - app.kubernetes.io/name: {{ include "guardrails.name" . }}-nginx - app.kubernetes.io/instance: {{ .Release.Name }}-nginx + {{- include "guardrails.cacheLabels" . | nindent 8 }} spec: serviceAccountName: {{ include "guardrails.serviceAccountName" . }} securityContext: diff --git a/charts/guardrails/templates/deployment.yaml b/charts/guardrails/templates/deployment.yaml index d1760f4..e9c3f58 100644 --- a/charts/guardrails/templates/deployment.yaml +++ b/charts/guardrails/templates/deployment.yaml @@ -11,7 +11,7 @@ spec: {{- end }} selector: matchLabels: - app: {{ .Release.Name }} + {{- include "guardrails.selectorLabels" . | nindent 8 }} template: metadata: {{- with .Values.podAnnotations }} @@ -23,9 +23,6 @@ spec: {{- with .Values.podLabels }} {{- toYaml . | nindent 8 }} {{- end }} - app: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "guardrails.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} spec: {{- if gt (len .Values.imagePullSecrets) 0 }} imagePullSecrets: diff --git a/charts/guardrails/templates/service-nginx.yaml b/charts/guardrails/templates/service-nginx.yaml index d6a835e..2362f01 100644 --- a/charts/guardrails/templates/service-nginx.yaml +++ b/charts/guardrails/templates/service-nginx.yaml @@ -11,5 +11,5 @@ spec: port: 80 targetPort: 8080 selector: - app: {{ .Release.Name }}-nginx + {{- include "guardrails.cacheSelectorLabels" . | nindent 4 }} {{- end }} diff --git a/charts/guardrails/templates/service.yaml b/charts/guardrails/templates/service.yaml index cfd0f73..085fe64 100644 --- a/charts/guardrails/templates/service.yaml +++ b/charts/guardrails/templates/service.yaml @@ -16,4 +16,4 @@ spec: port: {{ .Values.service.port }} targetPort: {{ .Values.service.targetPort }} selector: - app: {{ .Release.Name }} + {{- include "guardrails.selectorLabels" . | nindent 4 }} From 7c812d7c9089a4c36ed388565dc7429ac4233639 Mon Sep 17 00:00:00 2001 From: AnchorArray Date: Mon, 9 Dec 2024 15:31:03 -0700 Subject: [PATCH 2/3] fix env quoteing and conditionally set cache endpoint env --- charts/guardrails/CHANGELOG.md | 5 +++++ charts/guardrails/README.md | 2 +- charts/guardrails/templates/deployment.yaml | 2 +- charts/guardrails/values.yaml | 5 ++--- 4 files changed, 9 insertions(+), 5 deletions(-) diff --git a/charts/guardrails/CHANGELOG.md b/charts/guardrails/CHANGELOG.md index 6ca4132..f2c5df1 100644 --- a/charts/guardrails/CHANGELOG.md +++ b/charts/guardrails/CHANGELOG.md @@ -14,6 +14,11 @@ and this project adheres to [Semantic Versioning] previous chart versions. The cache layer deployment selector labels have been updated to be independently unique. +### Changed + +- Conditionally set `WHYLABS_API_CACHE_ENDPOINT` environment variable based on + the `cache.enable` value. + ## [0.5.0] - 2024-12-02 ### Added diff --git a/charts/guardrails/README.md b/charts/guardrails/README.md index 0952484..afcd6a4 100644 --- a/charts/guardrails/README.md +++ b/charts/guardrails/README.md @@ -290,7 +290,7 @@ autoscaling: | cache.labels | object | `{}` | Labels for the cache. | | cache.replicaCount | int | `1` | Number of replicas for the cache. | | commonLabels | object | `{}` | Labels to add to all chart resources. | -| env | object | `{}` | [Environment variables](https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/) for the `guardrails` container. **Supports Helm templating syntax**, e.g. you can use `{{ .Release.Name }}` or other templating variables, functions, and conditions within the the value of each environment variable. | +| env | object | `{"CONFIG_SYNC_INTERVAL":"1","TENANCY_MODE":"{{ .Values.tenancyMode | default \"SINGLE\" }}","WHYLABS_API_CACHE_ENDPOINT":"{{ if .Values.cache.enable }}{{ .Release.Name }}.{{ .Release.Namespace }}.svc.cluster.local{{ else }}{{ end }}"}` | [Environment variables](https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/) for the `guardrails` container. **Supports Helm templating syntax**, e.g. you can use `{{ .Release.Name }}` or other templating variables, functions, and conditions within the the value of each environment variable. | | envFrom | list | `[{"secretRef":{"name":"whylabs-guardrails-api-key","optional":true}},{"secretRef":{"name":"whylabs-guardrails-api-secret","optional":true}}]` | Create environment variables from Kubernetes secrets or config maps. | | envFrom[0].secretRef.name | string | `"whylabs-guardrails-api-key"` | Name of the Kubernetes secret containing the API key. The secret must be in the same namespace as the release and should be created prior to installing the chart. | | envFrom[1].secretRef.name | string | `"whylabs-guardrails-api-secret"` | Name of the Kubernetes secret containing the container password, the value used when executing requests against the guardrails container. The secret must be in the same namespace as the release and should be created prior to installing the chart. | diff --git a/charts/guardrails/templates/deployment.yaml b/charts/guardrails/templates/deployment.yaml index e9c3f58..136aabd 100644 --- a/charts/guardrails/templates/deployment.yaml +++ b/charts/guardrails/templates/deployment.yaml @@ -47,7 +47,7 @@ spec: env: {{- range $key, $value := .Values.env }} - name: {{ $key }} - value: {{ tpl $value $ }} + value: {{ tpl $value $ | quote }} {{- end }} {{- end }} {{- if .Values.envFrom }} diff --git a/charts/guardrails/values.yaml b/charts/guardrails/values.yaml index 8f4771a..4af725c 100644 --- a/charts/guardrails/values.yaml +++ b/charts/guardrails/values.yaml @@ -68,10 +68,9 @@ commonLabels: {} # for the `guardrails` container. **Supports Helm templating syntax**, e.g. you can use `{{ .Release.Name }}` or other # templating variables, functions, and conditions within the the value of each environment variable. env: - # Uncomment WHYLABS_API_CACHE_ENDPOINT if .Values.cache.enable is true - # WHYLABS_API_CACHE_ENDPOINT: "{{ .Release.Name }}.{{ .Release.Namespace }}.svc.cluster.local" - # @ignored + WHYLABS_API_CACHE_ENDPOINT: "{{ if .Values.cache.enable }}{{ .Release.Name }}.{{ .Release.Namespace }}.svc.cluster.local{{ else }}{{ end }}" TENANCY_MODE: "{{ .Values.tenancyMode | default \"SINGLE\" }}" + CONFIG_SYNC_INTERVAL: "1" # -- Create environment variables from Kubernetes secrets or config maps. envFrom: From df569499cbcce2137da467b4c84188cfa65203ae Mon Sep 17 00:00:00 2001 From: AnchorArray Date: Mon, 9 Dec 2024 16:39:25 -0700 Subject: [PATCH 3/3] multi-tenant mode should not be enabled by default --- charts/guardrails/README.md | 2 +- charts/guardrails/values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/guardrails/README.md b/charts/guardrails/README.md index afcd6a4..9b40059 100644 --- a/charts/guardrails/README.md +++ b/charts/guardrails/README.md @@ -322,7 +322,7 @@ autoscaling: | serviceAccount.labels | object | `{}` | Labels to add to the service account. | | serviceAccount.name | string | `""` | If this is set and `serviceAccount.create` is `true` this will be used for the created `ServiceAccount` name, if set and `serviceAccount.create` is `false` then this will define an existing `ServiceAccount` to use. | | startupProbe | object | `{"failureThreshold":20,"httpGet":{"path":"/health","port":8000},"initialDelaySeconds":20,"periodSeconds":10}` | [Readiness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) configuration for the `guardrails` container. Liveness and readiness probes are suppressed until the startup probe succeeds. | -| tenancyMode | string | `"MULTI"` | tenancyMode for the guardrails service. Must be `SINGLE` or `MULTI`. | +| tenancyMode | string | `"SINGLE"` | tenancyMode for the guardrails service. Must be `SINGLE` or `MULTI`. | | tolerations | list | `[]` | Node taints which will be tolerated for `Pod` [scheduling](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/). | ---------------------------------------------- diff --git a/charts/guardrails/values.yaml b/charts/guardrails/values.yaml index 4af725c..39d015d 100644 --- a/charts/guardrails/values.yaml +++ b/charts/guardrails/values.yaml @@ -228,7 +228,7 @@ startupProbe: periodSeconds: 10 # -- (string) tenancyMode for the guardrails service. Must be `SINGLE` or `MULTI`. -tenancyMode: MULTI +tenancyMode: SINGLE # -- Node taints which will be tolerated for `Pod` # [scheduling](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/).