Merge branch 'main' into aastha/restric-k8s-permissions

charts/launch-agent/Chart.yaml

@@ -3,7 +3,7 @@ name: launch-agent
 icon: https://em-content.zobj.net/thumbs/240/apple/354/rocket_1f680.png
 description: A Helm chart for running the W&B Launch Agent in Kubernetes
 type: application
-version: 0.13.3
+version: 0.13.5
 maintainers:
   - name: wandb
     email: [email protected]

charts/launch-agent/templates/deployment.yaml

@@ -148,6 +148,8 @@ spec:
         {{- toYaml .Values.agent.nodeSelector | nindent 8 }}
       tolerations:
         {{- toYaml .Values.agent.tolerations | nindent 8 }}
+      affinity:
+        {{- toYaml .Values.agent.affinity | nindent 8 }}
 ---
 {{- if .Capabilities.APIVersions.Has "policy/v1" }}
 apiVersion: policy/v1
@@ -160,4 +162,4 @@ spec:
     matchLabels:
       app: launch-agent-{{ .Release.Name }}
 ---
-{{- end }}
+{{- end }}

charts/launch-agent/values.yaml

@@ -5,7 +5,7 @@ agent:
   # Providing API key can be done external to this chart
   useExternalWandbSecret: false
   # Container image to use for the agent.
-  image: wandb/launch-agent:0.16.6
+  image: wandb/launch-agent:0.17.1
   # Image pull policy for agent image.
   imagePullPolicy: Always
   # Resources block for the agent spec.
@@ -21,6 +21,8 @@ agent:
   minAvailable: 1
   # Tolerations for the agent pod.
   tolerations: []
+  # Affinites for the agent pod.
+  affinity: {}
 
 # Namespace to deploy launch agent into
 namespace: wandb

charts/operator-wandb/Chart.lock

@@ -29,5 +29,11 @@ dependencies:
 - name: flat-run-fields-updater
   repository: file://charts/flat-run-fields-updater
   version: 0.1.0
-digest: sha256:72ce111a55d35fac65edc81862f81dd1c0a6ad747aa2a6b2522966f91b27c814
-generated: "2024-03-26T20:48:42.072569696Z"
+- name: nginx
+  repository: file://charts/nginx
+  version: 0.1.0
+- name: stackdriver
+  repository: file://charts/stackdriver
+  version: 0.1.0
+digest: sha256:9a6c69506deb6969686d5b220a0692b53cfa29642e059bdf27c440c5d7086bdb
+generated: "2024-06-05T11:04:02.508473-07:00"

charts/operator-wandb/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: operator-wandb
 description: A Helm chart for deploying W&B to Kubernetes
 type: application
-version: 0.13.1
+version: 0.13.14
 appVersion: 1.0.0
 icon: https://wandb.ai/logo.svg
 
@@ -52,3 +52,11 @@ dependencies:
     version: "*.*.*"
     repository: file://charts/flat-run-fields-updater
     condition: flat-run-fields-updater.install
+  - name: nginx
+    version: "*.*.*"
+    repository: file://charts/nginx
+    condition: nginx.install
+  - name: stackdriver
+    version: "*.*.*"
+    repository: file://charts/stackdriver
+    condition: stackdriver.install

charts/operator-wandb/charts/app/templates/deployment.yaml

@@ -158,9 +158,11 @@ spec:
             - name: OIDC_CLIENT_ID            
               value: {{ .Values.global.auth.oidc.clientId }}
             - name: OIDC_AUTH_METHOD
-              value: {{ .Values.global.auth.oidc.method }}
+              value: {{ .Values.global.auth.oidc.authMethod }}
             - name: OIDC_ISSUER
               value: {{ .Values.global.auth.oidc.issuer }}
+            - name: OIDC_CLIENT_SECRET
+              value: {{ .Values.global.auth.oidc.secret }}
             {{- end }}
 
             - name: GORILLA_SESSION_LENGTH

charts/operator-wandb/charts/nginx/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/operator-wandb/charts/nginx/Chart.yaml

@@ -0,0 +1,15 @@
+apiVersion: v2
+name: nginx
+type: application
+description: A Helm chart for Kubernetes
+
+version: 0.1.0
+appVersion: "1.25.5"
+
+home: https://wandb.ai
+icon: https://wandb.ai/logo.svg
+
+maintainers:
+  - name: wandb
+    email: [email protected]
+    url: https://wandb.com

charts/operator-wandb/charts/nginx/templates/_helpers.tpl

@@ -0,0 +1,124 @@
+{{/* vim: set filetype=mustache: */}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "nginx.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified nginx name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "nginx.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "nginx.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "nginx.labels" -}}
+helm.sh/chart: {{ include "nginx.chart" . }}
+{{ include "nginx.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+wandb.com/app-name: {{ include "nginx.chart" . }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "nginx.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "nginx.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "nginx.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "nginx.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
+
+
+{{/*
+Returns a list of _common_ labels to be shared across all
+app deployments and other shared objects.
+*/}}
+{{- define "nginx.commonLabels" -}}
+{{- $commonLabels := default (dict) .Values.common.labels -}}
+{{- if $commonLabels }}
+{{-   range $key, $value := $commonLabels }}
+{{ $key }}: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Returns a list of _pod_ labels to be shared across all
+nginx deployments.
+*/}}
+{{- define "nginx.podLabels" -}}
+{{- range $key, $value := .Values.pod.labels }}
+{{ $key }}: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+
+
+{{- define "nginx.nodeSelector" -}}
+{{- $nodeSelector := default .Values.global.nodeSelector .Values.nodeSelector -}}
+{{- if $nodeSelector }}
+nodeSelector:
+  {{- toYaml $nodeSelector | nindent 2 }}
+{{- end }}
+{{- end -}}
+
+
+{{/*
+Return a PodSecurityContext definition.
+
+Usage:
+  {{ include "nginx.podSecurityContext" .Values.pod.securityContext }}
+*/}}
+{{- define "nginx.podSecurityContext" -}}
+{{- $psc := . }}
+{{- if $psc }}
+securityContext:
+{{-   if not (empty $psc.runAsUser) }}
+  runAsUser: {{ $psc.runAsUser }}
+{{-   end }}
+{{-   if not (empty $psc.runAsGroup) }}
+  runAsGroup: {{ $psc.runAsGroup }}
+{{-   end }}
+{{-   if not (empty $psc.fsGroup) }}
+  fsGroup: {{ $psc.fsGroup }}
+{{-   end }}
+{{-   if not (empty $psc.fsGroupChangePolicy) }}
+  fsGroupChangePolicy: {{ $psc.fsGroupChangePolicy }}
+{{-   end }}
+{{- end }}
+{{- end -}}

charts/operator-wandb/charts/nginx/templates/configmap.yaml

@@ -0,0 +1,37 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "nginx.fullname" . }}
+  labels:
+    {{- include "nginx.commonLabels" . | nindent 4 }}
+    {{- include "nginx.labels" . | nindent 4 }}
+    {{- if .Values.configMap.labels -}}
+    {{-   toYaml .Values.configMap.labels | nindent 4 }}
+    {{- end }}
+  annotations:
+    {{- if .Values.configMap.annotations -}}
+    {{-   toYaml .Values.configMap.annotations | nindent 4 }}
+    {{- end }}
+data:
+  nginx.conf: |
+    worker_processes  auto;
+
+    error_log  /var/log/nginx/error.log notice;
+    pid        /tmp/nginx.pid;
+
+
+    events {
+        worker_connections  1024;
+    }
+
+    http {
+      server {
+        listen 8080;
+        location / {
+          proxy_pass http://{{ .Release.Name }}-app:8080;
+        }
+        location /console {
+          proxy_pass http://{{ .Release.Name }}-console:8082;
+        }
+      }
+    }

charts/operator-wandb/charts/nginx/templates/deployment.yaml

@@ -0,0 +1,54 @@
+{{- if .Values.enabled }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  annotations:
+    {{- if .Values.deployment.annotations -}}
+    {{-   toYaml .Values.deployment.annotations | nindent 4 }}
+    {{- end }}
+  labels:
+    {{- include "nginx.commonLabels" . | nindent 4 }}
+    {{- include "nginx.labels" . | nindent 4 }}
+    {{- if .Values.deployment.labels -}}
+    {{-   toYaml .Values.deployment.labels | nindent 4 }}
+    {{- end }}
+  name: {{ include "nginx.fullname" . }}
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      {{- include "nginx.labels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        {{- include "nginx.commonLabels" . | nindent 8 }}
+        {{- include "nginx.podLabels" . | nindent 8 }}
+        {{- include "nginx.labels" . | nindent 8 }}
+      annotations:
+        checksum/configmap: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+        {{- if .Values.pod.annotations -}}
+        {{-   toYaml .Values.pod.annotations | nindent 8 }}
+        {{- end }}
+    spec:
+      serviceAccountName: {{ include "nginx.serviceAccountName" . }}
+      {{- if .tolerations }}
+      tolerations:
+        {{- toYaml .tolerations | nindent 8 }}
+      {{- end }}
+      {{- include "nginx.podSecurityContext" .Values.pod.securityContext | nindent 6 }}
+      containers:
+      - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+        name: {{ .Chart.Name }}
+        resources:
+          {{- toYaml .Values.resources | nindent 12 }} 
+        ports:
+          - containerPort: 8080
+        volumeMounts:
+        - name: nginx-config
+          mountPath: /etc/nginx/nginx.conf
+          subPath: nginx.conf
+      volumes:
+      - name: nginx-config
+        configMap:
+          name: {{ include "nginx.fullname" . }}
+{{- end }}

charts/operator-wandb/charts/nginx/templates/hpa.yaml

@@ -0,0 +1,22 @@
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: {{ include "nginx.fullname" . }}
+  namespace: {{ $.Release.Namespace }}
+  labels:
+    {{- include "nginx.commonLabels" . | nindent 4 }}
+    {{- include "nginx.labels" . | nindent 4 }}
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: {{ include "nginx.fullname" . }}
+  minReplicas: 1
+  maxReplicas: 1
+  metrics:
+  - type: Resource
+    resource:
+      name: cpu
+      target:
+        type: Utilization
+        averageUtilization: 70

charts/operator-wandb/charts/nginx/templates/service.yaml

@@ -0,0 +1,22 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "nginx.fullname" . }}
+  labels:
+    {{- include "nginx.commonLabels" . | nindent 4 }}
+    {{- include "nginx.labels" . | nindent 4 }}
+    {{- if .Values.service.labels -}}
+    {{-   toYaml .Values.service.labels | nindent 4 }}
+    {{- end }}
+  annotations:
+    {{- if .Values.service.annotations -}}
+    {{-   toYaml .Values.service.annotations | nindent 4 }}
+    {{- end }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 8080
+  selector:
+    {{- include "nginx.labels" . | nindent 4 }}