diff --git a/charts/guardrails/CHANGELOG.md b/charts/guardrails/CHANGELOG.md index 7adf4d4..14036a9 100644 --- a/charts/guardrails/CHANGELOG.md +++ b/charts/guardrails/CHANGELOG.md @@ -6,6 +6,23 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning] (https://semver.org/spec/v2.0.0.html). +## [0.6.0] - 2025-01-23 + +### Removed + +- Cache endpoint +- Unused secrets + +### Changed + +- Default image to `whylabs/whylogs:3.0.0` + +### Added + +- `s3_profile_upload_bucket` and `static_secret` environment variables + +- New variables + ## [0.5.2] - 2024-12-09 ### Fixed diff --git a/charts/guardrails/Chart.yaml b/charts/guardrails/Chart.yaml index 9c7ca54..511eb74 100644 --- a/charts/guardrails/Chart.yaml +++ b/charts/guardrails/Chart.yaml @@ -2,6 +2,6 @@ apiVersion: v2 name: guardrails description: A Helm chart for WhyLabs Guardrails type: application -version: 0.5.2 -appVersion: "2.2.2" +version: 0.6.0 +appVersion: "3.0.0" icon: "https://whylabs.ai/_next/static/images/whylabs-favicon-192c009321aebbb96c19921a170fc880.png" diff --git a/charts/guardrails/README.md b/charts/guardrails/README.md index f1e612d..ff5eee9 100644 --- a/charts/guardrails/README.md +++ b/charts/guardrails/README.md @@ -1,6 +1,6 @@ # guardrails -![Version: 0.5.2](https://img.shields.io/badge/Version-0.5.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.2.2](https://img.shields.io/badge/AppVersion-2.2.2-informational?style=flat-square) +![Version: 0.6.0](https://img.shields.io/badge/Version-0.6.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 3.0.0](https://img.shields.io/badge/AppVersion-3.0.0-informational?style=flat-square) A Helm chart for WhyLabs Guardrails @@ -118,14 +118,14 @@ release_name="" # the working directory or --destination path helm pull \ oci://ghcr.io/whylabs/guardrails \ - --version 0.5.2 + --version 0.6.0 # Requires the helm-diff plugin to be installed: # helm plugin install https://github.com/databus23/helm-diff helm diff upgrade \ --allow-unreleased \ --namespace "${target_namespace}" \ - "${release_name}" guardrails-0.5.2.tgz + "${release_name}" guardrails-0.6.0.tgz ``` After you've installed the repo you can install the chart. @@ -134,7 +134,7 @@ After you've installed the repo you can install the chart. helm upgrade --install \ --create-namespace \ --namespace "${target_namespace}" \ - "${release_name}" guardrails-0.5.2.tgz + "${release_name}" guardrails-0.6.0.tgz ``` ## Exposing Guardrails Outside Kubernetes @@ -283,25 +283,17 @@ autoscaling: | autoscaling.maxReplicas | int | `100` | The upper limit for the number of replicas to which the autoscaler can scale up | | autoscaling.minReplicas | int | 1 | The lower limit for the number of replicas to which the autoscaler can scale down | | autoscaling.targetCPUUtilizationPercentage | int | 80 | The specifications for which to use to calculate the desired replica count | -| cache.annotations | object | `{}` | Annotations for the cache. | -| cache.duration | string | `"1m"` | Duration for cache validity. | -| cache.enable | bool | `true` | Enable or disable caching. | -| cache.endpoint | string | `"api.whylabsapp.com"` | Endpoint for the cache service. | -| cache.labels | object | `{}` | Labels for the cache. | -| cache.replicaCount | int | `1` | Number of replicas for the cache. | | commonLabels | object | `{}` | Labels to add to all chart resources. | -| env | object | `{"CONFIG_SYNC_INTERVAL":"1","TENANCY_MODE":"{{ .Values.tenancyMode | default \"SINGLE\" }}","WHYLABS_API_CACHE_ENDPOINT":"{{ if .Values.cache.enable }}{{ .Release.Name }}-nginx.{{ .Release.Namespace }}.svc.cluster.local{{ else }}{{ end }}"}` | [Environment variables](https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/) for the `guardrails` container. **Supports Helm templating syntax**, e.g. you can use `{{ .Release.Name }}` or other templating variables, functions, and conditions within the the value of each environment variable. | -| envFrom | list | `[{"secretRef":{"name":"whylabs-guardrails-api-key","optional":true}},{"secretRef":{"name":"whylabs-guardrails-api-secret","optional":true}}]` | Create environment variables from Kubernetes secrets or config maps. | -| envFrom[0].secretRef.name | string | `"whylabs-guardrails-api-key"` | Name of the Kubernetes secret containing the API key. The secret must be in the same namespace as the release and should be created prior to installing the chart. | -| envFrom[1].secretRef.name | string | `"whylabs-guardrails-api-secret"` | Name of the Kubernetes secret containing the container password, the value used when executing requests against the guardrails container. The secret must be in the same namespace as the release and should be created prior to installing the chart. | +| env | object | `{"s3_profile_upload_bucket":"my-profile-upload-bucket","static_secret":"password"}` | [Environment variables](https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/) for the `guardrails` container. **Supports Helm templating syntax**, e.g. you can use `{{ .Release.Name }}` or other templating variables, functions, and conditions within the the value of each environment variable. | +| envFrom | string | `nil` | Create environment variables from Kubernetes secrets or config maps. | | extraVolumeMounts | list | `[]` | Extra [volume mounts](https://kubernetes.io/docs/concepts/storage/volumes/) for the `guardrails` container. | | extraVolumes | list | `[]` | Extra [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) for the `Pod`. | | fullnameOverride | string | `""` | Override the full name of the chart. | | image.pullPolicy | string | `"IfNotPresent"` | Image pull policy for the `guardrails` container. | -| image.repository | string | `"registry.gitlab.com/whylabs/langkit-container"` | Image repository for the `guardrails` container. | -| image.tag | string | `"2.2.2"` | Image tag for the `guardrails` container, this will default to `.Chart.AppVersion` if not set. | +| image.repository | string | `"whylabs/whylogs"` | Image repository for the `guardrails` container. | +| image.tag | string | `"3.0.0"` | Image tag for the `guardrails` container, this will default to `.Chart.AppVersion` if not set. | | imagePullSecrets | list | `[]` | | -| ingress | object | `{"annotations":{},"className":"","enabled":false,"hosts":[{"host":"chart-example.local","paths":[{"path":"/","pathType":"ImplementationSpecific"}]}],"tls":[]}` | [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) configuration for the `guardrails` container. | +| ingress | object | `{"enabled":false}` | [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) configuration for the `guardrails` container. | | livenessProbe | object | `{"failureThreshold":5,"httpGet":{"path":"/health","port":8000},"periodSeconds":10}` | [Liveness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) configuration for the `guardrails` container. Failed livenessProbes restarts containers | | nameOverride | string | `""` | Override the name of the chart. | | nodeSelector | object | `{}` | Node labels to match for `Pod` [scheduling](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/). | diff --git a/charts/guardrails/templates/_helpers.tpl b/charts/guardrails/templates/_helpers.tpl index 5a9296b..6a3f4aa 100644 --- a/charts/guardrails/templates/_helpers.tpl +++ b/charts/guardrails/templates/_helpers.tpl @@ -45,21 +45,6 @@ app.kubernetes.io/managed-by: {{ .Release.Service }} {{ include "guardrails.selectorLabels" . }} {{- end }} -{{/* -Cache labels -*/}} -{{- define "guardrails.cacheLabels" -}} -helm.sh/chart: {{ include "guardrails.chart" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- with .Values.commonLabels }} -{{ toYaml . }} -{{- end }} -{{ include "guardrails.cacheSelectorLabels" . }} -{{- end }} - {{/* Selector labels */}} @@ -68,14 +53,6 @@ app.kubernetes.io/name: {{ include "guardrails.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} -{{/* -Cache Selector labels -*/}} -{{- define "guardrails.cacheSelectorLabels" -}} -app.kubernetes.io/name: {{ include "guardrails.name" . }}-nginx -app.kubernetes.io/instance: {{ .Release.Name }}-nginx -{{- end }} - {{/* Create the name of the service account to use */}} diff --git a/charts/guardrails/templates/configmap-nginx.yaml b/charts/guardrails/templates/configmap-nginx.yaml deleted file mode 100644 index 4090d31..0000000 --- a/charts/guardrails/templates/configmap-nginx.yaml +++ /dev/null @@ -1,63 +0,0 @@ -{{- if .Values.cache.enable }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-nginx -data: - nginx.conf: | - pid /tmp/nginx.pid; - events { - worker_connections 1024; - } - http { - proxy_cache_path /tmp/nginx_cache levels=1:2 keys_zone=my_cache:10m max_size=1g - inactive=60m use_temp_path=off; - client_body_temp_path /tmp/client_temp; - proxy_temp_path /tmp/proxy_temp_path; - fastcgi_temp_path /tmp/fastcgi_temp; - uwsgi_temp_path /tmp/uwsgi_temp; - scgi_temp_path /tmp/scgi_temp; - server { - listen 8080; - server_name localhost; - location /v1/policy/list { - include cache_config.conf; - include common_proxy.conf; - proxy_cache_key "$request_uri|$http_x_whylabs_organization"; - } - location /v1/organizations/managed-organizations { - include cache_config.conf; - include common_proxy.conf; - proxy_cache_key "$request_uri|$http_x_whylabs_organization"; - } - location /v1/policy { - include cache_config.conf; - include common_proxy.conf; - proxy_cache_key "$request_uri|$http_x_whylabs_organization"; - } - location /v1/api-key/validate { - include cache_config.conf; - include common_proxy.conf; - proxy_cache_key "$request_uri|$http_x_api_key"; - } - location / { - include common_proxy.conf; - } - } - } - cache_config.conf: | - proxy_cache my_cache; - proxy_cache_valid 200 403 {{ .Values.cache.duration }}; - proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504; - add_header X-Cache-Status $upstream_cache_status always; - common_proxy.conf: | - proxy_pass https://{{ .Values.cache.endpoint }}; - proxy_set_header Host {{ .Values.cache.endpoint }}; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Accept $http_accept; - proxy_set_header Accept-Encoding $http_accept_encoding; - proxy_set_header X-API-Key $http_x_api_key; - proxy_set_header X-WhyLabs-Organization $http_x_whylabs_organization; -{{- end }} diff --git a/charts/guardrails/templates/deployment-nginx.yaml b/charts/guardrails/templates/deployment-nginx.yaml deleted file mode 100644 index ae070b4..0000000 --- a/charts/guardrails/templates/deployment-nginx.yaml +++ /dev/null @@ -1,75 +0,0 @@ -{{- if .Values.cache.enable }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }}-nginx - labels: - {{- include "guardrails.cacheLabels" . | nindent 4 }} -spec: - replicas: {{ .Values.cache.replicaCount }} - selector: - matchLabels: - {{- include "guardrails.cacheSelectorLabels" . | nindent 8 }} - template: - metadata: - {{- with .Values.cache.annotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "guardrails.cacheLabels" . | nindent 8 }} - spec: - serviceAccountName: {{ include "guardrails.serviceAccountName" . }} - securityContext: - fsGroup: 101 - containers: - - name: nginx - securityContext: - privileged: false - allowPrivilegeEscalation: false - runAsNonRoot: true - runAsUser: 101 - runAsGroup: 101 - capabilities: - drop: ["ALL"] - image: "nginxinc/nginx-unprivileged:latest" - imagePullPolicy: {{ .Values.image.pullPolicy }} - ports: - - name: http - containerPort: 8080 - protocol: TCP - volumeMounts: - - name: nginx-config - mountPath: /etc/nginx/nginx.conf - subPath: nginx.conf - - name: nginx-config - mountPath: /etc/nginx/cache_config.conf - subPath: cache_config.conf - - name: nginx-config - mountPath: /etc/nginx/common_proxy.conf - subPath: common_proxy.conf - - name: nginx-temp - mountPath: /tmp - - name: nginx-cache - mountPath: /var/cache/nginx - volumes: - - name: nginx-temp - emptyDir: {} - - name: nginx-cache - emptyDir: {} - - name: nginx-config - configMap: - name: {{ include "guardrails.fullname" . }}-nginx - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} -{{- end }} diff --git a/charts/guardrails/templates/service-nginx.yaml b/charts/guardrails/templates/service-nginx.yaml deleted file mode 100644 index 2362f01..0000000 --- a/charts/guardrails/templates/service-nginx.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if .Values.cache.enable }} -apiVersion: v1 -kind: Service -metadata: - name: {{ .Release.Name }}-nginx -spec: - type: ClusterIP - ports: - - name: http - protocol: TCP - port: 80 - targetPort: 8080 - selector: - {{- include "guardrails.cacheSelectorLabels" . | nindent 4 }} -{{- end }} diff --git a/charts/guardrails/values.yaml b/charts/guardrails/values.yaml index 455754e..2ed8674 100644 --- a/charts/guardrails/values.yaml +++ b/charts/guardrails/values.yaml @@ -47,20 +47,6 @@ autoscaling: # selectPolicy: Max # stabilizationWindowSeconds: 300 -cache: - # -- Enable or disable caching. - enable: true - # -- Duration for cache validity. - duration: 1m - # -- Number of replicas for the cache. - replicaCount: 1 - # -- Endpoint for the cache service. - endpoint: "api.whylabsapp.com" - # -- Annotations for the cache. - annotations: {} - # -- Labels for the cache. - labels: {} - # -- Labels to add to all chart resources. commonLabels: {} @@ -68,23 +54,22 @@ commonLabels: {} # for the `guardrails` container. **Supports Helm templating syntax**, e.g. you can use `{{ .Release.Name }}` or other # templating variables, functions, and conditions within the the value of each environment variable. env: - WHYLABS_API_CACHE_ENDPOINT: "{{ if .Values.cache.enable }}{{ .Release.Name }}-nginx.{{ .Release.Namespace }}.svc.cluster.local{{ else }}{{ end }}" - TENANCY_MODE: "{{ .Values.tenancyMode | default \"SINGLE\" }}" - CONFIG_SYNC_INTERVAL: "1" + static_secret: password + s3_profile_upload_bucket: my-profile-upload-bucket # -- Create environment variables from Kubernetes secrets or config maps. envFrom: - - secretRef: - # -- Name of the Kubernetes secret containing the API key. The secret must be in the same namespace as the - # release and should be created prior to installing the chart. - name: whylabs-guardrails-api-key - optional: true - - secretRef: - # -- Name of the Kubernetes secret containing the container password, the value used when executing requests - # against the guardrails container. The secret must be in the same namespace as the release and should be - # created prior to installing the chart. - name: whylabs-guardrails-api-secret - optional: true + # - secretRef: + # # -- Name of the Kubernetes secret containing the API key. The secret must be in the same namespace as the + # # release and should be created prior to installing the chart. + # name: whylabs-guardrails-api-key + # optional: true + # - secretRef: + # # -- Name of the Kubernetes secret containing the container password, the value used when executing requests + # # against the guardrails container. The secret must be in the same namespace as the release and should be + # # created prior to installing the chart. + # name: whylabs-guardrails-api-secret + # optional: true # -- Extra [volume mounts](https://kubernetes.io/docs/concepts/storage/volumes/) for the `guardrails` container. extraVolumeMounts: [] @@ -99,9 +84,9 @@ image: # -- Image pull policy for the `guardrails` container. pullPolicy: IfNotPresent # -- Image repository for the `guardrails` container. - repository: registry.gitlab.com/whylabs/langkit-container + repository: whylabs/whylogs # -- (string) Image tag for the `guardrails` container, this will default to `.Chart.AppVersion` if not set. - tag: "2.2.2" + tag: "3.0.0" imagePullSecrets: [] # -- Image pull secrets for the `guardrails` container. If `name` is set to `""`, then the default value of @@ -112,15 +97,15 @@ imagePullSecrets: [] # `guardrails` container. ingress: enabled: false - className: "" - annotations: {} - # kubernetes.io/ingress.class: nginx kubernetes.io/tls-acme: "true" - hosts: - - host: chart-example.local - paths: - - path: / - pathType: ImplementationSpecific - tls: [] + # className: "" + # annotations: {} + # # kubernetes.io/ingress.class: nginx kubernetes.io/tls-acme: "true" + # hosts: + # - host: chart-example.local + # paths: + # - path: / + # pathType: ImplementationSpecific + # tls: # - secretName: chart-example-tls hosts: # - chart-example.local