iterative / helm-charts Goto Github PK
View Code? Open in Web Editor NEW๐ฆ Iterative Helm charts ๐ณ
Home Page: https://helm.iterative.ai/
License: Apache License 2.0
๐ฆ Iterative Helm charts ๐ณ
Home Page: https://helm.iterative.ai/
License: Apache License 2.0
The Studio Helm chart does not offer any way to include a custom root CA certificate. We want to support this scenario similarly to the way we do it in the dockerized version of Studio, albeit in a more user-friendly way.
This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
These updates have been manually edited so Renovate will no longer make changes. To discard all commits and start over, click on a checkbox.
These are blocked by an existing closed PR and will not be recreated unless you click a checkbox below.
.github/workflows/helm-docs.yaml
tibdex/github-app-token b62528385c34dbc9f38e5f4225ac829252d1ea92
actions/checkout v4
stefanzweifel/git-auto-commit-action v5
.github/workflows/helm-lint-and-install.yaml
actions/checkout v4
azure/setup-helm v4
actions/setup-python v5
helm/chart-testing-action v2.6.1
helm/kind-action v1.10.0
actions/checkout v4
azure/setup-helm v4
.github/workflows/helm.yaml
actions/checkout v4
dorny/paths-filter v3.0.2
actions/checkout v4
azure/setup-helm v4
helm/chart-releaser-action v1.6.0
.github/workflows/leaked_secrets_scan.yaml
actions/checkout v4
.github/workflows/studio_release.yml
actions/checkout v4
iterative/setup-cml v1
charts/studio/values.yaml
docker.io/bitnami/pgbouncer 1.22.1
nginx 1.25.1-alpine
charts/studio/Chart.yaml
redis 17.14.3
postgresql 11.9.13
Please provide a way to securely configure Redis connection using a secret and SSL.
Use case is for using external Redis cache service instead of in-cluster. The service, by policy, has non-SSL port 6379 disabled. The service only accepts connections on port 6380 and is secured by a secret (access key / password).
Customer specific features are controlled through environment variables / flags. Need to extend Helm chart providing a way to inject customer specific environment variables through values.yaml / override file.
For instance:
extra_vars:
- name: CUSTOMER_SPEC_VAR_1
value: customer-variable-value-1
- name: CUSTOMER_SPEC_VAR_2
value: customer-variable-value-2
These can then be added to various studio components as needed.
We should probably set .Values.ray.enabled
to true
when running the chart-testing
workflow and make sure it works.
For convenience, including an autogenerated self-signed TLS certificate would be nice so that HTTPS will work even when the user did not configure it explicitly.
We should create a Helm repository hosted on GitHub Pages so that users can do everything via the helm
command and won't need to clone this Git repository.
Currently it's an undocumented environment variable:
values.yaml
global:
envVars:
SELF_HOSTED_LICENSE_KEY: ...
Let's consider documenting it as part of the values structure, and storing the value in a Kubernetes secret:
values.yaml
global:
license: ...
Similarly, we should explore the option of unifying this setting and the container image pull secret, because in practice they're already the same.
We should have a changelog for our Helm charts so that users can read about breaking changes and adjust their values.yml
accordingly.
Opt-in value to fill in MIXPANEL_PROJECT_TOKEN
env var and send it to frontend pod.
We should keep this opt-in - it's both an unexpected behavior, and also will most likely not be wanted or possible for most self-hosted installations (no internet access).
This is not considered secret, but can arguably be in the secret and not configmap ๐คท
As most data stored on the blobvault is supposed to be static data, ideal backend for blobvault should be an object/blob store. Add provision in the helm chart to provision an object store based Persistent Volume to be used by the studio backend component.
Currently, enabling read-only mode in the security context for the UI pod causes it to crash.
This is because the UI uses server-side rendering and must write compiled files to the local filesystem. We should mount the directory for the compiled files as a volume to fix this.
The lint-test
workflow may break unexpectedly when the pull request branch contains new values
not present in the main
branch. As per #123 (comment), we can wrap every level with parenteses to avoid the error, but values will still be null.
Should be SELF_HOSTED_USER_LIMIT
(currently using old on-prem terminology)
Need to add to values + configmap and pass to backend
In the env_file.tpl there is a range loop:
helm-charts/charts/studio/values.yaml
Line 182 in 10ef5e4
- name: API_URL
value: https://api1/api
value: https://api2/api
The expected value here is a single endpoint.
Studio UI being a node component, needs an extra variable to pass the CA certificate file path. Need to extend the chart to accommodate cert injection and variable configuration.
A possible solution could be:
NODE_EXTRA_CA_CERTS
environment variable to UI component with value set as path/to/certificate-file
Please extend the helm chart to provide a way for hosting studio with path based routing. For instance, serve studio and its sub-components on /studio
path instead of default /
.
Like we do for SECRET_KEY
, we should also autogenerate Minio and Postgres passwords unless provided in values.yaml
helm-charts/charts/studio/templates/secrets.yaml
Lines 43 to 51 in c828a33
We'd like to include information in all git commit messages about the type of change. To achieve this, we can implement Conventional Commits or use prefixes like bug:
, docs:
, feat:
, etc.
Lastly, we must ensure that all contributor's commit messages conform to this standard via some safeguards like pre-commit or a CI job.
In #82 we introduced the local baking store to fix issues with Minio (missing path based routing). Delivering the change we started deploying nginx
container, which was mounting the PVC volume blobvault
attached to worker
pod.
C4Dynamic
ContainerDb(c1, "blobvault", "PVC")
Container_Boundary(B, "Worker") {
Container(c2, "Worker Pod")
}
Container_Boundary(c, "Nginx Pod",) {
Container(c3, "Nginx")
}
Rel(c2, c1, "")
Rel(c1, c3, "")
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.