Cluster
/
k3s-configs
2
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity

Add mlflow

This commit is contained in:
Mathis 2023-12-11 22:46:18 +00:00
parent a6847fc784
commit 6e4aa70977
15 changed files with 352 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
apps/mlflow/kustomization.yaml Normal file
View File

@ -0,0 +1,34 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: mlflow
resources:
- namespace.yaml
- minio-pvc.yaml
- minio-deployment.yaml
- minio-service.yaml
- minio-ingress.yaml
- mlflow-deployment.yaml
- mlflow-ingress.yaml
- mlflow-service.yaml
generators:
- secret-generator.yaml
helmCharts:
- name: postgresql
releaseName: postgresql
version: 13.2.24
repo: oci://registry-1.docker.io/bitnamicharts
namespace: mlflow
valuesInline:
auth:
enablePostgresUser: false
existingSecret: postgres-secret
username: mlflow
database: mlflow_db
primary:
persistence:
enabled: true
storageClass: retain-local-path

28
apps/mlflow/minio-admin-secret.enc.yaml Normal file
View File

@ -0,0 +1,28 @@
apiVersion: v1
kind: Secret
metadata:
name: minio-admin-secret
namespace: mlflow
stringData:
MINIO_ROOT_USER: ENC[AES256_GCM,data:JxKzZPR6S0a/2XKoxDFOOg==,iv:CsCxYsB7DP2vRtkohcp7ysC54xGP2EdWCFwjWe/PjRA=,tag:F/2gFpm2GQ4P/EM8hFRZUw==,type:str]
MINIO_ROOT_PASSWORD: ENC[AES256_GCM,data:wxo/pZJ6IDGg+zZqspqJ2brLfx8=,iv:EoNk2k+F6BUEGik09hs65fo2RNGFYsUlzvNQoGeij1o=,tag:a47V7C8A0jVV3NCZk3JJmw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age14dgmts59tc2gv2xu9305auvu854n3pfl8vkheqzzqyrygyeequ0sjhl92v
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1QldsSWZWdkFWaDEySnJ3
ZnVBVXVRSlNhWmd5dGZqcktNQ2xlTnkvYzNzCkxvWVNFeTFCMWpmVG5qck1YRWVE
eXA4VFlaNmN3NFlGT29MY2g0aENQNE0KLS0tIFhCT3J2SzFEbkJXWFdySlJyM29V
Tm1UMlBJQTcyVjJtUm0zSzcwYXNtWkEKOKntF52e4vpT3cED78RVdDl5bStVDRYF
YuEuM1RVwnT5zEkTAQxG+77r18OfF6FZnJQNPHsrdhZn23CQV8yXlQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-12-11T21:14:05Z"
mac: ENC[AES256_GCM,data:iSiR7v0NzAAtuR097Sl+YtgXUDLxjVi7AcIYMyjcNmsoFN3y52M9TqP/JhC2jP+4g7RSuwJtHA7/LIokGuFS2zPrCBrg2ODUr+8Wiw4KFbvO7y1mLm6t1K5p6wrf/Yv8Hom0jeES0tVjOkQtEOTpxNk/xWHqlhhyqNw5bpvldYE=,iv:gkLQD/o/3YnZ77sGdpnlUJLk3mPiKLJyrydPzdscNJc=,tag:cW2DwDtcgCt0eepgrmL3yA==,type:str]
pgp: []
unencrypted_regex: ^(apiVersion|metadata|kind|type)$
version: 3.8.1

35
apps/mlflow/minio-deployment.yaml Normal file
View File

@ -0,0 +1,35 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: minio
namespace: mlflow
spec:
replicas: 1
selector:
matchLabels:
app: minio
template:
metadata:
labels:
app: minio
spec:
containers:
- name: minio
image: quay.io/minio/minio:RELEASE.2023-12-09T18-17-51Z
command:
- /bin/bash
- -c
args:
- minio server /data --console-address :9001
volumeMounts:
- mountPath: /data
name: minio-data
envFrom:
- secretRef:
name: minio-admin-secret
volumes:
- name: minio-data
persistentVolumeClaim:
claimName: minio-data

19
apps/mlflow/minio-ingress.yaml Executable file
View File

@ -0,0 +1,19 @@
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: minio-ingress
namespace: mlflow
spec:
entryPoints:
- websecure
routes:
- match: Host(`minio.namesny.com`)
kind: Rule
services:
- name: minio-svc
port: 9001
- match: Host(`s3.namesny.com`)
kind: Rule
services:
- name: minio-svc
port: 9000

12
apps/mlflow/minio-pvc.yaml Executable file
View File

@ -0,0 +1,12 @@
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: minio-data
namespace: mlflow
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
storageClassName: retain-local-path

18
apps/mlflow/minio-service.yaml Executable file
View File

@ -0,0 +1,18 @@
apiVersion: v1
kind: Service
metadata:
name: minio-svc
namespace: minio
spec:
selector:
app: minio
type: ClusterIP
ports:
- name: minio-api
protocol: TCP
port: 9000
targetPort: 9000
- name: minio-console
protocol: TCP
port: 9001
targetPort: 9001

28
apps/mlflow/minio-user-secret.enc.yaml Normal file
View File

@ -0,0 +1,28 @@
apiVersion: v1
kind: Secret
metadata:
name: minio-user-secret
namespace: mlflow
stringData:
AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:msIdjmwl3WHW70M8XfmcxA==,iv:XPKHyeg5LKTw520JESMMtihj0pssNw56n+hvGwZk6g0=,tag:2wODLJrtUHjnwbphUpS6ew==,type:str]
AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:mybhUMqDdy/P1eN7nFVPhxM+4PA=,iv:4e45iHScWtxlvFdt4qJnF/JcO0+ExHN27H2+k9d1zXo=,tag:iJKROqnRlulzrXpPZ1zedQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age14dgmts59tc2gv2xu9305auvu854n3pfl8vkheqzzqyrygyeequ0sjhl92v
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrdXRGdlNhRWhyQUk0ZGlw
YWt4QW5vdnI3M1dXYmdGbGVtQ2M3Q0RnREhJCm9oMUdmQzhXVDdNcTJpMGZoS3pn
SzRQVWZ5OUtZOUV3dDRDUHB4NWJpUUEKLS0tIDFnUWNGY3pLM1hCYlZ6U042R1Fs
Y2dhYUF5SDlEYUt3TFIwSm9ZLzdrcWMK+0YHn6O4ztkvvI4n3luTE42WEZXIpTMk
x5sTpPTrjC+aY1K/mOvYeeifl/OzF47xSIhkz/CHb3XzS9qu9L6t8Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-12-11T21:15:06Z"
mac: ENC[AES256_GCM,data:SgNbDhrGxOcmkv6GqZzz59sI8+r4or3sL/wD/5kfzPmU8KNo6y5g505R98KN86/Y7Qrmz7HRYNu4u6+qwUmxP4sRMQZGY+hL8J4nRmWHfhadiWqcLcGXBesbwyrsHqyMp18DnOZm4BHE1LX2JNEvr7e+3ey/CTpugUWwUyeTqp8=,iv:+vakqD9RvH7FX303JAkVo6+NCSnbMm35FU0OOvI+jYE=,tag:TWgy5pnEOBtmSGq1OOA9oQ==,type:str]
pgp: []
unencrypted_regex: ^(apiVersion|metadata|kind|type)$
version: 3.8.1

48
apps/mlflow/mlflow-deployment.yaml Normal file
View File

@ -0,0 +1,48 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: mlflow
namespace: mlflow
spec:
replicas: 1
selector:
matchLabels:
app: mlflow
template:
metadata:
labels:
app: mlflow
spec:
imagePullSecrets:
- name: gitea-regcred
initContainers:
- name: init-s3-bucket
image: minio/mc
command: ["/bin/sh", "-c"]
args:
- until mc alias set mlflow-minio http://minio-svc.mlflow.svc.cluster.local:9000 $MINIO_ROOT_USER $MINIO_ROOT_PASSWORD; do sleep 5; done;
mc admin user add mlflow-minio $AWS_ACCESS_KEY_ID $AWS_SECRET_ACCESS_KEY;
mc admin policy attach mlflow-minio readwrite --user $AWS_ACCESS_KEY_ID;
mc mb mlflow-minio/mlflow;
exit 0;
envFrom:
- secretRef:
name: minio-admin-secret
- secretRef:
name: minio-user-secret
containers:
- name: mlflow
image: git.namesny.com/cluster/mlflow:2.9.1
imagePullPolicy: Always
args:
- --host=0.0.0.0
- --port=5000
envFrom:
- secretRef:
name: mlflow-secret
- secretRef:
name: minio-user-secret
ports:
- name: http
containerPort: 5000
protocol: TCP

16
apps/mlflow/mlflow-ingress.yaml Executable file
View File

@ -0,0 +1,16 @@
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: mlflow-ingress
namespace: mlflow
spec:
entryPoints:
- websecure
routes:
- match: Host(`mlflow.namesny.com`)
kind: Rule
middlewares:
- name: "auth-authelia@kubernetescrd"
services:
- name: mlflow-svc
port: 5000

28
apps/mlflow/mlflow-secret.enc.yaml Normal file
View File

@ -0,0 +1,28 @@
apiVersion: v1
kind: Secret
metadata:
name: mlflow-secret
namespace: mlflow
stringData:
MLFLOW_BACKEND_STORE_URI: ENC[AES256_GCM,data:uYVz7MxGaqbq0Z7Jwr+cLIt+ofiseKPDf7/QEnwiQpgwoISSGbVgDNvayYwJjfBlyuIsCQhFEw8fnp1KEL61fwBui00wzp+5VguW5QiJXhE=,iv:C5Y6QJkKu84QJ4KvA/4mkDn8HqTCk/EUkLssiaJ4KFg=,tag:HuPVO/+W4nmZmc5xcscpmQ==,type:str]
MLFLOW_S3_ENDPOINT_URL: ENC[AES256_GCM,data:qJU+bWfWJ0fQcGBRibM4n4EFih8rKQ==,iv:UOdBuc8fWPpmvC8rjJrKxdHkovLHP1WRXEsQ5GZ4+XU=,tag:nzHEOB8pDdZuycGFFoSoIQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age14dgmts59tc2gv2xu9305auvu854n3pfl8vkheqzzqyrygyeequ0sjhl92v
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPcWx6a3Nhbzl4Zm1GRFI4
cW5takJaVlB0Y0lBek5QeVBYUTkwbDNLNEh3CnlEUzJKcHRVTGRNZ0lCRDZkKzV0
SE5wSFpjT0svK1I1TktldGtKQ2RwTXMKLS0tIDBxRFVHZW5sUFMxSnBoV2RhMy9t
NjA5TFhhQ0JPOXhwU2ZLSk9icGhYT0EKPO8HiQkIDmokLcMkgUkgQ6NSbTRNcx1E
cOhss9NCdaQIe729Op4uAfYzTxxST7yfGvamwfHI/PRoH4uhMJIzhw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-12-11T22:04:56Z"
mac: ENC[AES256_GCM,data:Mz8fBrcUREHDVGCn6LK3kBXDSk/RaVJwnWS6vZtcGAjWUtk0OnKw9BbchRixRXNcQigf/HR5xAk/E8e+T4hbc42n468d6DSq0g1Iat5BojZDU8RV1Duec1Uc6LjxsD6ii+xwA09oEs+UnXvnulxWTsnh5GtYBYOi+OqXBPtCtTA=,iv:D1WSU0sCbaA/CLSFPyA6yG1kwXInlepgtup0KdRdTd4=,tag:2RFm5tNymwQy0s+MFxUmkA==,type:str]
pgp: []
unencrypted_regex: ^(apiVersion|metadata|kind|type)$
version: 3.8.1

13
apps/mlflow/mlflow-service.yaml Executable file
View File

@ -0,0 +1,13 @@
apiVersion: v1
kind: Service
metadata:
name: mlflow-svc
namespace: mlflow
spec:
selector:
app: mlflow
type: ClusterIP
ports:
- protocol: TCP
port: 5000
targetPort: 5000

4
apps/mlflow/namespace.yaml Executable file
View File

@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: mlflow

27
apps/mlflow/postgres-secret.enc.yaml Normal file
View File

@ -0,0 +1,27 @@
apiVersion: v1
kind: Secret
metadata:
name: postgres-secret
namespace: mlflow
stringData:
password: ENC[AES256_GCM,data:G74Y+VhZJLx1,iv:JBHIRIJCT9gcKjVxopEV+CFEGsrnqzKUZ3i2b112SO8=,tag:E3Q+bYwF8Dk8/+yFr5N3cQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age14dgmts59tc2gv2xu9305auvu854n3pfl8vkheqzzqyrygyeequ0sjhl92v
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVVWJjTFJZMTFTdmJwWmMv
YnNRdDBwcm9ReUo1dXZYZTRST2czMExIYzBFCkJJOEFZOTZrWDRQSGtYNjRNaW5H
Zk5zak5SNmpGMWphVU4yL1lqZnpGaDQKLS0tIGRwdFJZSW1CNEJIVVpVYUtaTE80
THgxQkFKWWlVekppMkpJL2RPMFRVVkUKZFB3iLeIIF3sxyNbpynq1C0M8SuMHQrO
t1TyRC8dUL3m5Umijwm42en+aZIGGY8P6TyDvsU+6L3n5MhVutAGmw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-12-11T21:16:20Z"
mac: ENC[AES256_GCM,data:hDNBBV/iTJHow8lzOYCMhuoQFQhMTxedHqmYQ/jf8eFBvPnsxfPv9wwafCjos0uKXPSMo9vrsfTs3A2QI3L9pGnzMDWk1VPxLwjbZ6M+GD+Winn5qwFpGt0w0uJBO3btL1AZPdYlNWnQljXFMvfk0r+MmeTV8W7iwK7LSfQ26Sg=,iv:s2WcEcxW72cdCHgoKXprBqKHx+IZicDFgtTCVvVt/0c=,tag:JxrTN05ZIMzZ2NzvkPkzNw==,type:str]
pgp: []
unencrypted_regex: ^(apiVersion|metadata|kind|type)$
version: 3.8.1

28
apps/mlflow/registry-secret.enc.yaml Normal file
View File

@ -0,0 +1,28 @@
apiVersion: v1
data:
.dockerconfigjson: ENC[AES256_GCM,data:81lEiqTzN770axbtzxlTXjacUAcW1cmyp39vyhQ6LIyyu0/35pti53AFjYhge437GuM4hiB2JBPcbgIhrVXOcqFSt66L+eg4B2o3B2Ahv29sZVoDEws7f1x6A+q4/npjMOt+FHSVWoI4tE2XTTkQSKC8YHIGn9F5fEbimp1ttwp3TqudArixxWh0GKrchiS9V0GH/t+2zEbUUHHw39BvFUJnnOc72np4U4G44BOo3wENS4u6zXmMBtXECQY2vkKy3uOipqChgUDENPq8JomIOrU0N2qxzXWArveVmbESj2dg3zJBbYwGNoJQzmEFzj0kkH/kpRTFOpMtofwhwRpMYm7AgeMWuJ9m2RxnO7rIK/8OcbkB,iv:kN9ZlSchoBKSn6XtYQ6s5JzD4Ojo1QRVJwNFSD0a0jE=,tag:NaTiRAY3QBYwH1luRJHS9Q==,type:str]
kind: Secret
metadata:
name: gitea-regcred
namespace: mlflow
type: kubernetes.io/dockerconfigjson
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age14dgmts59tc2gv2xu9305auvu854n3pfl8vkheqzzqyrygyeequ0sjhl92v
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkZG1sWnZXcnZXTE51alNG
SHBBRVhNSjRnb1A4K0JTeFRDeTFzYzhPTUNnCmhycUNtMVJUdjJqV2o5RGo2bXc3
eXdhOVdkN0VadVNMekhQZkNJalU5ZUEKLS0tIFAzZW5MS0VzV2ZpNG5wQWNtY2Zs
OENCcGxSVTloZ2laOC8wZWlxRkhGOVUKl/98ZX2imzvlJwMNs7xQoImq1yMCaSOS
XazndINml8T3giDCThFgW3cl2UwgV0VdL7HGKWg8YNzpkoPzu/yFag==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-12-11T21:37:17Z"
mac: ENC[AES256_GCM,data:LAjODj2bwCBP/PvRHqY7lK8DepVG8Ok1CvulPZBoIefIDm7itxK3xyz3BKztPF0femiv8V3P2QzOb3zgPj4SXUSli9KpV/GCm1MbwO1o7m/HC78dHCdNiJEpIosSXBgb5laJBZhfuilJwxCc4KTA69jLbw25lLAIfUiHL6hMIjs=,iv:7mJvniuUuugfCB5J9fcHmhixjyJGPrEDYRl3VpHBBJA=,tag:5rAjl7nUwioABABmOnACKg==,type:str]
pgp: []
unencrypted_regex: ^(apiVersion|metadata|kind|type)$
version: 3.8.1

14
apps/mlflow/secret-generator.yaml Normal file
View File

@ -0,0 +1,14 @@
apiVersion: viaduct.ai/v1
kind: ksops
metadata:
name: mlflow-secret-generator
annotations:
config.kubernetes.io/function: |
exec:
path: ksops
files:
- ./mlflow-secret.enc.yaml
- ./minio-admin-secret.enc.yaml
- ./minio-user-secret.enc.yaml
- ./postgres-secret.enc.yaml
- ./registry-secret.enc.yaml