Wallaroo Helm Reference Details
post_delete_hook
This hook runs when you do helm uninstall unless …
- you give –no-hooks to helm
- you set the enable flag to False at INSTALL time.
kubernetes_distribution: "" # Required. Must be one of
Several distribution–or cloud provider–specific decisions are made around storage classes,
LoadBalancer (LB) types, etc. Its value must be one of: aks, eks, gke, oke, ibm, or kurl. If your
distribution is not in this list, the product needs to be ported and validated for that distribution.
imageRegistry
Registry and Tag portion of Wallaroo images. Third party images are not included. Tag is
computed at runtime and overridden. In online Helm installs, these should not be touched; in
airgap Helm installs imageRegistry must be overridden to local registry.
generate_secrets
If true, generate random secrets for several services at install time.
If false, use the generic defaults listed here, which can also be overridden by caller.
assays
This is a (currently) Dashboard-specific feature flag to control the display of Assays.
custTlsSecretName
To provide TLS certificates, (1) set deploymentStage to “cust”, then (2) provide EITHER the
name of an existing Kubernetes TLS secret in custTlsSecret OR provide base64 encoded secrets
in custTlsCert and custTlsKey.
wallarooDomain: "" # Required.
Wallaroo domain name. Must match the following requirements:
The domain name must match the Subject CN in the TLS certificate.
A DNS ‘A’ or ‘CNAME’ record referring to this name.
wallarooSecretName
In online Helm installs, an image pull secret is created and this is its name. The secret allows
the Kubernetes node to pull images from proxy.replicated.com. In airgap Helm installs, a local
Secret of type docker-registry must be created and this value set to its name.
privateModelRegistry
If the customer has specified a private model container registry, the enable flag will reflect
and the secret will be populated. registry, username, and password are mandatory. email
is optional. registry is of the form “hostname:port”. See the Wallaroo Private Model Registry
Guide for registry specific details.
ociRegistry
In order to support edge deployments, a customer-supplied OCI registry is required. The enable
flag turns on the feature, which causes the secret to be populated. registry, repository,username, and password are mandatory. email is optional. registry is of the form
“hostname:port”. Important: some cloud OCI registries require creation of the repository before
it can be published to. See the Wallaroo Private Model Registry Guide for registry specific
details.
apilb
Main ingress LB for Wallaroo services.
The Kubernetes Ingress object is not used, instead we deploy a single Envoy load balancer with a
single IP in all cases, which performs: TLS termination, authentication (JWT) checking, and path
based application routing. The main configuration item is ingress_mode, that controls which
Kubernetes service type will be created; it must be one of the following:
| ingress_mode | ServiceType | Details |
|---|---|---|
| none | ClusterIP | Port forwarding or VPN will be required to reach Wallaroo serivce |
| internal | LoadBalancer | Hosting cloud will allocate an internal load balancer without Internet routing. This is the default. Cloud-specific annotations are added to communicate type and scope to the Host. |
| external | LoadBalancer | Host will allocate an external, Internet facing IP and load balancer. |
| embedded | NodePort | Used for direct connection to host. This option is for embedded installs on bare metal or VM Linux. |
If necessary, ingress_mode may be set to "" and serviceType and annotations may be provided as
overrides for explicit management.
jupyter
If enabled, Jupyter Hub is deployed. This is deployed using helm hooks after the main chart is
rendered. If an upgrade is applied where hub is transitioned from enabled to disabled, any PVCs
will not be removed but they will be inaccessible.
keycloak
Wallaroo can connect to a variety of identity providers, broker OpenID Connect authentication
requests, and then limit access to endpoints. This section configures a https://www.keycloak.org
installation. If a provider is specified here, Keycloak will configure itself to use that on
install. If no providers are specified here, the administrator must login to the Keycloak
service as the administrative user and either add users by hand or create an auth provider. In
general, a client must be created upstream and a URL, client ID, and secret (token) for that
client is entered here.
postgres
The Postges database stores metadata relating to models, pipelines, orchestrations, assays, etc.
dbcleaner
Manage retention for fluentbit table. This contains log message outputs from orchestration tasks.
prometheus
Prometheus Metrics. Data will be retained until either retention size or retention time is
exceeded, whichever comes first. It’s a little difficult to predict which, because pipelines are
transient and the rate they generate metrics is variable. Scrape interval is fixed at 5s.
plateau
Plateau is a low-profile fixed-footprint log processor / event store for fast storage of
inference results. The amount of disk space provisioned is adjustable. Smaller than “100Gi” is
not recommended for performance reasons.
wsProxy
This controls the wsProxy, and should only be enabled if nats (ArbEx) is also enabled.
wsProxy is required for the Dashboard to subscribe to events and show notifications.
arbEx
Arbitrary Execution
orchestration
Pipeline orchestration is general task execution service that allows users to upload arbitrary
code and have it executed on their behalf by the system. nats and arbex must be enabled.
pipelines
Pipelines is service that supports packaging and publishing pipelines suitable for edge deployments.
It requires ociRegistry to be configured.
wallsvc
Wallsvc runs arbex, models, pipelines and orchestration.