Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion charts/tensorleap/Chart.yaml
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
apiVersion: v2
name: tensorleap
type: application
version: 1.6.34
version: 1.6.35
dependencies:
- name: ingress-nginx
version: 4.10.0
Expand Down
2 changes: 1 addition & 1 deletion charts/tensorleap/charts/engine/Chart.yaml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
apiVersion: v2
name: tensorleap-engine
type: application
version: 1.0.614
version: 1.0.615
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,24 @@ data:
value: /shared/logs
- name: IS_K3D
value: "true"
{{- if .Values.http_proxy }}
- name: HTTP_PROXY
value: {{ .Values.http_proxy | quote }}
- name: http_proxy
value: {{ .Values.http_proxy | quote }}
{{- end }}
{{- if .Values.https_proxy }}
- name: HTTPS_PROXY
value: {{ .Values.https_proxy | quote }}
- name: https_proxy
value: {{ .Values.https_proxy | quote }}
{{- end }}
{{- if .Values.no_proxy }}
- name: NO_PROXY
value: {{ .Values.no_proxy | quote }}
- name: no_proxy
value: {{ .Values.no_proxy | quote }}
{{- end }}
volumeMounts:
- name: shared-logs
mountPath: /shared/logs
Expand Down
6 changes: 6 additions & 0 deletions charts/tensorleap/charts/engine/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,12 @@ target_repo: tensorleap-registry:5000
generic_calculator_image: "public.ecr.aws/tensorleap/engine-generic"
generic_py_ver: py38 #select from: py38, py39, py310

# Outbound proxy for engine PUSH jobs (the pippin image-dependencies-builder dind).
# Set by the installer from its own HTTP(S)_PROXY/NO_PROXY env; empty = no proxy.
http_proxy: ""
https_proxy: ""
no_proxy: ""

localDataDirectories: []
gpu: false
gpuTolerations: []
Expand Down
4 changes: 4 additions & 0 deletions pkg/helm/utils.go
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@ type ServerHelmValuesParams struct {
Tls TLSParams `json:"tls"`
HostName string `json:"hostname"`
DatadogEnv map[string]string `json:"datadogEnv"`
ProxyEnv map[string]string `json:"proxyEnv"`
KeycloakEnabled bool `json:"keycloakEnabled"`
DisableAuth bool `json:"disableAuth"`
InstalledServerVersion string `json:"installedServerVersion"`
Expand Down Expand Up @@ -255,6 +256,9 @@ func CreateTensorleapChartValues(params *ServerHelmValuesParams) (Record, error)
"tensorleap-engine": Record{
"gpu": params.Gpu,
"localDataDirectories": params.LocalDataDirectories,
"http_proxy": params.ProxyEnv["http_proxy"],
"https_proxy": params.ProxyEnv["https_proxy"],
"no_proxy": params.ProxyEnv["no_proxy"],
},
"tensorleap-node-server": Record{
"enableKeycloak": params.KeycloakEnabled,
Expand Down
3 changes: 3 additions & 0 deletions pkg/helm/utils_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,9 @@ func TestCreateTensorleapChartValues(t *testing.T) {
"tensorleap-engine": Record{
"gpu": params.Gpu,
"localDataDirectories": params.LocalDataDirectories,
"http_proxy": "",
"https_proxy": "",
"no_proxy": "",
},
"tensorleap-node-server": Record{
"enableKeycloak": params.KeycloakEnabled,
Expand Down
45 changes: 45 additions & 0 deletions pkg/server/installation_params.go
Original file line number Diff line number Diff line change
Expand Up @@ -838,6 +838,8 @@ func (params *InstallationParams) GetServerHelmValuesParams(versionTag string) *

datadogEnvs := params.GetDatadogEnvs()

proxyEnvs := params.GetEngineProxyEnv()

localBucketPath := path.Join(local.GetServerDataDir(), local.STORAGE_DIR_NAME, "minio", "session")

return &helm.ServerHelmValuesParams{
Expand All @@ -850,6 +852,7 @@ func (params *InstallationParams) GetServerHelmValuesParams(versionTag string) *
ProxyUrl: params.ProxyUrl,
Tls: *tlsParams,
DatadogEnv: datadogEnvs,
ProxyEnv: proxyEnvs,
KeycloakEnabled: !params.DisabledAuth,
DisableAuth: params.DisabledAuth,
InstalledServerVersion: versionTag,
Expand All @@ -876,6 +879,48 @@ func (params *InstallationParams) GetDatadogEnvs() map[string]string {
return data
}

// engineJobNoProxyEntries are appended to the user's NO_PROXY so that engine PUSH
// jobs reach in-cluster services (Zot registry, MinIO, k8s API/DNS) directly
// instead of routing them through the corporate proxy.
var engineJobNoProxyEntries = []string{
"tensorleap-registry",
"tensorleap-minio",
"localhost",
"127.0.0.1",
".svc",
".svc.cluster.local",
".cluster.local",
"10.42.0.0/16",
"10.43.0.0/16",
}

// GetEngineProxyEnv returns the outbound-proxy env to inject into engine PUSH jobs
// (notably the pippin image-dependencies-builder dind, which runs its own daemon and
// does not inherit the node's containerd proxy/mirror config). Values are captured
// from the installer's own environment; returns nil when no proxy is configured.
func (params *InstallationParams) GetEngineProxyEnv() map[string]string {
httpProxy := lookupFirstEnv("HTTP_PROXY", "http_proxy")
httpsProxy := lookupFirstEnv("HTTPS_PROXY", "https_proxy")
if httpProxy == "" && httpsProxy == "" {
return nil
}
noProxy := lookupFirstEnv("NO_PROXY", "no_proxy")
return map[string]string{
"http_proxy": httpProxy,
"https_proxy": httpsProxy,
"no_proxy": k3d.AddToNoProxy(noProxy, engineJobNoProxyEntries),
}
}

func lookupFirstEnv(keys ...string) string {
for _, key := range keys {
if value, ok := os.LookupEnv(key); ok && value != "" {
return value
}
}
return ""
}

func (params *InstallationParams) GetInfraHelmValuesParams(syncRegistries []helm.ZotSyncRegistry, registryImage string) *helm.InfraHelmValuesParams {

nvidiaGpuVisibleDevices := ""
Expand Down
31 changes: 31 additions & 0 deletions pkg/server/installation_params_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -91,3 +91,34 @@ func TestGetServerHelmValuesParams(t *testing.T) {
assert.False(t, helmParams.KeycloakEnabled, "Keycloak should be disabled when DisabledAuth is true")
})
}

func TestGetEngineProxyEnv(t *testing.T) {
params := &InstallationParams{}

t.Run("returns nil when no proxy is set", func(t *testing.T) {
t.Setenv("HTTP_PROXY", "")
t.Setenv("http_proxy", "")
t.Setenv("HTTPS_PROXY", "")
t.Setenv("https_proxy", "")
assert.Nil(t, params.GetEngineProxyEnv())
})

t.Run("captures proxy and augments no_proxy with in-cluster entries", func(t *testing.T) {
t.Setenv("HTTPS_PROXY", "http://proxy:3128")
t.Setenv("NO_PROXY", ".renault.fr")

env := params.GetEngineProxyEnv()
assert.Equal(t, "http://proxy:3128", env["https_proxy"])
assert.Contains(t, env["no_proxy"], ".renault.fr")
assert.Contains(t, env["no_proxy"], "tensorleap-registry")
assert.Contains(t, env["no_proxy"], "tensorleap-minio")
assert.Contains(t, env["no_proxy"], "10.43.0.0/16")
})

t.Run("prefers uppercase but falls back to lowercase", func(t *testing.T) {
t.Setenv("HTTP_PROXY", "")
t.Setenv("http_proxy", "http://lower:3128")
env := params.GetEngineProxyEnv()
assert.Equal(t, "http://lower:3128", env["http_proxy"])
})
}
Loading