- Helm v3.16.3 or later
- Kubernetes cluster
- Valid W&B license
First download a license from https://deploy.wandb.ai and set it in your environment:
export LICENSE=XXXXXXX
For persistance you'll need an S3 compatible object store, be sure your container has AWS credentials (potentially use extraEnv) and specify the bucket and region with:
export BUCKET=s3://my-bucket
export BUCKET_REGION=us-east-1
Running a MySQL database in your k8s cluster is not recommended. This chart does not provide any way to backup the data or ensure the database can scale. You'll need to manually increase the resources requested for the database and the size of the volume as load increases. If possible you should use an external database service and set the following variables:
--set mysql.managed=false --set mysql.host=db.host --set mysql.user=wandb --set mysql.password=XXX --set mysql.database=wandb
You can create a database and grant the needed access with:
CREATE USER 'wandb'@'%' IDENTIFIED BY 'XXX';
CREATE DATABASE wandb CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;
GRANT ALL ON wandb.* TO 'wandb'@'%' WITH GRANT OPTION;
helm repo add wandb https://wandb.github.io/helm-charts
helm upgrade --namespace=wandb --create-namespace --install wandb wandb/wandb --version 0.3.7 --set license=$LICENSE --set bucket=$BUCKET --set bucketRegion=$BUCKET_REGION
Then provision your instance with:
git clone https://github.com/wandb/helm-charts.git
cd helm-charts
helm upgrade --namespace=wandb --create-namespace --install wandb ./charts/wandb --set license=$LICENSE --set bucket=$BUCKET --set bucketRegion=$BUCKET_REGION
Important Note: W&B strongly cautions against using a self-signed certificate, and suggest you obtain a certificate from a CA that works best with all network configurations, and doesn't need any extra work to setup.
To mount self-signed SSL certificates to your wandb deployment, follow these steps:
- Create a Kubernetes secret containing the SSL certificate and private key:
kubectl create secret tls wandb-tls --cert=path/to/tls.crt --key=path/to/tls.key -n wandb
Replace path/to/tls.crt
and path/to/tls.key
with the paths to your SSL certificate and private key files, respectively.
- Update your
values.yaml
file to configure the ingress to use the created secret for TLS:
ingress:
enabled: true
...
tls:
- secretName: wandb-tls
hosts:
- your-domain.com
Replace your-domain.com
with your desired domain name.
- Apply the changes by upgrading the Helm release:
helm upgrade --namespace=wandb wandb ./charts/wandb --set license=$LICENSE --set bucket=$BUCKET --set bucketRegion=$BUCKET_REGION
Now, your wandb deployment will use the mounted SSL certificate for securing communication over HTTPS.
To configure the wandb SDK to use the SSL certificates, follow these steps:
- Set the
REQUESTS_CA_BUNDLE
andSSL_CERT_FILE
environment variables to the path of the certificate file:
import os
os.environ['REQUESTS_CA_BUNDLE'] = '/path/to/cert.pem'
os.environ['SSL_CERT_FILE'] = '/path/to/cert.pem'
- Append your self-signed certificate to the default CA bundle to allow both self-signed and default certificates to be used:
cat /path/to/selfsigned.cer >> /path/to/cacert.pem
Now, the wandb SDK will be able to use the SSL certificates for HTTPS communication.
For information on upgrading the Helm module and wandb server version, please refer to the upgrade guide.