Please work man

Author: bhardwaj-gopika

.github/workflows/main.yml

@@ -19,10 +19,10 @@ jobs:
         run: echo "${{ secrets.GITHUB_TOKEN}}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
 
       - name: Build Docker image 
-        run: docker build -t custom-mlflow:0.6 .
+        run: docker build -t custom-mlflow:0.7 .
 
       - name: Tag Docker image
-        run: docker tag custom-mlflow:0.6 ghcr.io/slaclab/mlflow-latest/custom-mlflow:0.6 
+        run: docker tag custom-mlflow:0.7 ghcr.io/slaclab/mlflow-latest/custom-mlflow:0.7
 
       - name: Push Docker image
-        run: docker push ghcr.io/slaclab/mlflow-latest/custom-mlflow:0.6    
+        run: docker push ghcr.io/slaclab/mlflow-latest/custom-mlflow:0.7    

README.md

@@ -1 +1,12 @@
-# mlflow-latest
+# MLFLOW
+
+MLflow is an open-source platform to manage the complete ML lifecycle. 
+
+## Deployment
+The [NCSA](https://github.com/ncsa/charts/tree/main/charts/mlflow) helm chart is used for this deployment. 
+
+```bash
+helm upgrade  mlflow ncsa/mlflow --values values.yaml -n mlflow
+```
+
+Don't forget to update the image version in Dockerfile and Helm charts.

helm-chart/mlflow/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

helm-chart/mlflow/Chart.lock

@@ -0,0 +1,9 @@
+dependencies:
+- name: postgresql
+  repository: https://charts.bitnami.com/bitnami
+  version: 11.9.13
+- name: minio
+  repository: https://charts.bitnami.com/bitnami
+  version: 11.10.26
+digest: sha256:510d2733eeefedce7d3f6da9bec18934e91a7db4387dae104c625d3b60981002
+generated: "2023-02-25T16:11:02.948482-06:00"

helm-chart/mlflow/Chart.yaml

@@ -0,0 +1,46 @@
+apiVersion: v2
+name: mlflow
+icon: https://mlflow.org/images/MLflow-logo-final-white-TM.png
+home: https://mlflow.org/
+description: An open source platform for the machine learning lifecycle
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 1.2.1
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+appVersion: 2.2.1
+
+# List of people that maintain this helm chart.
+maintainers:
+  - name: Rob Kooper
+    email: [email protected]
+  - name: Ben Galewsky
+    email: [email protected]
+
+# location of source code
+sources:
+  - https://github.com/mlflow/mlflow
+
+# dependencies for the helm chart, use helm dep install to the install them.
+dependencies:
+  - name: postgresql
+    version: ~11
+    repository: https://charts.bitnami.com/bitnami
+    condition: services.postgres.enabled
+  - name: minio
+    version: ~11
+    repository: https://charts.bitnami.com/bitnami
+    condition: services.minio.enabled
+
+# annotations for artifact.io
+annotations:
+  artifacthub.io/links: |
+    - name: Helm Chart
+      url: https://github.com/ncsa/charts
+  artifacthub.io/changes: |
+    - Fix deployment to listen on 0.0.0.0 interface

helm-chart/mlflow/README.MD

@@ -0,0 +1,42 @@
+# MLflow deployment in vlcuster
+## Installation
+Install krew - https://krew.sigs.k8s.io/docs/user-guide/setup/install/
+Search for MinIO plugin -
+```
+kubectl krew search
+kubectl krew install minio
+kubectl krew info minio
+ ~/.krew/bin/kubectl-minio init
+kubectl minio tenant create mlflow-minio --interactive
+kubectl create secret generic minio-credentials --from-literal=user=<username>--from-literal=key=<password> -n mlflow
+```
+
+Next, Create mlflow bucket in minio and reference the secret and minio hl url in values.yaml for s3. 
+
+```
+MLFlow:
+  artifacts:
+    bucketName: mlflow
+.
+.
+.
+
+s3:
+  url: http://mlflow-minio-hl.mlflow.svc.cluster.local:9000
+  # Secret with values for 'user' and 'key'
+  secret: minio-credentials
+```
+
+Finally, install mlflow with custom values.yaml.
+```
+helm install mlflow ncsa/mlflow --values values.yaml -n mlflow
+```
+This is using [NCSA](https://github.com/ncsa/charts/tree/main) mlflow chart.
+```
+helm repo add ncsa https://opensource.ncsa.illinois.edu/charts/
+helm repo add bitnami https://charts.bitnami.com/bitnami
+helm dep update #to get the minio and postgresql charts referenced in the Chart.yaml
+```
+
+### Future Task
+Get minio ingress running

helm-chart/mlflow/README.MD-ncsa

@@ -0,0 +1,50 @@
+# MLFlow Helm Chart
+This chart deploys a complete MLFlow instance along with a postgres database
+and minio object store. It can optionally use OAuth2-Proxy to secure access to
+the tracking server for both web browsers and the MLFlow API.
+
+The deployed service will proxy artifact server requests to the object store
+back end so you don't need to distribute AWS_ACCESS_KEYs to users.
+
+## Notes on Authentication
+This chart has been tested out using a [Keycloak](https://www.keycloak.org) as
+the backend identity and access management service. It turns out that teaching 
+OAuth2-proxy to accept JWTs from many common providers is problematic. We 
+settled on Keycloak as the best way to offer the features we want.
+
+It is possible to use Keycloak with a 
+[Device Flow](https://www.rfc-editor.org/rfc/rfc8628) to make it eash to get a 
+valid token from the command line. We developed a 
+[tool](https://pypi.org/project/mlflow-token/) to support this. It assumes that
+the MLflow instance in the user's `MLFLOW_TRACKING_URI` points to a deployment
+made with this chart. It uses an oauth2 endpoint to find the URL of the
+Keycloak realm and starts a device flow against that realm.
+
+### OAuth2-Proxy Secret
+In order for the device flow to work, the OAuth client must be public and not
+require a secret. If you have a deployment that depends on a OAuth secret then
+you can create a kubernetes secret in the namespace. This secret must have the
+following two properties:
+- cookie_secret 
+- client_secret
+
+These values will be read and passed on to the OAuth2-Proxy as environment
+variables.
+
+
+## Configurable Values
+Here are some of the useful settings in `values.yaml` - there are many other
+settings which are typical of most helm charts.
+
+| Value                       | Description                                                                        | Default Value |
+|-----------------------------|------------------------------------------------------------------------------------|---------------|
+| MLFlow.artifacts.bucketName | The bucket where the artifacts will be stored                                      |               |
+| services.postgres.enabled   | Deploy a postgres subchart with this chart?                                        | true          |
+| services.minio.enabled      | Deploy a minio subchart with this chart?                                           | true          |
+| oauth2Proxy.enabled         | Protect the tracking server with an OAuth2 Proxy?                                  | true          |
+| oauth2Proxy.secret          | Kubernetes secret holding values to configure the proxy                            |               |
+| oauth2Proxy.clientID        | Client ID string for the value in your OAuth2 client.                              |               |
+| oauth2Proxy.provider        | A valid  setting for OAuth2-Proxy                                                  | keycloak-oidc |
+| oauth2Proxy.emailDomains    | List of domain names for users that will be automatically accepted                 | *             |
+| oauth2Proxy.allowedGroups   | YAML List of groups that will be accepted (best to set oidc_groups_claim with this |               |
+