# k8s/mlops/mlflow/secret-pg.yaml apiVersion: v1 kind: Secret metadata: { name: mlflow-pg, namespace: ml } type: Opaque stringData: { POSTGRES_PASSWORD: "pa$$word" } --- # k8s/mlops/mlflow/secret-minio.yaml apiVersion: v1 kind: Secret metadata: { name: mlflow-minio, namespace: ml } type: Opaque stringData: accesskey: "minioadmin" secretkey: "minioadmin" --- # k8s/mlops/mlflow/deploy.yaml apiVersion: apps/v1 kind: Deployment metadata: { name: mlflow, namespace: ml } spec: replicas: 1 selector: { matchLabels: { app: mlflow } } template: metadata: { labels: { app: mlflow } } spec: containers: - name: mlflow # image: ghcr.io/mlflow/mlflow:v3.6.0 image: axxs/mlflow-pg env: - { name: MLFLOW_BACKEND_STORE_URI, value: "postgresql://admin:admin@postgres.db.svc.cluster.local:5432/mlflow" } - { name: POSTGRES_PASSWORD, valueFrom: { secretKeyRef: { name: mlflow-pg, key: POSTGRES_PASSWORD } } } - { name: MLFLOW_S3_ENDPOINT_URL, value: "https://minio.betelgeusebytes.io" } - { name: AWS_ACCESS_KEY_ID, valueFrom: { secretKeyRef: { name: mlflow-minio, key: accesskey } } } - { name: AWS_SECRET_ACCESS_KEY, valueFrom: { secretKeyRef: { name: mlflow-minio, key: secretkey } } } args: ["mlflow","server","--host","0.0.0.0","--port","5000","--artifacts-destination","s3://mlflow", "--allowed-hosts", "*.betelgeusebytes.io"] ports: [{ containerPort: 5000 }] --- apiVersion: v1 kind: Service metadata: { name: mlflow, namespace: ml } spec: { selector: { app: mlflow }, ports: [ { port: 80, targetPort: 5000 } ] } --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: mlflow namespace: ml annotations: { cert-manager.io/cluster-issuer: letsencrypt-prod } spec: ingressClassName: nginx tls: [{ hosts: ["mlflow.betelgeusebytes.io"], secretName: mlflow-tls }] rules: - host: mlflow.betelgeusebytes.io http: paths: - path: / pathType: Prefix backend: { service: { name: mlflow, port: { number: 80 } } }