From 9b7a65c49310b25217ee0da8b64fd2966b47dbb8 Mon Sep 17 00:00:00 2001 From: Mike Hotan Date: Wed, 28 Aug 2024 15:30:49 -0400 Subject: [PATCH] Make adminOauthClientCredentials secretName configurable Signed-off-by: Mike Hotan --- charts/flyte-core/README.md | 1 + .../flyte-core/templates/clusterresourcesync/deployment.yaml | 2 +- charts/flyte-core/templates/common/secret-auth.yaml | 2 +- charts/flyte-core/templates/propeller/deployment.yaml | 2 +- charts/flyte-core/values.yaml | 1 + docker/sandbox-bundled/manifests/complete-agent.yaml | 4 ++-- docker/sandbox-bundled/manifests/complete.yaml | 4 ++-- docker/sandbox-bundled/manifests/dev.yaml | 4 ++-- 8 files changed, 11 insertions(+), 9 deletions(-) diff --git a/charts/flyte-core/README.md b/charts/flyte-core/README.md index 673ba7b6ef..d75d273f42 100644 --- a/charts/flyte-core/README.md +++ b/charts/flyte-core/README.md @@ -288,6 +288,7 @@ helm install gateway bitnami/contour -n flyte | secrets.adminOauthClientCredentials.clientId | string | `"flytepropeller"` | | | secrets.adminOauthClientCredentials.clientSecret | string | `"foobar"` | | | secrets.adminOauthClientCredentials.enabled | bool | `true` | | +| secrets.adminOauthClientCredentials.secretName | string | `"flyte-secret-auth"` | | | sparkoperator | object | `{"enabled":false,"plugin_config":{"plugins":{"spark":{"spark-config-default":[{"spark.hadoop.fs.s3a.aws.credentials.provider":"com.amazonaws.auth.DefaultAWSCredentialsProviderChain"},{"spark.hadoop.mapreduce.fileoutputcommitter.algorithm.version":"2"},{"spark.kubernetes.allocation.batch.size":"50"},{"spark.hadoop.fs.s3a.acl.default":"BucketOwnerFullControl"},{"spark.hadoop.fs.s3n.impl":"org.apache.hadoop.fs.s3a.S3AFileSystem"},{"spark.hadoop.fs.AbstractFileSystem.s3n.impl":"org.apache.hadoop.fs.s3a.S3A"},{"spark.hadoop.fs.s3.impl":"org.apache.hadoop.fs.s3a.S3AFileSystem"},{"spark.hadoop.fs.AbstractFileSystem.s3.impl":"org.apache.hadoop.fs.s3a.S3A"},{"spark.hadoop.fs.s3a.impl":"org.apache.hadoop.fs.s3a.S3AFileSystem"},{"spark.hadoop.fs.AbstractFileSystem.s3a.impl":"org.apache.hadoop.fs.s3a.S3A"},{"spark.hadoop.fs.s3a.multipart.threshold":"536870912"},{"spark.blacklist.enabled":"true"},{"spark.blacklist.timeout":"5m"},{"spark.task.maxfailures":"8"}]}}}}` | Optional: Spark Plugin using the Spark Operator | | sparkoperator.enabled | bool | `false` | - enable or disable Sparkoperator deployment installation | | sparkoperator.plugin_config | object | `{"plugins":{"spark":{"spark-config-default":[{"spark.hadoop.fs.s3a.aws.credentials.provider":"com.amazonaws.auth.DefaultAWSCredentialsProviderChain"},{"spark.hadoop.mapreduce.fileoutputcommitter.algorithm.version":"2"},{"spark.kubernetes.allocation.batch.size":"50"},{"spark.hadoop.fs.s3a.acl.default":"BucketOwnerFullControl"},{"spark.hadoop.fs.s3n.impl":"org.apache.hadoop.fs.s3a.S3AFileSystem"},{"spark.hadoop.fs.AbstractFileSystem.s3n.impl":"org.apache.hadoop.fs.s3a.S3A"},{"spark.hadoop.fs.s3.impl":"org.apache.hadoop.fs.s3a.S3AFileSystem"},{"spark.hadoop.fs.AbstractFileSystem.s3.impl":"org.apache.hadoop.fs.s3a.S3A"},{"spark.hadoop.fs.s3a.impl":"org.apache.hadoop.fs.s3a.S3AFileSystem"},{"spark.hadoop.fs.AbstractFileSystem.s3a.impl":"org.apache.hadoop.fs.s3a.S3A"},{"spark.hadoop.fs.s3a.multipart.threshold":"536870912"},{"spark.blacklist.enabled":"true"},{"spark.blacklist.timeout":"5m"},{"spark.task.maxfailures":"8"}]}}}` | Spark plugin configuration | diff --git a/charts/flyte-core/templates/clusterresourcesync/deployment.yaml b/charts/flyte-core/templates/clusterresourcesync/deployment.yaml index 9108a0b335..2b0bef803e 100644 --- a/charts/flyte-core/templates/clusterresourcesync/deployment.yaml +++ b/charts/flyte-core/templates/clusterresourcesync/deployment.yaml @@ -83,7 +83,7 @@ spec: {{- if .Values.secrets.adminOauthClientCredentials.enabled }} - name: auth secret: - secretName: flyte-secret-auth + secretName: {{ .Values.secrets.adminOauthClientCredentials.secretName }} {{- end }} {{- end }} {{- with .Values.cluster_resource_manager.nodeSelector }} diff --git a/charts/flyte-core/templates/common/secret-auth.yaml b/charts/flyte-core/templates/common/secret-auth.yaml index d13247bd9a..608c0051e7 100644 --- a/charts/flyte-core/templates/common/secret-auth.yaml +++ b/charts/flyte-core/templates/common/secret-auth.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Secret metadata: - name: flyte-secret-auth + name: {{ .Values.secrets.adminOauthClientCredentials.secretName }} namespace: {{ template "flyte.namespace" . }} type: Opaque stringData: diff --git a/charts/flyte-core/templates/propeller/deployment.yaml b/charts/flyte-core/templates/propeller/deployment.yaml index 4308f2d6fa..1c9d8adb62 100644 --- a/charts/flyte-core/templates/propeller/deployment.yaml +++ b/charts/flyte-core/templates/propeller/deployment.yaml @@ -108,7 +108,7 @@ spec: {{- if .Values.secrets.adminOauthClientCredentials.enabled }} - name: auth secret: - secretName: flyte-secret-auth + secretName: {{ .Values.secrets.adminOauthClientCredentials.secretName }} {{- end }} {{- with .Values.flytepropeller.additionalVolumes -}} {{ tpl (toYaml .) $ | nindent 6 }} diff --git a/charts/flyte-core/values.yaml b/charts/flyte-core/values.yaml index 93c0d9b389..2658720696 100755 --- a/charts/flyte-core/values.yaml +++ b/charts/flyte-core/values.yaml @@ -473,6 +473,7 @@ secrets: enabled: true clientSecret: foobar clientId: flytepropeller + secretName: flyte-secret-auth # # WEBHOOK SETTINGS diff --git a/docker/sandbox-bundled/manifests/complete-agent.yaml b/docker/sandbox-bundled/manifests/complete-agent.yaml index 78a678ae34..18788571e4 100644 --- a/docker/sandbox-bundled/manifests/complete-agent.yaml +++ b/docker/sandbox-bundled/manifests/complete-agent.yaml @@ -818,7 +818,7 @@ type: Opaque --- apiVersion: v1 data: - haSharedSecret: cWlOc1c1bnl5ZGI3YTlzSw== + haSharedSecret: ZDJTa2NKVTFMcjlidGR5QQ== proxyPassword: "" proxyUsername: "" kind: Secret @@ -1415,7 +1415,7 @@ spec: metadata: annotations: checksum/config: 8f50e768255a87f078ba8b9879a0c174c3e045ffb46ac8723d2eedbe293c8d81 - checksum/secret: 7f8247a0b84f43018fdf11a598132b8a67ed9fde6573ffce801b725a6f955012 + checksum/secret: db5afa123c05e2aae4eac302bb2d67f9687e37d90ceb9e6296215d9ac9d74c75 labels: app: docker-registry release: flyte-sandbox diff --git a/docker/sandbox-bundled/manifests/complete.yaml b/docker/sandbox-bundled/manifests/complete.yaml index 5d46b89edf..3406f72791 100644 --- a/docker/sandbox-bundled/manifests/complete.yaml +++ b/docker/sandbox-bundled/manifests/complete.yaml @@ -798,7 +798,7 @@ type: Opaque --- apiVersion: v1 data: - haSharedSecret: UUxqaW5SeGlBbFNlQzVoag== + haSharedSecret: bXRKd3dodGJvOFFuWmpScg== proxyPassword: "" proxyUsername: "" kind: Secret @@ -1362,7 +1362,7 @@ spec: metadata: annotations: checksum/config: 8f50e768255a87f078ba8b9879a0c174c3e045ffb46ac8723d2eedbe293c8d81 - checksum/secret: bea0c8f293b54e309a353e0e8563e709ad817d372d2b1dce1114188693aa3f12 + checksum/secret: 2f7372a0283232d9d3ba0da6451468d9d3cd37e53c6df468d2e2358800a2a98a labels: app: docker-registry release: flyte-sandbox diff --git a/docker/sandbox-bundled/manifests/dev.yaml b/docker/sandbox-bundled/manifests/dev.yaml index 917645af33..910f583f2a 100644 --- a/docker/sandbox-bundled/manifests/dev.yaml +++ b/docker/sandbox-bundled/manifests/dev.yaml @@ -499,7 +499,7 @@ metadata: --- apiVersion: v1 data: - haSharedSecret: ZmdJNWs5RUg4cWNVTVBzRw== + haSharedSecret: VkJMUDJpV2dUR2w5VE1TQw== proxyPassword: "" proxyUsername: "" kind: Secret @@ -934,7 +934,7 @@ spec: metadata: annotations: checksum/config: 8f50e768255a87f078ba8b9879a0c174c3e045ffb46ac8723d2eedbe293c8d81 - checksum/secret: a896f2c43dff6c05c154b51e4c9ec21c9e2f03ecaf4c1fed045d84523219cf63 + checksum/secret: 5db584b292312ecbd4601d6adfa940eb97a201d813d1de51bd54a0a33d168d70 labels: app: docker-registry release: flyte-sandbox