Skip to content

Commit

Permalink
chore update func tests for tls changes
Browse files Browse the repository at this point in the history
Signed-off-by: Humair Khan <[email protected]>
  • Loading branch information
HumairAK committed May 28, 2024
1 parent 70dba66 commit ed8ff0c
Show file tree
Hide file tree
Showing 20 changed files with 582 additions and 86 deletions.
7 changes: 4 additions & 3 deletions api/v1alpha1/dspipeline_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -45,9 +45,10 @@ type DSPASpec struct {
// +kubebuilder:default:="v1"
DSPVersion string `json:"dspVersion,omitempty"`

// InterPodTLS Set to "enable" or "disable" tls communication between DSPA components. Default to "enable". Only supported in OpenShift.
// +kubebuilder:default:="enabled"
InterPodTLS string `json:"InterPodTLS,omitempty"`
// InterPodTLS Set to "true" or "false" tls communication between DSPA components. Default to enable Inter-Pod tls by setting to "true". Only supported in DSP V2 and OpenShift.
// +kubebuilder:default:=true
// +kubebuilder:validation:Optional
InterPodTLS *bool `json:"interPodTLS"`

// WorkflowController is an argo-specific component that manages a DSPA's Workflow objects and handles the orchestration of them with the central Argo server
// +kubebuilder:validation:Optional
Expand Down
5 changes: 5 additions & 0 deletions api/v1alpha1/zz_generated.deepcopy.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Original file line number Diff line number Diff line change
Expand Up @@ -35,12 +35,6 @@ spec:
type: object
spec:
properties:
InterPodTLS:
default: enabled
description: InterPodTLS Set to "enable" or "disable" tls communication
between DSPA components. Default to "enable". Only supported in
OpenShift.
type: string
apiServer:
default:
deploy: true
Expand Down Expand Up @@ -347,6 +341,12 @@ spec:
dspVersion:
default: v1
type: string
interPodTLS:
default: true
description: InterPodTLS Set to "true" or "false" tls communication
between DSPA components. Default to enable Inter-Pod tls by setting
to "true". Only supported in DSP V2 and OpenShift.
type: boolean
mlmd:
properties:
deploy:
Expand Down
4 changes: 2 additions & 2 deletions config/internal/mlpipelines-ui/deployment.yaml.tmpl
Original file line number Diff line number Diff line change
Expand Up @@ -46,8 +46,6 @@ spec:
value: "true"
- name: ML_PIPELINE_SERVICE_HOST
value: {{.APIServerServiceDNSName}}
- name: DISABLE_GKE_METADATA
value: 'true'
- name: ML_PIPELINE_SERVICE_PORT
value: '8888'
{{ if .InterPodTLS }}
Expand Down Expand Up @@ -78,6 +76,8 @@ spec:
- name: AWS_SSL
value: "false"
{{ end }}
- name: DISABLE_GKE_METADATA
value: 'true'
image: {{.MlPipelineUI.Image}}
imagePullPolicy: IfNotPresent
livenessProbe:
Expand Down
2 changes: 2 additions & 0 deletions config/internal/persistence-agent/deployment.yaml.tmpl
Original file line number Diff line number Diff line change
Expand Up @@ -40,8 +40,10 @@ spec:
{{ else }}
value: PipelineRun
{{ end }}
{{ if .InterPodTLS }}
- name: SSL_CERT_DIR
value: "/etc/pki/tls/certs:/var/run/secrets/kubernetes.io/serviceaccount/"
{{ end }}
image: "{{.PersistenceAgent.Image}}"
imagePullPolicy: IfNotPresent
name: ds-pipeline-persistenceagent
Expand Down
14 changes: 12 additions & 2 deletions controllers/dspipeline_params.go
Original file line number Diff line number Diff line change
Expand Up @@ -87,7 +87,7 @@ type DSPAParams struct {
CustomCABundle *dspa.CABundle
DSPONamespace string
// Use to enable tls communication between component pods.
InterPodTLS string
InterPodTLS bool

APIServerServiceDNSName string
}
Expand Down Expand Up @@ -578,7 +578,6 @@ func (p *DSPAParams) ExtractParams(ctx context.Context, dsp *dspa.DataSciencePip
p.Namespace = dsp.Namespace
p.DSPONamespace = os.Getenv("DSPO_NAMESPACE")
p.DSPVersion = dsp.Spec.DSPVersion
p.InterPodTLS = dsp.Spec.InterPodTLS
p.Owner = dsp
p.APIServer = dsp.Spec.APIServer.DeepCopy()
p.APIServerDefaultResourceName = apiServerDefaultResourceNamePrefix + dsp.Name
Expand All @@ -595,8 +594,19 @@ func (p *DSPAParams) ExtractParams(ctx context.Context, dsp *dspa.DataSciencePip
p.MLMD = dsp.Spec.MLMD.DeepCopy()
p.CustomCABundleRootMountPath = config.CustomCABundleRootMountPath
p.PiplinesCABundleMountPath = config.GetCABundleFileMountPath()
p.InterPodTLS = false
dspTrustedCAConfigMapKey := config.CustomDSPTrustedCAConfigMapKey

// InterPodTLS is only used in v2 dsp
if p.UsingV2Pipelines(dsp) {
// by default it's enabled when omitted
if dsp.Spec.InterPodTLS == nil {
p.InterPodTLS = true
} else {
p.InterPodTLS = *dsp.Spec.InterPodTLS
}
}

log := loggr.WithValues("namespace", p.Namespace).WithValues("dspa_name", p.Name)

if p.APIServer != nil {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ spec:
- name: ARGO_ARCHIVE_LOGS
value: "true"
- name: ML_PIPELINE_SERVICE_HOST
value: ds-pipeline-testdsp2
value: ds-pipeline-testdsp2.default.svc.cluster.local
- name: ML_PIPELINE_SERVICE_PORT
value: '8888'
- name: METADATA_ENVOY_SERVICE_SERVICE_HOST
Expand All @@ -69,6 +69,8 @@ spec:
value: "minio-testdsp2.default.svc.cluster.local"
- name: AWS_SSL
value: "false"
- name: DISABLE_GKE_METADATA
value: 'true'
image: frontend:test2
imagePullPolicy: IfNotPresent
livenessProbe:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ spec:
- name: ARGO_ARCHIVE_LOGS
value: "true"
- name: ML_PIPELINE_SERVICE_HOST
value: ds-pipeline-testdsp4
value: ds-pipeline-testdsp4.default.svc.cluster.local
- name: ML_PIPELINE_SERVICE_PORT
value: '8888'
- name: METADATA_ENVOY_SERVICE_SERVICE_HOST
Expand All @@ -69,6 +69,8 @@ spec:
value: "minio-testdsp4.default.svc.cluster.local"
- name: AWS_SSL
value: "false"
- name: DISABLE_GKE_METADATA
value: 'true'
image: this-frontend-image-from-cr-should-be-used:test4
imagePullPolicy: IfNotPresent
livenessProbe:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ spec:
- name: ARGO_ARCHIVE_LOGS
value: "true"
- name: ML_PIPELINE_SERVICE_HOST
value: ds-pipeline-testdsp5
value: ds-pipeline-testdsp5.default.svc.cluster.local
- name: ML_PIPELINE_SERVICE_PORT
value: '8888'
- name: METADATA_ENVOY_SERVICE_SERVICE_HOST
Expand All @@ -69,6 +69,8 @@ spec:
value: "minio-testdsp5.default.svc.cluster.local"
- name: AWS_SSL
value: "false"
- name: DISABLE_GKE_METADATA
value: 'true'
image: frontend:test5
imagePullPolicy: IfNotPresent
livenessProbe:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -115,6 +115,8 @@ spec:
args:
- --config=/config
- -logtostderr=true
- --tlsCertPath=/etc/tls/private/tls.crt
- --tlsCertKeyPath=/etc/tls/private/tls.key
ports:
- containerPort: 8888
name: http
Expand All @@ -123,29 +125,15 @@ spec:
name: grpc
protocol: TCP
livenessProbe:
exec:
command:
- wget
- -q
- -S
- -O
- '-'
- http://localhost:8888/apis/v1beta1/healthz
initialDelaySeconds: 3
periodSeconds: 5
timeoutSeconds: 2
httpGet:
path: /apis/v1beta1/healthz
port: http
scheme: HTTPS
readinessProbe:
exec:
command:
- wget
- -q
- -S
- -O
- '-'
- http://localhost:8888/apis/v1beta1/healthz
initialDelaySeconds: 3
periodSeconds: 5
timeoutSeconds: 2
httpGet:
path: /apis/v1beta1/healthz
port: http
scheme: HTTPS
resources:
requests:
cpu: 250m
Expand All @@ -157,14 +145,17 @@ spec:
- name: server-config
mountPath: /config/config.json
subPath: config.json
- mountPath: /etc/tls/private
name: proxy-tls
- name: ca-bundle
mountPath: /dspa/custom-certs
- name: oauth-proxy
args:
- --https-address=:8443
- --provider=openshift
- --openshift-service-account=ds-pipeline-testdsp6
- --upstream=http://localhost:8888
- --upstream=https://ds-pipeline-testdsp6.default.svc.cluster.local:8888
- --upstream-ca=/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt
- --tls-cert=/etc/tls/private/tls.crt
- --tls-key=/etc/tls/private/tls.key
- --cookie-secret=SECRET
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -108,6 +108,8 @@ spec:
- --config=/config
- -logtostderr=true
- --sampleconfig=/config/sample_config.json
- --tlsCertPath=/etc/tls/private/tls.crt
- --tlsCertKeyPath=/etc/tls/private/tls.key
ports:
- containerPort: 8888
name: http
Expand All @@ -116,29 +118,15 @@ spec:
name: grpc
protocol: TCP
livenessProbe:
exec:
command:
- wget
- -q
- -S
- -O
- '-'
- http://localhost:8888/apis/v1beta1/healthz
initialDelaySeconds: 3
periodSeconds: 5
timeoutSeconds: 2
httpGet:
path: /apis/v1beta1/healthz
port: http
scheme: HTTPS
readinessProbe:
exec:
command:
- wget
- -q
- -S
- -O
- '-'
- http://localhost:8888/apis/v1beta1/healthz
initialDelaySeconds: 3
periodSeconds: 5
timeoutSeconds: 2
httpGet:
path: /apis/v1beta1/healthz
port: http
scheme: HTTPS
resources:
requests:
cpu: 1231m
Expand All @@ -150,6 +138,8 @@ spec:
- name: server-config
mountPath: /config/config.json
subPath: config.json
- mountPath: /etc/tls/private
name: proxy-tls
- mountPath: /config/sample_config.json
name: sample-config
subPath: sample_config.json
Expand All @@ -160,7 +150,8 @@ spec:
- --https-address=:8443
- --provider=openshift
- --openshift-service-account=ds-pipeline-testdsp7
- --upstream=http://localhost:8888
- --upstream=https://ds-pipeline-testdsp7.default.svc.cluster.local:8888
- --upstream-ca=/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt
- --tls-cert=/etc/tls/private/tls.crt
- --tls-key=/etc/tls/private/tls.key
- --cookie-secret=SECRET
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -46,9 +46,13 @@ spec:
- name: ARGO_ARCHIVE_LOGS
value: "true"
- name: ML_PIPELINE_SERVICE_HOST
value: ds-pipeline-testdsp7
value: ds-pipeline-testdsp7.default.svc.cluster.local
- name: ML_PIPELINE_SERVICE_PORT
value: '8888'
- name: ML_PIPELINE_SERVICE_SCHEME
value: 'https'
- name: NODE_EXTRA_CA_CERTS
value: '/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt'
- name: METADATA_ENVOY_SERVICE_SERVICE_HOST
value: ds-pipeline-md-testdsp7
- name: METADATA_ENVOY_SERVICE_SERVICE_PORT
Expand All @@ -69,6 +73,8 @@ spec:
value: "minio-testdsp7.default.svc.cluster.local"
- name: AWS_SSL
value: "false"
- name: DISABLE_GKE_METADATA
value: 'true'
image: frontend:test7
imagePullPolicy: IfNotPresent
livenessProbe:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,8 @@ spec:
value: ""
- name: EXECUTIONTYPE
value: Workflow
- name: SSL_CERT_DIR
value: "/etc/pki/tls/certs:/var/run/secrets/kubernetes.io/serviceaccount/"
image: persistenceagent:test7
imagePullPolicy: IfNotPresent
name: ds-pipeline-persistenceagent
Expand Down
Loading

0 comments on commit ed8ff0c

Please sign in to comment.