Skip to content

Add conditional checks to handle secret keys #1227

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 7 commits into from
Closed

Add conditional checks to handle secret keys #1227

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
c00fd55
Created chart
Vismayak Feb 20, 2025
c017be1
Updated templates to check that secret exists
Vismayak Feb 24, 2025
96c2af6
Updated templates to check that secret exists
Vismayak Feb 24, 2025
68e1129
Minio test pod and daemonset
Vismayak Feb 25, 2025
78a7cc4
new mount point
Vismayak Feb 25, 2025
dd60bba
Mounting extractor
Vismayak Feb 25, 2025
df8d32c
Storing minio_mount environment variable
Vismayak Feb 26, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
117 changes: 117 additions & 0 deletions deployments/kubernetes/charts/clowder2/ibm-hpc.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,117 @@
hostname: &hostname ibmclowder.software-dev.ncsa.illinois.edu

ingress:
enabled: true
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: "0"
tls:
- hosts:
- *hostname
secretName: clowder2-tls


geoserver:
enabled: false

minio:
auth:
rootUser: clowder
rootPassword: ilikecats
persistence:
storageClass: nfs-taiga
size: 20Gi
ingress:
enabled: true
hostname: minio.ibmclowder.software-dev.ncsa.illinois.edu
apiIngress:
enabled: true
hostname: minio.ibmclowder.software-dev.ncsa.illinois.edu

frontend:
image:
repository: vismayak/clowder-frontend
tag: latest

rabbitmq:
# login
auth:
username: guest
password: ilikecats
erlangCookie: kittencookie
ingress:
enabled: true
hostname: rabbitmq.ibmclowder.software-dev.ncsa.illinois.edu
persistence:
storageClass: csi-cinder-sc-delete
size: 8Gi

mongodb:
persistence:
storageClass: csi-cinder-sc-delete
size: 8Gi

elasticsearch:
master:
persistence:
storageClass: csi-cinder-sc-delete
size: 20Gi
data:
persistence:
storageClass: csi-cinder-sc-delete
size: 20Gi

keycloak:
auth:
adminUser: guest
adminPassword: ilikecats
ingress:
hostname: ibmclowder.software-dev.ncsa.illinois.edu
postgresql:
auth:
password: cGFzc3dvcmQ=
postgresPassword: Nm50T2lJR05sZQ==
primary:
persistence:
storageClass: csi-cinder-sc-delete
size: 8Gi

message:
image:
repository: clowder/clowder2-messages
tag: release-v2.0-beta-3

heartbeat:
image:
repository: clowder/clowder2-heartbeat
tag: release-v2.0-beta-3

extractors:
wordcount:
enabled: true
image: clowder/extractors-wordcount:latest
rcnn-iwp-inference:
enabled: true
image: vismayak/rcnn_iwp_inference_extractor_k8:latest
env:
- name: MINIO_MOUNTED_PATH
value: /clowderfs
volumes:
- name: minio-storage
hostPath:
path: /mnt/ibm-hpc-clowderfs
volumeMounts:
- name: minio-storage
mountPath: /clowderfs
rcnn-iwp-finetuning:
enabled: true
image: vismayak/rcnn_iwp_finetuning_extractor_k8:latest
env:
- name: MINIO_MOUNTED_PATH
value: /clowderfs
volumes:
- name: minio-storage
hostPath:
path: /mnt/ibm-hpc-clowderfs
volumeMounts:
- name: minio-storage
mountPath: /clowderfs
12 changes: 12 additions & 0 deletions deployments/kubernetes/charts/clowder2/minio-credentials.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
apiVersion: v1
kind: Secret
metadata:
name: minio-credentials
namespace: ibm-hpc
stringData:
MINIO_ENDPOINT: http://clowder2-minio:9000
MINIO_ACCESS_KEY: clowder
MINIO_SECRET_KEY: ilikecats
MINIO_MOUNT_POINT: /var/clowderfs
CLOWDER_VERSION: "2"

41 changes: 41 additions & 0 deletions deployments/kubernetes/charts/clowder2/minio-daemonset.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: minio-mounter
namespace: ibm-hpc
labels:
app: minio-mounter
spec:
selector:
matchLabels:
app: minio-mounter
template:
metadata:
labels:
app: minio-mounter
spec:
containers:
- name: minio-fuse
image: vismayak/minio-mount-daemon-container
securityContext:
privileged: true
envFrom:
- secretRef:
name: minio-credentials
volumeMounts:
- name: fuse
mountPath: /dev/fuse
- name: minio-point
mountPath: /var/clowderfs:shared
lifecycle:
preStop:
exec:
command: ["/bin/sh", "-c", "fusermount -u /var/clowderfs"]
volumes:
- name: fuse
hostPath:
path: /dev/fuse
- name: minio-point
hostPath:
path: /mnt/ibm-hpc-clowderfs
type: DirectoryOrCreate
16 changes: 16 additions & 0 deletions deployments/kubernetes/charts/clowder2/minio-test-pod.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
apiVersion: v1
kind: Pod
metadata:
name: minio-test-pod
spec:
containers:
- name: minio-test-pod
image: alpine
command: [ "sleep", "infinity" ]
volumeMounts:
- name: minio-storage
mountPath: /clowderfs
volumes:
- name: minio-storage
hostPath:
path: /mnt/ibm-hpc-clowderfs
8 changes: 6 additions & 2 deletions deployments/kubernetes/charts/clowder2/templates/backend/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,11 +54,13 @@ spec:
secretKeyRef:
name: {{ .Values.backend.existingSecret }}
key: {{ .Values.backend.existingMinioSecretKey | default "root-password" }}
{{- else }}
{{- else if (lookup "v1" "Secret" .Release.Namespace (printf "%s-secret" (include "clowder2.releaseName" .))) }}
valueFrom:
secretKeyRef:
name: {{include "clowder2.releaseName" . }}-secret
key: root-password
{{- else }}
value: {{ .Values.minio.auth.rootPassword }}
{{- end }}
- name: MINIO_UPLOAD_CHUNK_SIZE
value: "10485760"
Expand Down Expand Up @@ -104,11 +106,13 @@ spec:
secretKeyRef:
name: {{ .Values.backend.existingSecret }}
key: {{ .Values.backend.existingRabbitMQSecretKey | default "rabbitmq-password" }}
{{- else }}
{{- else if (lookup "v1" "Secret" .Release.Namespace (printf "%s-secret" (include "clowder2.releaseName" .))) }}
valueFrom:
secretKeyRef:
name: {{ include "clowder2.releaseName" . }}-secret
key: rabbitmq-password
{{- else }}
value: {{ .Values.rabbitmq.auth.password }}
{{- end }}
- name: RABBITMQ_HOST
value: {{ include "clowder2.releaseName" . }}-rabbitmq
Expand Down
8 changes: 8 additions & 0 deletions deployments/kubernetes/charts/clowder2/templates/extractors/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,10 @@ spec:
{{- with $.Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .volumes }}
volumes:
{{- toYaml .volumes | nindent 8 }}
{{- end }}
containers:
- name: extractor
Expand Down Expand Up @@ -57,6 +61,10 @@ spec:
{{- if .env }}
{{- toYaml .env | nindent 12 }}
{{- end }}
{{- if .volumeMounts }}
volumeMounts:
{{- toYaml .volumeMounts | nindent 12 }}
{{- end }}
{{- if .resources }}
resources:
{{- toYaml .resources | nindent 12 }}
Expand Down
4 changes: 3 additions & 1 deletion deployments/kubernetes/charts/clowder2/templates/geoserver/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,11 +36,13 @@ spec:
secretKeyRef:
name: {{.Values.geoserver.existingSecret }}
key: {{.Values.geoserver.existingGeoserverSecretKey | default "GEOSERVER_PW" }}
{{- else }}
{{- else if (lookup "v1" "Secret" .Release.Namespace (printf "%s-secret" (include "clowder2.releaseName" .))) }}
valueFrom:
secretKeyRef:
name: {{include "clowder2.releaseName" . }}-secret
key: GEOSERVER_PW
{{- else }}
value: {{ .Values.geoserver.password }}
{{- end }}
ports:
- containerPort: 8080
Expand Down
4 changes: 3 additions & 1 deletion deployments/kubernetes/charts/clowder2/templates/heartbeat/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,11 +43,13 @@ spec:
secretKeyRef:
name: {{.Values.heartbeat.existingSecret }}
key: {{.Values.heartbeat.existingRabbitMQSecretKey | default "rabbitmq-password" }}
{{- else }}
{{- else if (lookup "v1" "Secret" .Release.Namespace (printf "%s-secret" (include "clowder2.releaseName" .))) }}
valueFrom:
secretKeyRef:
name: {{include "clowder2.releaseName" . }}-secret
key: rabbitmq-password
{{- else }}
value: {{ .Values.rabbitmq.auth.password }}
{{- end }}
- name: RABBITMQ_HOST
value: {{ include "clowder2.releaseName" . }}-rabbitmq
Expand Down
4 changes: 3 additions & 1 deletion deployments/kubernetes/charts/clowder2/templates/messages/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,11 +43,13 @@ spec:
secretKeyRef:
name: {{ .Values.message.existingSecret }}
key: {{ .Values.message.existingRabbitMQSecretKey | default "rabbitmq-password" }}
{{- else }}
{{- else if (lookup "v1" "Secret" .Release.Namespace (printf "%s-secret" (include "clowder2.releaseName" .))) }}
valueFrom:
secretKeyRef:
name: {{ include "clowder2.releaseName" . }}-secret
key: rabbitmq-password
{{- else }}
value: {{ .Values.rabbitmq.auth.password }}
{{- end }}
- name: RABBITMQ_HOST
value: {{ include "clowder2.releaseName" . }}-rabbitmq
Expand Down