Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(charts): allow using existing secrets #947

Closed
wants to merge 15 commits into from
Closed

chore(charts): allow using existing secrets #947

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
a154323
chore(charts): allow using existing secrets
thbcmlowk Jul 2, 2024
f852a8d
docs(charts): update 'addAccountOperator.secretName' description
thbcmlowk Jul 3, 2024
7ea1f8c
fix(charts): metadata provided for non existing key: redis.auth.secre…
thbcmlowk Jul 3, 2024
0a67d77
docs(charts): generate doc
thbcmlowk Jul 3, 2024
913f4ca
docs(charts): update changelog
thbcmlowk Jul 3, 2024
75c4489
fix(charts): templates/secret-database.yaml: unable to parse yaml
thbcmlowk Jul 3, 2024
6ca40a4
style(charts): update 'addAccountOperator.secretName' description
thbcmlowk Jul 3, 2024
2d4fced
chore(charts): add helpers to define secret-name
thbcmlowk Jul 3, 2024
9f0b040
chore(charts): bump chart version
thbcmlowk Jul 3, 2024
b6612e6
chore(charts): secret-database stringData -> data
thbcmlowk Jul 4, 2024
bf67e6f
chore(charts): inject secret names from helpers in templates
thbcmlowk Jul 4, 2024
7e01279
refactor(charts): secretName -> existingSecretName
thbcmlowk Jul 4, 2024
0ca9a36
docs(charts): update README
thbcmlowk Jul 4, 2024
ae686de
fix(charts): refactor secretName -> existingSecretName
thbcmlowk Jul 4, 2024
1b69ac4
chore(charts): bump chart version
thbcmlowk Jul 4, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 10 additions & 0 deletions charts/substra-backend/CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,16 @@

<!-- towncrier release notes start -->

## [26.8.0] - 2024-07-05

### Added

- Allow using existing secrets for accountOperators, postgres, redis and objectstore

### Changed

- `database.auth.credentialsSecretName` is now `database.auth.existingSecretName`

## [26.7.5] - 2024-06-29

### Added
Expand Down
2 changes: 1 addition & 1 deletion charts/substra-backend/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
apiVersion: v2
name: substra-backend
home: https://github.com/Substra
version: 26.7.5
version: "26.8.0"
appVersion: 0.47.0
kubeVersion: ">= 1.19.0-0"
description: Main package for Substra
Expand Down
34 changes: 18 additions & 16 deletions charts/substra-backend/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -325,11 +325,12 @@ See [UPGRADE.md](https://github.com/Substra/substra-backend/blob/main/charts/sub

### Account operator settings

| Name | Description | Value |
| ------------------------------------------ | -------------------------------------------------------------------------------------------------- | ----- |
| `addAccountOperator.outgoingOrganizations` | Outgoind organizations credentials for substra backend organization-to-organization communications | `[]` |
| `addAccountOperator.incomingOrganizations` | Incoming organizations credentials for substra backend organization-to-organization communications | `[]` |
| `addAccountOperator.users` | A list of administrators users who can log into the substra backend server with admin privileges | `[]` |
| Name | Description | Value |
| ------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----- |
| `addAccountOperator.outgoingOrganizations` | Outgoing organizations credentials for substra backend organization-to-organization communications | `[]` |
| `addAccountOperator.incomingOrganizations` | Incoming organizations credentials for substra backend organization-to-organization communications | `[]` |
| `addAccountOperator.users` | A list of administrators users who can log into the substra backend server with admin privileges | `[]` |
| `addAccountOperator.existingSecretName` | An alternative to providing credentials for organization-to-organization communications and users ; secret must have the `users`, `incoming_organizations` and `outgoing_organizations` keys | `""` |

### Registry prepopulate

Expand Down Expand Up @@ -376,24 +377,25 @@ Else, you must strike a balance: longer durations are more convenient, but risk

### Database connection settings

| Name | Description | Value |
| ------------------------------------- | ----------------------------------------------------------------------------------------------------------- | ---------- |
| `database.auth.database` | what DB to connect to | `substra` |
| `database.auth.username` | what user to connect as | `postgres` |
| `database.auth.password` | what password to use for connecting | `postgres` |
| `database.auth.credentialsSecretName` | An alternative to giving username and password; must have `DATABASE_USERNAME` and `DATABASE_PASSWORD` keys. | `nil` |
| `database.host` | Hostname of the database to connect to (defaults to local) | `nil` |
| `database.port` | Port of an external database to connect to | `5432` |
| Name | Description | Value |
| ---------------------------------- | ----------------------------------------------------------------------------------------------------------- | ---------- |
| `database.auth.database` | what DB to connect to | `substra` |
| `database.auth.username` | what user to connect as | `postgres` |
| `database.auth.password` | what password to use for connecting | `postgres` |
| `database.auth.existingSecretName` | An alternative to giving username and password; must have `DATABASE_USERNAME` and `DATABASE_PASSWORD` keys. | `""` |
| `database.host` | Hostname of the database to connect to (defaults to local) | `nil` |
| `database.port` | Port of an external database to connect to | `5432` |

### PostgreSQL settings

Database included as a subchart used by default.

See Bitnami documentation: https://bitnami.com/stack/postgresql/helm

| Name | Description | Value |
| -------------------- | ---------------------------------------------------------- | ------ |
| `postgresql.enabled` | Deploy a PostgreSQL instance along the backend for its use | `true` |
| Name | Description | Value |
| ---------------------------------- | ------------------------------------------------------------------------------------------------------------------- | ------ |
| `postgresql.enabled` | Deploy a PostgreSQL instance along the backend for its use | `true` |
| `database.auth.existingSecretName` | An alternative to giving username and password; must have `OBJECTSTORE_ACCESSKEY` and `OBJECTSTORE_SECRETKEY` keys. | `""` |
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This key is duplicated 🤔


### Helm hooks

Expand Down
55 changes: 45 additions & 10 deletions charts/substra-backend/templates/_helpers.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -216,14 +216,6 @@ example:
{{- end -}}


{{- define "substra-backend.database.secret-name" -}}
{{- if .Values.database.auth.credentialsSecretName -}}
{{- .Values.database.auth.credentialsSecretName }}
{{- else -}}
{{- template "substra.fullname" . }}-database
{{- end -}}
{{- end -}}

{{/*
The hostname we should connect to (external is defined, otherwise integrated)
*/}}
Expand Down Expand Up @@ -331,7 +323,7 @@ The hostname we should connect to (external is defined, otherwise integrated)
- configMapRef:
name: {{ include "substra.fullname" . }}-settings
- secretRef:
name: {{ include "substra-backend.database.secret-name" . }}
name: {{ include "substra-backend.database.secretName" . }}
env:
- name: DJANGO_SETTINGS_MODULE
value: backend.settings.{{ .Values.settings }}
Expand Down Expand Up @@ -371,7 +363,6 @@ Define service port based on MinIO or LocalStack enablement
{{- end -}}
{{- end -}}


{{/*
Define objectstore access key based on MinIO or LocalStack enablement
*/}}
Expand Down Expand Up @@ -408,3 +399,47 @@ Retrieve AWS environment variable value
{{- end -}}
{{- $value -}}
{{- end -}}

{{/*
Define database secret name
*/}}
{{- define "substra-backend.database.secretName" -}}
{{- if .Values.database.auth.existingSecretName -}}
{{- .Values.database.auth.existingSecretName }}
{{- else -}}
{{ include "substra.fullname" . }}-database
{{- end -}}
{{- end -}}

{{/*
Define redis secret name
*/}}
{{- define "substra-backend.redis.secretName" -}}
{{- if .Values.redis.auth.existingSecretName -}}
{{- .Values.database.auth.existingSecretName }}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same here

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

also, the new redis value has not been documented

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The redis section has:

## @skip redis

{{- else -}}
{{ include "substra.fullname" . }}-redis
{{- end -}}
{{- end -}}

{{/*
Define account operators secret name
*/}}
{{- define "substra-backend.accountOperator.secretName" -}}
{{- if .Values.addAccountOperator.existingSecretName -}}
{{- .Values.database.auth.existingSecretName }}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

and here

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

😇

{{- else -}}
{{ include "substra.fullname" . }}-add-account
{{- end -}}
{{- end -}}

{{/*
Define object store secret name
*/}}
{{- define "substra-backend.objectStore.secretName" -}}
{{- if .Values.redis.auth.existingSecretName -}}
{{- .Values.database.auth.existingSecretName }}
Comment on lines +440 to +441
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🕵️
I think the values have not been changed here

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤦

{{- else -}}
{{ include "substra.fullname" . }}-objectstore
{{- end -}}
{{- end -}}
4 changes: 2 additions & 2 deletions charts/substra-backend/templates/deployment-api-events.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,9 +72,9 @@ spec:
- configMapRef:
name: {{ include "substra.fullname" . }}-redis
- secretRef:
name: {{ include "substra.fullname" . }}-redis
name: {{ include "substra-backend.redis.secretName" . }}
- secretRef:
name: {{ include "substra-backend.database.secret-name" . }}
name: {{ include "substra-backend.database.secretName" . }}
readinessProbe:
exec:
command:
Expand Down
4 changes: 2 additions & 2 deletions charts/substra-backend/templates/deployment-scheduler-worker.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,9 +72,9 @@ spec:
- configMapRef:
name: {{ include "substra.fullname" . }}-registry
- secretRef:
name: {{ include "substra.fullname" . }}-redis
name: {{ include "substra-backend.redis.secretName" . }}
- secretRef:
name: {{ include "substra-backend.database.secret-name" . }}
name: {{ include "substra-backend.database.secretName" . }}
env:
- name: NAMESPACE
valueFrom:
Expand Down
4 changes: 2 additions & 2 deletions charts/substra-backend/templates/deployment-scheduler.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,9 +69,9 @@ spec:
- configMapRef:
name: {{ include "substra.fullname" . }}-registry
- secretRef:
name: {{ include "substra.fullname" . }}-redis
name: {{ include "substra-backend.objectStore.secretName" . }}
- secretRef:
name: {{ include "substra-backend.database.secret-name" . }}
name: {{ include "substra-backend.database.secretName" . }}
env:
- name: NAMESPACE
valueFrom:
Expand Down
8 changes: 4 additions & 4 deletions charts/substra-backend/templates/deployment-server.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -70,13 +70,13 @@ spec:
- configMapRef:
name: {{ include "substra.fullname" . }}-orchestrator
- secretRef:
name: {{ include "substra.fullname" . }}-objectstore
name: {{ include "substra-backend.objectStore.secretName" . }}
- configMapRef:
name: {{ include "substra.fullname" . }}-settings
- configMapRef:
name: {{ include "substra.fullname" . }}-database
- secretRef:
name: {{ include "substra-backend.database.secret-name" . }}
name: {{ include "substra-backend.database.secretName" . }}
- secretRef:
name: {{ include "substra.fullname" . }}-server-key
- configMapRef:
Expand Down Expand Up @@ -230,13 +230,13 @@ spec:
- configMapRef:
name: {{ include "substra.fullname" . }}-orchestrator
- secretRef:
name: {{ include "substra.fullname" . }}-objectstore
name: {{ include "substra-backend.objectStore.secretName" . }}
- configMapRef:
name: {{ include "substra.fullname" . }}-database
- configMapRef:
name: {{ include "substra.fullname" . }}-settings
- secretRef:
name: {{ include "substra-backend.database.secret-name" . }}
name: {{ include "substra-backend.database.secretName" . }}
env:
- name: DJANGO_SETTINGS_MODULE
value: backend.settings.{{ .Values.settings }}
Expand Down
4 changes: 2 additions & 2 deletions charts/substra-backend/templates/deployment-worker-events.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -74,9 +74,9 @@ spec:
- configMapRef:
name: {{ include "substra.fullname" . }}-redis
- secretRef:
name: {{ include "substra.fullname" . }}-redis
name: {{ include "substra-backend.redis.secretName" . }}
- secretRef:
name: {{ include "substra-backend.database.secret-name" . }}
name: {{ include "substra-backend.database.secretName" . }}
readinessProbe:
exec:
command:
Expand Down
4 changes: 2 additions & 2 deletions charts/substra-backend/templates/job-migrations.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@ spec:
- configMapRef:
name: {{ include "substra.fullname" . }}-database
- secretRef:
name: {{ include "substra-backend.database.secret-name" . }}
name: {{ include "substra-backend.database.secretName" . }}
env:
- name: DJANGO_SETTINGS_MODULE
value: backend.settings.{{ .Values.settings }}
Expand All @@ -88,4 +88,4 @@ spec:
volumes:
- name: accounts
secret:
secretName: {{ template "substra.fullname" . }}-add-account
secretName: {{ include "substra-backend.accountOperator.secretName" . }}
4 changes: 3 additions & 1 deletion charts/substra-backend/templates/secret-add-account.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,13 @@
{{- if not .Values.addAccountOperator.existingSecretName }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "substra.fullname" . }}-add-account
name: {{ template "substra-backend.accountOperator.secretName" . }}
labels:
{{ include "substra.labels" . | nindent 4 }}
app.kubernetes.io/name: {{ include "substra.name" . }}-add-account
data:
users: {{ include "common.users" .Values.addAccountOperator.users | b64enc | quote }}
incoming_organizations: {{ include "common.users" .Values.addAccountOperator.incomingOrganizations | b64enc | quote }}
outgoing_organizations: {{ include "common.users" .Values.addAccountOperator.outgoingOrganizations | b64enc | quote }}
{{- end }}
12 changes: 6 additions & 6 deletions charts/substra-backend/templates/secret-database.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
{{- if not .Values.database.auth.credentialsSecretName }}
{{- if not .Values.database.auth.existingSecretName }}
apiVersion: v1
kind: Secret
metadata:
name: {{ template "substra.fullname" . }}-database
name: {{ template "substra-backend.database.secretName" . }}
labels:
{{- include "substra.labels" . | nindent 4 }}
type: Opaque
stringData:
DATABASE_PASSWORD: {{ .Values.database.auth.password | quote }}
DATABASE_USERNAME: {{ .Values.database.auth.username | quote }}
{{- end }}
data:
DATABASE_PASSWORD: {{ .Values.database.auth.password | b64enc | quote }}
DATABASE_USERNAME: {{ .Values.database.auth.username | b64enc | quote }}
{{- end }}
4 changes: 3 additions & 1 deletion charts/substra-backend/templates/secret-objectstore.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,13 @@
{{- if or (not .Values.minio.auth.existingSecretName) .Values.localstack.enabled }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "substra.fullname" . }}-objectstore
name: {{ template "substra-backend.objectStore.secretName" . }}
labels:
{{ include "substra.labels" . | nindent 4 }}
app.kubernetes.io/name: {{ include "substra.name" . }}
type: Opaque
data:
OBJECTSTORE_ACCESSKEY: {{ include "substra-backend.objectStore.accessKey" . | b64enc }}
OBJECTSTORE_SECRETKEY: {{ include "substra-backend.objectStore.secretKey" . | b64enc }}
{{- end }}
4 changes: 3 additions & 1 deletion charts/substra-backend/templates/secret-redis.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,11 @@
{{- if not .Values.redis.auth.existingSecretName }}
apiVersion: v1
kind: Secret
metadata:
name: {{ template "substra.fullname" . }}-redis
name: {{ template "substra-backend.redis.secretName" . }}
labels:
{{- include "substra.labels" . | nindent 4 }}
type: Opaque
data:
CELERY_BROKER_PASSWORD: {{ .Values.redis.auth.password | b64enc | quote }}
{{- end }}
6 changes: 3 additions & 3 deletions charts/substra-backend/templates/statefulset-builder.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -146,12 +146,12 @@ spec:
- configMapRef:
name: {{ include "substra.fullname" . }}-database
- secretRef:
name: {{ include "substra.fullname" . }}-objectstore
name: {{ include "substra-backend.objectStore.secretName" . }}
- secretRef:
name: {{ include "substra.fullname" . }}-redis
name: {{ include "substra-backend.redis.secretName" . }}
# TODO: Remove once moved ImageResitryEntrypoint logic
- secretRef:
name: {{ include "substra-backend.database.secret-name" . }}
name: {{ include "substra-backend.database.secretName" . }}
env:
- name: HOST_IP
valueFrom:
Expand Down
6 changes: 3 additions & 3 deletions charts/substra-backend/templates/statefulset-worker.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -102,11 +102,11 @@ spec:
- configMapRef:
name: {{ include "substra.fullname" . }}-registry
- secretRef:
name: {{ include "substra.fullname" . }}-objectstore
name: {{ include "substra-backend.objectStore.secretName" . }}
- secretRef:
name: {{ include "substra.fullname" . }}-redis
name: {{ include "substra-backend.redis.secretName" . }}
- secretRef:
name: {{ include "substra-backend.database.secret-name" . }}
name: {{ include "substra-backend.database.secretName" . }}
env:
- name: DJANGO_SETTINGS_MODULE
value: backend.settings.celery.{{ .Values.settings }}
Expand Down
Loading
Loading