From 4e4beadf2d3157893893c59152571a948596dabc Mon Sep 17 00:00:00 2001 From: hbelmiro Date: Fri, 9 Aug 2024 14:54:45 -0300 Subject: [PATCH] Added support for TLS to MLMD GRPC Server Signed-off-by: hbelmiro --- .../apiserver/default/deployment.yaml.tmpl | 2 + ...etadata-grpc.ml-pipeline.service.yaml.tmpl | 0 .../metadata-grpc.service.yaml.tmpl | 5 + .../metadata-envoy.configmap.yaml.tmpl | 10 + .../metadata-envoy.deployment.yaml.tmpl | 7 + .../metadata-grpc-tls-config-secret.yaml.tmpl | 23 ++ .../metadata-grpc.deployment.yaml.tmpl | 22 ++ controllers/dspipeline_controller.go | 43 +++- controllers/dspipeline_params.go | 21 ++ controllers/mlmd.go | 25 +- controllers/mlmd_test.go | 20 +- .../created/metadata-envoy_deployment.yaml | 4 + .../testdata/declarative/case_6/config.yaml | 21 -- .../case_6/deploy/00_configmap.yaml | 70 ------ .../case_6/deploy/01_configmap.yaml | 38 --- .../case_6/deploy/02_configmap.yaml | 36 --- .../declarative/case_6/deploy/03_secret.yaml | 7 - .../declarative/case_6/deploy/04_cr.yaml | 37 --- .../created/apiserver_deployment.yaml | 217 ------------------ .../created/configmap_artifact_script.yaml | 42 ---- .../created/configmap_dspa_trusted_ca.yaml | 131 ----------- .../created/configmap_server_config.yaml | 28 --- .../created/metadata_grpc_deployment.yaml | 83 ------- .../created/apiserver_deployment.yaml | 2 + controllers/util/util.go | 13 ++ 25 files changed, 184 insertions(+), 723 deletions(-) rename config/internal/ml-metadata/{ => grpc-service}/metadata-grpc.ml-pipeline.service.yaml.tmpl (100%) rename config/internal/ml-metadata/{ => grpc-service}/metadata-grpc.service.yaml.tmpl (70%) create mode 100644 config/internal/ml-metadata/metadata-grpc-tls-config-secret.yaml.tmpl delete mode 100644 controllers/testdata/declarative/case_6/config.yaml delete mode 100644 controllers/testdata/declarative/case_6/deploy/00_configmap.yaml delete mode 100644 controllers/testdata/declarative/case_6/deploy/01_configmap.yaml delete mode 100644 controllers/testdata/declarative/case_6/deploy/02_configmap.yaml delete mode 100644 controllers/testdata/declarative/case_6/deploy/03_secret.yaml delete mode 100644 controllers/testdata/declarative/case_6/deploy/04_cr.yaml delete mode 100644 controllers/testdata/declarative/case_6/expected/created/apiserver_deployment.yaml delete mode 100644 controllers/testdata/declarative/case_6/expected/created/configmap_artifact_script.yaml delete mode 100644 controllers/testdata/declarative/case_6/expected/created/configmap_dspa_trusted_ca.yaml delete mode 100644 controllers/testdata/declarative/case_6/expected/created/configmap_server_config.yaml delete mode 100644 controllers/testdata/declarative/case_6/expected/created/metadata_grpc_deployment.yaml diff --git a/config/internal/apiserver/default/deployment.yaml.tmpl b/config/internal/apiserver/default/deployment.yaml.tmpl index dc49edf88..8a8cdd76d 100644 --- a/config/internal/apiserver/default/deployment.yaml.tmpl +++ b/config/internal/apiserver/default/deployment.yaml.tmpl @@ -121,6 +121,8 @@ spec: {{ if .PodToPodTLS }} - name: ML_PIPELINE_TLS_ENABLED value: "true" + - name: METADATA_TLS_ENABLED + value: "true" {{ end }} {{ if (eq .DSPVersion "v2") }} ## Argo-Specific Env Vars ## diff --git a/config/internal/ml-metadata/metadata-grpc.ml-pipeline.service.yaml.tmpl b/config/internal/ml-metadata/grpc-service/metadata-grpc.ml-pipeline.service.yaml.tmpl similarity index 100% rename from config/internal/ml-metadata/metadata-grpc.ml-pipeline.service.yaml.tmpl rename to config/internal/ml-metadata/grpc-service/metadata-grpc.ml-pipeline.service.yaml.tmpl diff --git a/config/internal/ml-metadata/metadata-grpc.service.yaml.tmpl b/config/internal/ml-metadata/grpc-service/metadata-grpc.service.yaml.tmpl similarity index 70% rename from config/internal/ml-metadata/metadata-grpc.service.yaml.tmpl rename to config/internal/ml-metadata/grpc-service/metadata-grpc.service.yaml.tmpl index 608ebe627..a007b842c 100644 --- a/config/internal/ml-metadata/metadata-grpc.service.yaml.tmpl +++ b/config/internal/ml-metadata/grpc-service/metadata-grpc.service.yaml.tmpl @@ -3,9 +3,14 @@ kind: Service metadata: name: ds-pipeline-metadata-grpc-{{.Name}} namespace: {{.Namespace}} + {{ if .PodToPodTLS }} + annotations: + service.beta.openshift.io/serving-cert-secret-name: ds-pipeline-metadata-grpc-tls-certs-{{.Name}} + {{ end }} labels: app: ds-pipeline-metadata-grpc-{{.Name}} component: data-science-pipelines + dspa: {{.Name}} spec: ports: - name: grpc-api diff --git a/config/internal/ml-metadata/metadata-envoy.configmap.yaml.tmpl b/config/internal/ml-metadata/metadata-envoy.configmap.yaml.tmpl index 12fb1f5aa..8ebeccf7a 100644 --- a/config/internal/ml-metadata/metadata-envoy.configmap.yaml.tmpl +++ b/config/internal/ml-metadata/metadata-envoy.configmap.yaml.tmpl @@ -69,3 +69,13 @@ data: socket_address: address: metadata-grpc-service port_value: 8080 + {{ if .PodToPodTLS }} + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + validation_context: + trusted_ca: + filename: /etc/ssl/certs/dsp-ca.crt + {{ end }} diff --git a/config/internal/ml-metadata/metadata-envoy.deployment.yaml.tmpl b/config/internal/ml-metadata/metadata-envoy.deployment.yaml.tmpl index edff20d94..5741dbbf2 100644 --- a/config/internal/ml-metadata/metadata-envoy.deployment.yaml.tmpl +++ b/config/internal/ml-metadata/metadata-envoy.deployment.yaml.tmpl @@ -71,6 +71,10 @@ spec: - mountPath: /etc/envoy.yaml name: envoy-config subPath: envoy.yaml + {{ if .PodToPodTLS }} + - name: proxy-tls-upstream + mountPath: "/etc/ssl/certs/" + {{ end }} {{ if .MLMD.Envoy.DeployRoute }} - name: oauth-proxy args: @@ -128,3 +132,6 @@ spec: - name: proxy-tls secret: secretName: ds-pipelines-envoy-proxy-tls-{{.Name}} + - name: proxy-tls-upstream + configMap: + name: dsp-trusted-ca-{{.Name}} diff --git a/config/internal/ml-metadata/metadata-grpc-tls-config-secret.yaml.tmpl b/config/internal/ml-metadata/metadata-grpc-tls-config-secret.yaml.tmpl new file mode 100644 index 000000000..83bf384ce --- /dev/null +++ b/config/internal/ml-metadata/metadata-grpc-tls-config-secret.yaml.tmpl @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Secret +metadata: + name: ds-pipeline-metadata-grpc-tls-config-secret-{{.Name}} + namespace: {{.Namespace}} + labels: + component: metadata-grpc-server +stringData: + config.proto: | + connection_config { + mysql { + host: "{{.DBConnection.Host}}" + port: {{.DBConnection.Port}} + database: "{{.DBConnection.DBName}}" + user: "{{.DBConnection.Username}}" + password: "{{.DBConnection.DecodedPassword}}" + } + } + ssl_config { + server_cert: "{{.MlmdGrpcCertificateContents}}" + server_key: "{{.MlmdGrpcPrivateKeyContents}}" + client_verify: false // controls mTLS, which we don't use, so hardcode to false + } diff --git a/config/internal/ml-metadata/metadata-grpc.deployment.yaml.tmpl b/config/internal/ml-metadata/metadata-grpc.deployment.yaml.tmpl index 1ceb1a7a4..cba18f8d1 100644 --- a/config/internal/ml-metadata/metadata-grpc.deployment.yaml.tmpl +++ b/config/internal/ml-metadata/metadata-grpc.deployment.yaml.tmpl @@ -30,6 +30,9 @@ spec: - --mysql_config_user=$(DBCONFIG_USER) - --mysql_config_password=$(DBCONFIG_PASSWORD) - --enable_database_upgrade=true + {{ if .PodToPodTLS }} + - --metadata_store_server_config_file=/mlmd-tls-config/config.proto + {{ end }} {{ if .CustomCABundle }} - --mysql_config_sslrootcert={{ .PiplinesCABundleMountPath }} {{ end }} @@ -90,6 +93,12 @@ spec: - mountPath: {{ .CustomCABundleRootMountPath }} name: ca-bundle {{ end }} + {{ if .PodToPodTLS }} + - name: ds-pipeline-metadata-grpc-tls-config-{{.Name}} + mountPath: /mlmd-tls-config + - name: ds-pipeline-metadata-grpc-tls-certs-{{.Name}} + mountPath: "/etc/tls" + {{ end }} serviceAccountName: ds-pipeline-metadata-grpc-{{.Name}} volumes: {{ if .CustomCABundle }} @@ -97,3 +106,16 @@ spec: configMap: name: {{ .CustomCABundle.ConfigMapName }} {{ end }} + {{ if .PodToPodTLS }} + - name: ds-pipeline-metadata-grpc-tls-config-{{.Name}} + secret: + secretName: ds-pipeline-metadata-grpc-tls-config-secret-{{.Name}} + - name: ds-pipeline-metadata-grpc-tls-certs-{{.Name}} + secret: + secretName: ds-pipeline-metadata-grpc-tls-certs-{{.Name}} + items: + - key: tls.key + path: tls.key + - key: tls.crt + path: tls.crt + {{ end }} diff --git a/controllers/dspipeline_controller.go b/controllers/dspipeline_controller.go index 12e444e1d..798854ae8 100644 --- a/controllers/dspipeline_controller.go +++ b/controllers/dspipeline_controller.go @@ -304,7 +304,7 @@ func (r *DSPAReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl. return ctrl.Result{}, err } - err = r.ReconcileMLMD(dspa, params) + err = r.ReconcileMLMD(ctx, dspa, params) if err != nil { r.setStatusAsNotReady(config.MLMDProxyReady, err, dspaStatus.SetMLMDProxyStatus) return ctrl.Result{}, err @@ -635,6 +635,47 @@ func (r *DSPAReconciler) SetupWithManager(mgr ctrl.Manager) error { return []reconcile.Request{{NamespacedName: namespacedName}} }), ). + WatchesRawSource(source.Kind(mgr.GetCache(), &corev1.Secret{}), + handler.EnqueueRequestsFromMapFunc(func(ctx context.Context, o client.Object) []reconcile.Request { + secret := o.(*corev1.Secret) + log := r.Log.WithValues("namespace", secret.Namespace) + + if secret.Annotations["openshift.io/owning-component"] != "service-ca" { + return nil + } + + log.V(1).Info(fmt.Sprintf("Reconcile event triggered by change on Secret owned by service-ca: %s", secret.Name)) + + serviceName := secret.Annotations["service.beta.openshift.io/originating-service-name"] + + namespacedServiceName := types.NamespacedName{ + Name: serviceName, + Namespace: secret.Namespace, + } + + service := &corev1.Service{} + + err := r.Get(ctx, namespacedServiceName, service) + if err != nil { + return nil + } + + dspaName, hasDSPALabel := service.Labels["dspa"] + if !hasDSPALabel { + msg := fmt.Sprintf("Service is missing dspa "+ + "label, could not reconcile on [Service: %s] ", serviceName) + log.V(1).Info(msg) + return nil + } + + log.V(1).Info(fmt.Sprintf("Reconcile event triggered by [Service: %s] ", serviceName)) + namespacedDspaName := types.NamespacedName{ + Name: dspaName, + Namespace: secret.Namespace, + } + return []reconcile.Request{{NamespacedName: namespacedDspaName}} + }), + ). WithOptions(controller.Options{ MaxConcurrentReconciles: r.MaxConcurrentReconciles, }). diff --git a/controllers/dspipeline_params.go b/controllers/dspipeline_params.go index 96534316e..4bba6dc0e 100644 --- a/controllers/dspipeline_params.go +++ b/controllers/dspipeline_params.go @@ -66,6 +66,8 @@ type DSPAParams struct { Minio *dspa.Minio MLMD *dspa.MLMD MlmdProxyDefaultResourceName string + MlmdGrpcCertificateContents string + MlmdGrpcPrivateKeyContents string WorkflowController *dspa.WorkflowController CustomKfpLauncherConfigMapData string DBConnection @@ -101,6 +103,7 @@ type DBConnection struct { DBName string CredentialsSecret *dspa.SecretKeyValue Password string + DecodedPassword string ExtraParams string } type ObjectStorageConnection struct { @@ -290,6 +293,8 @@ func (p *DSPAParams) SetupDBParams(ctx context.Context, dsp *dspa.DataSciencePip return err } p.DBConnection.Password = password + decodedPasswordBytes, _ := base64.StdEncoding.DecodeString(password) + p.DBConnection.DecodedPassword = string(decodedPasswordBytes) } else { // If no externalDB or mariaDB is specified, DSPO assumes // MariaDB deployment with defaults. @@ -349,6 +354,8 @@ func (p *DSPAParams) SetupDBParams(ctx context.Context, dsp *dspa.DataSciencePip return err } p.DBConnection.Password = dbPassword + decodedPasswordBytes, _ := base64.StdEncoding.DecodeString(dbPassword) + p.DBConnection.DecodedPassword = string(decodedPasswordBytes) } // User specified custom Extra parameters will always take precedence @@ -582,6 +589,20 @@ func setResourcesDefault(defaultValue dspa.ResourceRequirements, value **dspa.Re } } +func (p *DSPAParams) LoadMlmdCertificates(ctx context.Context, client client.Client) (bool, error) { + secret, err := util.GetSecret(ctx, "ds-pipeline-metadata-grpc-tls-certs-"+p.Name, p.Namespace, client) + if err != nil { + if apierrs.IsNotFound(err) { + return false, nil + } else { + return false, err + } + } + p.MlmdGrpcCertificateContents = strings.ReplaceAll(string(secret.Data["tls.crt"]), "\n", "\\n") + p.MlmdGrpcPrivateKeyContents = strings.ReplaceAll(string(secret.Data["tls.key"]), "\n", "\\n") + return true, nil +} + func (p *DSPAParams) ExtractParams(ctx context.Context, dsp *dspa.DataSciencePipelinesApplication, client client.Client, loggr logr.Logger) error { p.Name = dsp.Name p.Namespace = dsp.Namespace diff --git a/controllers/mlmd.go b/controllers/mlmd.go index bd3f3f10c..c6c639c84 100644 --- a/controllers/mlmd.go +++ b/controllers/mlmd.go @@ -16,6 +16,8 @@ limitations under the License. package controllers import ( + "context" + "errors" dspav1alpha1 "github.com/opendatahub-io/data-science-pipelines-operator/api/v1alpha1" ) @@ -23,9 +25,10 @@ const ( mlmdTemplatesDir = "ml-metadata" mlmdEnvoyRoute = mlmdTemplatesDir + "/route/metadata-envoy.route.yaml.tmpl" mlmdProxyDefaultResourceNamePrefix = "ds-pipeline-scheduledworkflow-" + mlmdGrpcService = "grpc-service" ) -func (r *DSPAReconciler) ReconcileMLMD(dsp *dspav1alpha1.DataSciencePipelinesApplication, +func (r *DSPAReconciler) ReconcileMLMD(ctx context.Context, dsp *dspav1alpha1.DataSciencePipelinesApplication, params *DSPAParams) error { log := r.Log.WithValues("namespace", dsp.Namespace).WithValues("dspa_name", dsp.Name) @@ -57,7 +60,25 @@ func (r *DSPAReconciler) ReconcileMLMD(dsp *dspav1alpha1.DataSciencePipelinesApp return err } } else { - err := r.ApplyDir(dsp, params, mlmdTemplatesDir) + // We need to create the service first so OpenShift creates the certificate that we'll use later. + err := r.ApplyDir(dsp, params, mlmdTemplatesDir+"/"+mlmdGrpcService) + if err != nil { + return err + } + + if params.PodToPodTLS { + var certificatesExist bool + certificatesExist, err = params.LoadMlmdCertificates(ctx, r.Client) + if err != nil { + return err + } + + if !certificatesExist { + return errors.New("secret containing the certificate for MLMD gRPC Server was not created yet") + } + } + + err = r.ApplyDir(dsp, params, mlmdTemplatesDir) if err != nil { return err } diff --git a/controllers/mlmd_test.go b/controllers/mlmd_test.go index 0fa941da9..fc96c9909 100644 --- a/controllers/mlmd_test.go +++ b/controllers/mlmd_test.go @@ -94,7 +94,7 @@ func TestDeployMLMDV1(t *testing.T) { assert.Nil(t, err) // Run test reconciliation - err = reconciler.ReconcileMLMD(dspa, params) + err = reconciler.ReconcileMLMD(ctx, dspa, params) assert.Nil(t, err) // Ensure MLMD-Envoy resources now exists @@ -189,7 +189,7 @@ func TestDeployMLMDV2(t *testing.T) { assert.Nil(t, err) // Run test reconciliation - err = reconciler.ReconcileMLMD(dspa, params) + err = reconciler.ReconcileMLMD(ctx, dspa, params) assert.Nil(t, err) // Ensure MLMD-Envoy resources now exists @@ -283,7 +283,7 @@ func TestDontDeployMLMDV1(t *testing.T) { assert.Nil(t, err) // Run test reconciliation - err = reconciler.ReconcileMLMD(dspa, params) + err = reconciler.ReconcileMLMD(ctx, dspa, params) assert.Nil(t, err) // Ensure MLMD-Envoy resources still doesn't exist @@ -413,7 +413,7 @@ func TestDefaultDeployBehaviorMLMDV1(t *testing.T) { assert.Nil(t, err) // Run test reconciliation - err = reconciler.ReconcileMLMD(dspa, params) + err = reconciler.ReconcileMLMD(ctx, dspa, params) assert.Nil(t, err) // Ensure MLMD-Envoy resources still doesn't exist @@ -505,7 +505,7 @@ func TestDefaultDeployBehaviorMLMDV2(t *testing.T) { assert.Nil(t, err) // Run test reconciliation - err = reconciler.ReconcileMLMD(dspa, params) + err = reconciler.ReconcileMLMD(ctx, dspa, params) assert.Nil(t, err) // Ensure MLMD-Envoy resources now exists @@ -588,7 +588,7 @@ func TestDeployEnvoyRouteV1(t *testing.T) { assert.Nil(t, err) // Run test reconciliation - err = reconciler.ReconcileMLMD(dspa, params) + err = reconciler.ReconcileMLMD(ctx, dspa, params) assert.Nil(t, err) // Ensure MLMD-Envoy resources now exists @@ -660,7 +660,7 @@ func TestDeployEnvoyRouteV2(t *testing.T) { assert.Nil(t, err) // Run test reconciliation - err = reconciler.ReconcileMLMD(dspa, params) + err = reconciler.ReconcileMLMD(ctx, dspa, params) assert.Nil(t, err) // Ensure MLMD-Envoy resources now exists @@ -731,7 +731,7 @@ func TestDontDeployEnvoyRouteV1(t *testing.T) { assert.Nil(t, err) // Run test reconciliation - err = reconciler.ReconcileMLMD(dspa, params) + err = reconciler.ReconcileMLMD(ctx, dspa, params) assert.Nil(t, err) // Ensure MLMD-Envoy resources now exists @@ -803,7 +803,7 @@ func TestDontDeployEnvoyRouteV2(t *testing.T) { assert.Nil(t, err) // Run test reconciliation - err = reconciler.ReconcileMLMD(dspa, params) + err = reconciler.ReconcileMLMD(ctx, dspa, params) assert.Nil(t, err) // Ensure MLMD-Envoy resources now exists @@ -880,7 +880,7 @@ func TestGetEndpointsMLMDV2(t *testing.T) { require.Nil(t, err) // Run test reconciliation - err = reconciler.ReconcileMLMD(dspa, params) + err = reconciler.ReconcileMLMD(ctx, dspa, params) require.Nil(t, err) // Ensure MLMD-Envoy resources now exists diff --git a/controllers/testdata/declarative/case_5/expected/created/metadata-envoy_deployment.yaml b/controllers/testdata/declarative/case_5/expected/created/metadata-envoy_deployment.yaml index dc68c1e98..04175020a 100644 --- a/controllers/testdata/declarative/case_5/expected/created/metadata-envoy_deployment.yaml +++ b/controllers/testdata/declarative/case_5/expected/created/metadata-envoy_deployment.yaml @@ -117,3 +117,7 @@ spec: secret: secretName: ds-pipelines-envoy-proxy-tls-testdsp5 defaultMode: 420 + - name: proxy-tls-upstream + configMap: + name: dsp-trusted-ca-testdsp5 + defaultMode: 420 diff --git a/controllers/testdata/declarative/case_6/config.yaml b/controllers/testdata/declarative/case_6/config.yaml deleted file mode 100644 index 50d576dca..000000000 --- a/controllers/testdata/declarative/case_6/config.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# When a minimal DSPA is deployed -Images: - ApiServer: api-server:test6 - Artifact: artifact-manager:test6 - PersistentAgent: persistenceagent:test6 - ScheduledWorkflow: scheduledworkflow:test6 - Cache: ubi-minimal:test6 - MoveResultsImage: busybox:test6 - MlPipelineUI: frontend:test6 - MariaDB: mariadb:test6 - Minio: minio:test6 - OAuthProxy: oauth-proxy:test6 -ImagesV2: - Argo: - ApiServer: api-server:test6 - ArgoLauncherImage: argolauncherimage:test6 - ArgoDriverImage: argodriverimage:test6 - MlmdGRPC: quay.io/opendatahub/mlmd-grpc-server:testdsp6 -DSPO: - ApiServer: - IncludeOwnerReference: false diff --git a/controllers/testdata/declarative/case_6/deploy/00_configmap.yaml b/controllers/testdata/declarative/case_6/deploy/00_configmap.yaml deleted file mode 100644 index 7c1b22101..000000000 --- a/controllers/testdata/declarative/case_6/deploy/00_configmap.yaml +++ /dev/null @@ -1,70 +0,0 @@ -kind: ConfigMap -apiVersion: v1 -metadata: - name: odh-trusted-ca-bundle -data: - # the order the files are concatenated are not deterministic, so for testing we just use the same cert for - # both entries - ca-bundle.crt: | - -----BEGIN CERTIFICATE----- - MIIFLTCCAxWgAwIBAgIUIvY4jV0212P/ddjuCZhcUyJfoocwDQYJKoZIhvcNAQEL - BQAwJjELMAkGA1UEBhMCWFgxFzAVBgNVBAMMDnJoLWRzcC1kZXZzLmlvMB4XDTI0 - MDMwNTAxMTExN1oXDTM0MDMwMzAxMTExN1owJjELMAkGA1UEBhMCWFgxFzAVBgNV - BAMMDnJoLWRzcC1kZXZzLmlvMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC - AgEAnCxNdQ0EUhswfu8/K6icQKc//2xpTvcp9Bn9QZ9UUy3f2UXv5hvd4W2PM/uX - FaZGoEzQsYagbjyuHDBxek8YOZvdRx9h7O+LLfN+DXeLbaY6tZ2AxNWwcaAmG0EH - nSDVORrk8/aZfFRoxgQigWyuK28YZn2SopjNyvOc8GkNjCFO4y7g4QuzWdGMgMIA - +whtt3EuYIwaRourKNFp4oR4InOVdPfuGezxbKRPcFfey1JEdTxGoWnHC+HDDMCf - R2vV8hAQB4fdvbOoz3+S7j7d8YiaFBK/P2us6Il5tsUw4kzhD2/OLzyERB7SloZk - NiIcSsU0USRGLb4/ybQsxu9UPIXUlKTK70HxIEIdPSPPMM84khIOuax0QXKORFHT - Ti9jgEfXjuX/2RPijQoCMDrqRQvDxExnTVMncqud6PeDxOWfvSG4oyZBr4HgNAap - wX7FWEY6SOH0e3GrH9ceI3afDO4A4YR+EE426GgHgYe8g4NTfD1D79+txmSY6VvV - MBwEvPo1LJVmvz23HBC60+e6Ld3WjwE+viOktt20R5Td3NPj7qcBlMDs105yiz+l - Ex1h/WDrAssETrelppg3Xgkkz+iY5RwiUB2BTzeiiDbN+AE6X+S5c61Izc2qAeH2 - gVrvMDlAK6t6bQ696TzItdAs5SnXauxPjfwmK+F65SYy7z8CAwEAAaNTMFEwHQYD - VR0OBBYEFDj7l4fu0pXChZsXU5Cgsmr5TYq7MB8GA1UdIwQYMBaAFDj7l4fu0pXC - hZsXU5Cgsmr5TYq7MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIB - AGr5DblOsH7JE9JM3M4p4eiXD40B/VIACEDMYJvyr6QjmcT8+XnHkiu7OV3OJV/G - S4NKhleBhfpaaP2ZPGO/vUTmqXwcK78jl0WEjPrMVjs1eDoSnUNi+KwFTBypIusD - gSEnICXa26v1CHCQG0QB+rUrIxJqjtq+bnlw/Ns1wxTYfZBFW1ykCJuMsekPo0pN - yTH1eWr0eSVWgljqHKaUjKbRRTSTWvk2Sewaq004W+6QOSb3nb1+GHVMov/Q6vsz - j6/3B7+7wybR80UTBI/1DfTlefQaOOgEPBjQZ92NXSxMKe2J7FPD+7NHvwTNzzVD - jg3cmW8pbtLEyxa+C+6EN8xnmklVfyzuzVsRJvrZvzYcOgLK2ji35oq9FYGXm0yH - HRpQPBFkcgNedD3qrJNYKkIBiAh2SSKKA+J8eP3uD9NUOScgl2aKVz/phU5rSDwt - NlhRuX8sS7q4gpL9qk4jWrMb8tNeN5nYRvmJj+Slf9sQSTfvukKo+2X8GpAecQNC - z6OeQyN+3C2zm4cLCHHWC0ZR/iHQyHIVKlFXznWe6qA64o4x1A0GurjVMAw0Pe0v - WBV3KJBsYK/wijtLeip1oKobU76oE0ML/bnhV10k6usvl4n8cDmcONo5FnGoT8Pk - 80htx6w5fanMFu4MnoBeyJhhzNfg7ywJcc2VZSM27s2B - -----END CERTIFICATE----- - - odh-ca-bundle.crt: | - -----BEGIN CERTIFICATE----- - MIIFLTCCAxWgAwIBAgIUIvY4jV0212P/ddjuCZhcUyJfoocwDQYJKoZIhvcNAQEL - BQAwJjELMAkGA1UEBhMCWFgxFzAVBgNVBAMMDnJoLWRzcC1kZXZzLmlvMB4XDTI0 - MDMwNTAxMTExN1oXDTM0MDMwMzAxMTExN1owJjELMAkGA1UEBhMCWFgxFzAVBgNV - BAMMDnJoLWRzcC1kZXZzLmlvMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC - AgEAnCxNdQ0EUhswfu8/K6icQKc//2xpTvcp9Bn9QZ9UUy3f2UXv5hvd4W2PM/uX - FaZGoEzQsYagbjyuHDBxek8YOZvdRx9h7O+LLfN+DXeLbaY6tZ2AxNWwcaAmG0EH - nSDVORrk8/aZfFRoxgQigWyuK28YZn2SopjNyvOc8GkNjCFO4y7g4QuzWdGMgMIA - +whtt3EuYIwaRourKNFp4oR4InOVdPfuGezxbKRPcFfey1JEdTxGoWnHC+HDDMCf - R2vV8hAQB4fdvbOoz3+S7j7d8YiaFBK/P2us6Il5tsUw4kzhD2/OLzyERB7SloZk - NiIcSsU0USRGLb4/ybQsxu9UPIXUlKTK70HxIEIdPSPPMM84khIOuax0QXKORFHT - Ti9jgEfXjuX/2RPijQoCMDrqRQvDxExnTVMncqud6PeDxOWfvSG4oyZBr4HgNAap - wX7FWEY6SOH0e3GrH9ceI3afDO4A4YR+EE426GgHgYe8g4NTfD1D79+txmSY6VvV - MBwEvPo1LJVmvz23HBC60+e6Ld3WjwE+viOktt20R5Td3NPj7qcBlMDs105yiz+l - Ex1h/WDrAssETrelppg3Xgkkz+iY5RwiUB2BTzeiiDbN+AE6X+S5c61Izc2qAeH2 - gVrvMDlAK6t6bQ696TzItdAs5SnXauxPjfwmK+F65SYy7z8CAwEAAaNTMFEwHQYD - VR0OBBYEFDj7l4fu0pXChZsXU5Cgsmr5TYq7MB8GA1UdIwQYMBaAFDj7l4fu0pXC - hZsXU5Cgsmr5TYq7MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIB - AGr5DblOsH7JE9JM3M4p4eiXD40B/VIACEDMYJvyr6QjmcT8+XnHkiu7OV3OJV/G - S4NKhleBhfpaaP2ZPGO/vUTmqXwcK78jl0WEjPrMVjs1eDoSnUNi+KwFTBypIusD - gSEnICXa26v1CHCQG0QB+rUrIxJqjtq+bnlw/Ns1wxTYfZBFW1ykCJuMsekPo0pN - yTH1eWr0eSVWgljqHKaUjKbRRTSTWvk2Sewaq004W+6QOSb3nb1+GHVMov/Q6vsz - j6/3B7+7wybR80UTBI/1DfTlefQaOOgEPBjQZ92NXSxMKe2J7FPD+7NHvwTNzzVD - jg3cmW8pbtLEyxa+C+6EN8xnmklVfyzuzVsRJvrZvzYcOgLK2ji35oq9FYGXm0yH - HRpQPBFkcgNedD3qrJNYKkIBiAh2SSKKA+J8eP3uD9NUOScgl2aKVz/phU5rSDwt - NlhRuX8sS7q4gpL9qk4jWrMb8tNeN5nYRvmJj+Slf9sQSTfvukKo+2X8GpAecQNC - z6OeQyN+3C2zm4cLCHHWC0ZR/iHQyHIVKlFXznWe6qA64o4x1A0GurjVMAw0Pe0v - WBV3KJBsYK/wijtLeip1oKobU76oE0ML/bnhV10k6usvl4n8cDmcONo5FnGoT8Pk - 80htx6w5fanMFu4MnoBeyJhhzNfg7ywJcc2VZSM27s2B - -----END CERTIFICATE----- diff --git a/controllers/testdata/declarative/case_6/deploy/01_configmap.yaml b/controllers/testdata/declarative/case_6/deploy/01_configmap.yaml deleted file mode 100644 index 6e950de3e..000000000 --- a/controllers/testdata/declarative/case_6/deploy/01_configmap.yaml +++ /dev/null @@ -1,38 +0,0 @@ -kind: ConfigMap -apiVersion: v1 -metadata: - name: user-ca-bundle -data: - user-ca-bundle.crt: | - -----BEGIN CERTIFICATE----- - MIIFlTCCA32gAwIBAgIUQTPwwkR17jDrdIe4VqhzNQ6OY1MwDQYJKoZIhvcNAQEL - BQAwJjELMAkGA1UEBhMCWFgxFzAVBgNVBAMMDnJoLWRzcC1kZXZzLmlvMB4XDTI0 - MDMwNTIzMzM0OFoXDTM0MDMwMzIzMzM0OFowJjELMAkGA1UEBhMCWFgxFzAVBgNV - BAMMDioudGNwLm5ncm9rLmlvMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC - AgEAxUS9rhHbrJUNYz3DIvSK3g7RMa7T+cxa0gWkSWqLWxOQR8Go7ouGi4hVsWlh - bXoaYMOkC/eKQ4LXCObXHg3ydr7Zmp5SrixroxQShoxFaw8uJzP7CrT9cZndys1U - KO58b3papvtEo8lxKHr1LRDQ3sN8hleEmjv90xdS/LUGXDqiwZHOaaNn2wjFK1Vv - NrflprjS5nxK571M9JPG941eR7W4opP7xEpRJPavX7r3FU3xShplAvxoruzZCeJO - a19uxRghKR95xKOAFvvYB+Q66kwfyX/njQarvUwLaeQKZhJrYluxh2vBMjk9cTge - WKbaJOFfFs6v9O2mE9ZcgreeVo+wsKPE+T+YRCwUv2/3XDB4tH8sXjBt6usdLTJF - fGfQofMq/rHQWx2JNGZGkxKU4RCFq+W9F8aSS/k6wc8Q9DBCvfyd85WMAN4NQ69E - FDZm74h8GmLIjncOYNCoeFyqA55g19NIq4ICRXR+1NArB5OS5AjihjFJuyaC+q7G - xMkSYjnWInuueM5dP5bNtMVXYKEAJkNOum6VwG60ACM7EWr9Lc427tKB7T9E3hRS - 43QsMD7mBt0uBYChgDDpi/w8U+J2nc3GB85Ek1Dx/m29eu6gr3uc6W4UWSaxOUzZ - QKecfszophJ5iHTlsyI2oGXPbdUKMRrFRl/6advMd14qbMkCAwEAAaOBujCBtzAf - BgNVHSMEGDAWgBR+eS4ZZgisrO77AKVsZp1LQfkrVTAJBgNVHRMEAjAAMGoGA1Ud - EQRjMGGCDHRjcC5uZ3Jvay5pb4IOKi50Y3Aubmdyb2suaW+CE21hcmlhZGIubWFy - aWFkYi5zdmOCIW1hcmlhZGIubWFyaWFkYi5zdmMuY2x1c3Rlci5sb2NhbIIJbG9j - YWxob3N0MB0GA1UdDgQWBBR8+P2Dd7Y122uPoc6Q48tVXhB20zANBgkqhkiG9w0B - AQsFAAOCAgEAnWdbI5Vrz94070K+trQIwQpMLzgZaIw2/L3JCHvD7I0XhYIUDV9b - b22J7MZUOMq5xhX4bzsrywWR+VdYvxnPz4AqoT0APqm6NtU+i9z4VAb2u1PUVYGy - tB56M7DUg+3u/4rBLPniXZr6k01xQleCQvw3M3siuhjlHaRgm/e8sWpcAGKU63ri - s09RdAVsRxNVEdBDNpisHh/82Mildo1MspRNiOlurVyVKbOJVko3HbPvevq6UeTb - +HfFpmG9w0daJEyJX4wbq2ToZozwH6fdTD67jQMFooCofpGHsXIF9AZvO08gEKDt - KufvbJvguk12PUwoPxBcjxoPHaw9Fw8b8uncsysYIP7wkjxNEwlWqR8j6yZGJpB7 - 87/dgbxqlRWJ7DopLRD5QiVt74EZlhjfi4+B/0Ujg9AZl9IDROAjlcFluD/nV9d8 - I6LxIFALVjppbpXpPRPA/+hvFSqG1vbY2jvBnUYIjUEODKoxJKES1XG+chwzzn5K - i3PPFmyHU3YOgV8A6lp/evKA368hdrpdpcDVzUTBic1FJUK/L03xexM5NGQYCtgs - lsiMw+o9r32W0fzjQRwipTLNM0lEbgWyErsVXFb67vY/rjy9ybuFlKMMOIlZpmut - wcr1vUGA985Lhv2jire2GTlixOiqZtuQS08lGa7kkcO8sB+7MdRdgEI= - -----END CERTIFICATE----- diff --git a/controllers/testdata/declarative/case_6/deploy/02_configmap.yaml b/controllers/testdata/declarative/case_6/deploy/02_configmap.yaml deleted file mode 100644 index bd166d2c5..000000000 --- a/controllers/testdata/declarative/case_6/deploy/02_configmap.yaml +++ /dev/null @@ -1,36 +0,0 @@ -kind: ConfigMap -apiVersion: v1 -metadata: - name: openshift-service-ca.crt -data: - service-ca.crt: | - -----BEGIN CERTIFICATE----- - MIIFLTCCAxWgAwIBAgIUIvY4jV0212P/ddjuCZhcUyJfoocwDQYJKoZIhvcNAQEL - BQAwJjELMAkGA1UEBhMCWFgxFzAVBgNVBAMMDnJoLWRzcC1kZXZzLmlvMB4XDTI0 - MDMwNTAxMTExN1oXDTM0MDMwMzAxMTExN1owJjELMAkGA1UEBhMCWFgxFzAVBgNV - BAMMDnJoLWRzcC1kZXZzLmlvMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC - AgEAnCxNdQ0EUhswfu8/K6icQKc//2xpTvcp9Bn9QZ9UUy3f2UXv5hvd4W2PM/uX - FaZGoEzQsYagbjyuHDBxek8YOZvdRx9h7O+LLfN+DXeLbaY6tZ2AxNWwcaAmG0EH - nSDVORrk8/aZfFRoxgQigWyuK28YZn2SopjNyvOc8GkNjCFO4y7g4QuzWdGMgMIA - +whtt3EuYIwaRourKNFp4oR4InOVdPfuGezxbKRPcFfey1JEdTxGoWnHC+HDDMCf - R2vV8hAQB4fdvbOoz3+S7j7d8YiaFBK/P2us6Il5tsUw4kzhD2/OLzyERB7SloZk - NiIcSsU0USRGLb4/ybQsxu9UPIXUlKTK70HxIEIdPSPPMM84khIOuax0QXKORFHT - Ti9jgEfXjuX/2RPijQoCMDrqRQvDxExnTVMncqud6PeDxOWfvSG4oyZBr4HgNAap - wX7FWEY6SOH0e3GrH9ceI3afDO4A4YR+EE426GgHgYe8g4NTfD1D79+txmSY6VvV - MBwEvPo1LJVmvz23HBC60+e6Ld3WjwE+viOktt20R5Td3NPj7qcBlMDs105yiz+l - Ex1h/WDrAssETrelppg3Xgkkz+iY5RwiUB2BTzeiiDbN+AE6X+S5c61Izc2qAeH2 - gVrvMDlAK6t6bQ696TzItdAs5SnXauxPjfwmK+F65SYy7z8CAwEAAaNTMFEwHQYD - VR0OBBYEFDj7l4fu0pXChZsXU5Cgsmr5TYq7MB8GA1UdIwQYMBaAFDj7l4fu0pXC - hZsXU5Cgsmr5TYq7MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIB - AGr5DblOsH7JE9JM3M4p4eiXD40B/VIACEDMYJvyr6QjmcT8+XnHkiu7OV3OJV/G - S4NKhleBhfpaaP2ZPGO/vUTmqXwcK78jl0WEjPrMVjs1eDoSnUNi+KwFTBypIusD - gSEnICXa26v1CHCQG0QB+rUrIxJqjtq+bnlw/Ns1wxTYfZBFW1ykCJuMsekPo0pN - yTH1eWr0eSVWgljqHKaUjKbRRTSTWvk2Sewaq004W+6QOSb3nb1+GHVMov/Q6vsz - j6/3B7+7wybR80UTBI/1DfTlefQaOOgEPBjQZ92NXSxMKe2J7FPD+7NHvwTNzzVD - jg3cmW8pbtLEyxa+C+6EN8xnmklVfyzuzVsRJvrZvzYcOgLK2ji35oq9FYGXm0yH - HRpQPBFkcgNedD3qrJNYKkIBiAh2SSKKA+J8eP3uD9NUOScgl2aKVz/phU5rSDwt - NlhRuX8sS7q4gpL9qk4jWrMb8tNeN5nYRvmJj+Slf9sQSTfvukKo+2X8GpAecQNC - z6OeQyN+3C2zm4cLCHHWC0ZR/iHQyHIVKlFXznWe6qA64o4x1A0GurjVMAw0Pe0v - WBV3KJBsYK/wijtLeip1oKobU76oE0ML/bnhV10k6usvl4n8cDmcONo5FnGoT8Pk - 80htx6w5fanMFu4MnoBeyJhhzNfg7ywJcc2VZSM27s2B - -----END CERTIFICATE----- diff --git a/controllers/testdata/declarative/case_6/deploy/03_secret.yaml b/controllers/testdata/declarative/case_6/deploy/03_secret.yaml deleted file mode 100644 index 55ffdab85..000000000 --- a/controllers/testdata/declarative/case_6/deploy/03_secret.yaml +++ /dev/null @@ -1,7 +0,0 @@ -kind: Secret -apiVersion: v1 -metadata: - name: testdbpswsecretname6 -stringData: - testpswkey6: testdbsecretpswvalue6 -type: Opaque diff --git a/controllers/testdata/declarative/case_6/deploy/04_cr.yaml b/controllers/testdata/declarative/case_6/deploy/04_cr.yaml deleted file mode 100644 index 6d3b025d0..000000000 --- a/controllers/testdata/declarative/case_6/deploy/04_cr.yaml +++ /dev/null @@ -1,37 +0,0 @@ -# Test: -# When a user/odh provides a odh-trusted-ca-bundle, a configmap is created and mounted to mlmd grpc and apiserver -# When a user provides a cABundle in the DSPA, it is also included in the concatenated dsp custom ca cert configmap -# When external db is used the server config created for api server uses tls=true -# MLMD grpc server mounts the dspa cert and passes it into grpc server -# When a user provides a caBundleFileMountPath, it will be used to mount the ca bundle -# When a user provides ca bundle configmapkey, it will be used instead of default one -# When a user provides a ArtifactSignedURLExpirySeconds, it will be used instead of default -apiVersion: datasciencepipelinesapplications.opendatahub.io/v1alpha1 -kind: DataSciencePipelinesApplication -metadata: - name: testdsp6 -spec: - dspVersion: v2 - podToPodTLS: true - apiServer: - deploy: true - enableSamplePipeline: false - caBundleFileMountPath: /dspa/custom-certs - caBundleFileName: user-ca-bundle.crt - cABundle: - configMapKey: user-ca-bundle.crt - configMapName: user-ca-bundle - artifactSignedURLExpirySeconds: 20 - database: - externalDB: - host: testdbhost6 - passwordSecret: - key: testpswkey6 - name: testdbpswsecretname6 - pipelineDBName: testdbname6 - port: test6 - username: testuser6 - objectStorage: - minio: - deploy: false - image: minio:test6 diff --git a/controllers/testdata/declarative/case_6/expected/created/apiserver_deployment.yaml b/controllers/testdata/declarative/case_6/expected/created/apiserver_deployment.yaml deleted file mode 100644 index 73b2b7f1e..000000000 --- a/controllers/testdata/declarative/case_6/expected/created/apiserver_deployment.yaml +++ /dev/null @@ -1,217 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: ds-pipeline-testdsp6 - namespace: default - labels: - app: ds-pipeline-testdsp6 - component: data-science-pipelines - dspa: testdsp6 -spec: - selector: - matchLabels: - app: ds-pipeline-testdsp6 - component: data-science-pipelines - dspa: testdsp6 - template: - metadata: - labels: - app: ds-pipeline-testdsp6 - component: data-science-pipelines - dspa: testdsp6 - spec: - containers: - - env: - - name: POD_NAMESPACE - value: "default" - - name: DBCONFIG_USER - value: "testuser6" - - name: DBCONFIG_PASSWORD - valueFrom: - secretKeyRef: - key: "testpswkey6" - name: "testdbpswsecretname6" - - name: DBCONFIG_DBNAME - value: "testdbname6" - - name: DBCONFIG_HOST - value: "testdbhost6" - - name: DBCONFIG_PORT - value: "test6" - - name: ARTIFACT_COPY_STEP_CABUNDLE_CONFIGMAP_NAME - value: dsp-trusted-ca-testdsp6 - - name: ARTIFACT_COPY_STEP_CABUNDLE_CONFIGMAP_KEY - value: user-ca-bundle.crt - - name: ARTIFACT_COPY_STEP_CABUNDLE_MOUNTPATH - value: /dspa/custom-certs - - name: SSL_CERT_DIR - value: "/dspa/custom-certs:/etc/ssl/certs:/etc/pki/tls/certs" - - name: AUTO_UPDATE_PIPELINE_DEFAULT_VERSION - value: "true" - - name: DBCONFIG_CONMAXLIFETIMESEC - value: "120" - - name: ML_PIPELINE_VISUALIZATIONSERVER_SERVICE_HOST - value: "ds-pipeline-visualizationserver" - - name: ML_PIPELINE_VISUALIZATIONSERVER_SERVICE_PORT - value: "8888" - - name: OBJECTSTORECONFIG_CREDENTIALSSECRET - value: "ds-pipeline-s3-testdsp6" - - name: OBJECTSTORECONFIG_CREDENTIALSACCESSKEYKEY - value: "accesskey" - - name: OBJECTSTORECONFIG_CREDENTIALSSECRETKEYKEY - value: "secretkey" - - name: DEFAULTPIPELINERUNNERSERVICEACCOUNT - value: "pipeline-runner-testdsp6" - - name: OBJECTSTORECONFIG_BUCKETNAME - value: "mlpipeline" - - name: OBJECTSTORECONFIG_ACCESSKEY - valueFrom: - secretKeyRef: - key: "accesskey" - name: "ds-pipeline-s3-testdsp6" - - name: OBJECTSTORECONFIG_SECRETACCESSKEY - valueFrom: - secretKeyRef: - key: "secretkey" - name: "ds-pipeline-s3-testdsp6" - - name: OBJECTSTORECONFIG_SECURE - value: "false" - - name: MINIO_SERVICE_SERVICE_HOST - value: "minio-testdsp6.default.svc.cluster.local" - - name: MINIO_SERVICE_SERVICE_PORT - value: "9000" - - name: V2_LAUNCHER_IMAGE - value: "argolauncherimage:test6" - - name: V2_DRIVER_IMAGE - value: "argodriverimage:test6" - - name: METADATA_GRPC_SERVICE_SERVICE_HOST - value: "ds-pipeline-metadata-grpc-testdsp6.default.svc.cluster.local" - - name: METADATA_GRPC_SERVICE_SERVICE_PORT - value: "8080" - - name: ML_PIPELINE_SERVICE_HOST - value: ds-pipeline-testdsp6.default.svc.cluster.local - - name: ML_PIPELINE_SERVICE_PORT_GRPC - value: "8887" - - name: SIGNED_URL_EXPIRY_TIME_SECONDS - value: "20" - - name: ML_PIPELINE_TLS_ENABLED - value: "true" - - name: EXECUTIONTYPE - value: Workflow - - name: DB_DRIVER_NAME - value: mysql - - name: DBCONFIG_MYSQLCONFIG_USER - value: testuser6 - - name: DBCONFIG_MYSQLCONFIG_PASSWORD - valueFrom: - secretKeyRef: - key: "testpswkey6" - name: "testdbpswsecretname6" - - name: DBCONFIG_MYSQLCONFIG_DBNAME - value: "testdbname6" - - name: DBCONFIG_MYSQLCONFIG_HOST - value: "testdbhost6" - - name: DBCONFIG_MYSQLCONFIG_PORT - value: "test6" - image: api-server:test6 - # imagePullPolicy: default - https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting - name: ds-pipeline-api-server - command: ['/bin/apiserver'] - args: - - --config=/config - - -logtostderr=true - - --tlsCertPath=/etc/tls/private/tls.crt - - --tlsCertKeyPath=/etc/tls/private/tls.key - ports: - - containerPort: 8888 - name: http - protocol: TCP - - containerPort: 8887 - name: grpc - protocol: TCP - livenessProbe: - httpGet: - path: /apis/v1beta1/healthz - port: http - scheme: HTTPS - readinessProbe: - httpGet: - path: /apis/v1beta1/healthz - port: http - scheme: HTTPS - resources: - requests: - cpu: 250m - memory: 500Mi - limits: - cpu: 500m - memory: 1Gi - volumeMounts: - - name: server-config - mountPath: /config/config.json - subPath: config.json - - mountPath: /etc/tls/private - name: proxy-tls - - name: ca-bundle - mountPath: /dspa/custom-certs - - name: oauth-proxy - args: - - --https-address=:8443 - - --provider=openshift - - --openshift-service-account=ds-pipeline-testdsp6 - - --upstream=https://ds-pipeline-testdsp6.default.svc.cluster.local:8888 - - --upstream-ca=/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt - - --tls-cert=/etc/tls/private/tls.crt - - --tls-key=/etc/tls/private/tls.key - - --cookie-secret=SECRET - - '--openshift-delegate-urls={"/": {"group":"route.openshift.io","resource":"routes","verb":"get","name":"ds-pipeline-testdsp6","namespace":"default"}}' - - '--openshift-sar={"namespace":"default","resource":"routes","resourceName":"ds-pipeline-testdsp6","verb":"get","resourceAPIGroup":"route.openshift.io"}' - - --skip-auth-regex='(^/metrics|^/apis/v1beta1/healthz)' - image: oauth-proxy:test6 - ports: - - containerPort: 8443 - name: oauth - protocol: TCP - livenessProbe: - httpGet: - path: /oauth/healthz - port: oauth - scheme: HTTPS - initialDelaySeconds: 30 - timeoutSeconds: 1 - periodSeconds: 5 - successThreshold: 1 - failureThreshold: 3 - readinessProbe: - httpGet: - path: /oauth/healthz - port: oauth - scheme: HTTPS - initialDelaySeconds: 5 - timeoutSeconds: 1 - periodSeconds: 5 - successThreshold: 1 - failureThreshold: 3 - resources: - limits: - cpu: 100m - memory: 256Mi - requests: - cpu: 100m - memory: 256Mi - volumeMounts: - - mountPath: /etc/tls/private - name: proxy-tls - volumes: - - name: proxy-tls - secret: - secretName: ds-pipelines-proxy-tls-testdsp6 - defaultMode: 420 - - name: server-config - configMap: - name: ds-pipeline-server-config-testdsp6 - defaultMode: 420 - - name: ca-bundle - configMap: - name: dsp-trusted-ca-testdsp6 - defaultMode: 420 - serviceAccountName: ds-pipeline-testdsp6 diff --git a/controllers/testdata/declarative/case_6/expected/created/configmap_artifact_script.yaml b/controllers/testdata/declarative/case_6/expected/created/configmap_artifact_script.yaml deleted file mode 100644 index c1b1a3bcc..000000000 --- a/controllers/testdata/declarative/case_6/expected/created/configmap_artifact_script.yaml +++ /dev/null @@ -1,42 +0,0 @@ -apiVersion: v1 -data: - artifact_script: |- - #!/usr/bin/env sh - push_artifact() { - workspace_dir=$(echo $(context.taskRun.name) | sed -e "s/$(context.pipeline.name)-//g") - workspace_dest=/workspace/${workspace_dir}/artifacts/$(context.pipelineRun.name)/$(context.taskRun.name) - artifact_name=$(basename $2) - - aws_cp() { - - aws s3 --endpoint http://minio-testdsp6.default.svc.cluster.local:9000 --ca-bundle /dspa/custom-certs/user-ca-bundle.crt cp $1.tgz s3://mlpipeline/artifacts/$PIPELINERUN/$PIPELINETASK/$1.tgz - - } - - if [ -f "$workspace_dest/$artifact_name" ]; then - echo sending to: ${workspace_dest}/${artifact_name} - tar -cvzf $1.tgz -C ${workspace_dest} ${artifact_name} - aws_cp $1 - elif [ -f "$2" ]; then - tar -cvzf $1.tgz -C $(dirname $2) ${artifact_name} - aws_cp $1 - else - echo "$2 file does not exist. Skip artifact tracking for $1" - fi - } - push_log() { - cat /var/log/containers/$PODNAME*$NAMESPACE*step-main*.log > step-main.log - push_artifact main-log step-main.log - } - strip_eof() { - if [ -f "$2" ]; then - awk 'NF' $2 | head -c -1 > $1_temp_save && cp $1_temp_save $2 - fi - } -kind: ConfigMap -metadata: - name: ds-pipeline-artifact-script-testdsp6 - namespace: default - labels: - app: ds-pipeline-testdsp6 - component: data-science-pipelines diff --git a/controllers/testdata/declarative/case_6/expected/created/configmap_dspa_trusted_ca.yaml b/controllers/testdata/declarative/case_6/expected/created/configmap_dspa_trusted_ca.yaml deleted file mode 100644 index e662cb8b3..000000000 --- a/controllers/testdata/declarative/case_6/expected/created/configmap_dspa_trusted_ca.yaml +++ /dev/null @@ -1,131 +0,0 @@ -kind: ConfigMap -apiVersion: v1 -metadata: - name: dsp-trusted-ca-testdsp6 -data: - user-ca-bundle.crt: | - -----BEGIN CERTIFICATE----- - MIIFLTCCAxWgAwIBAgIUIvY4jV0212P/ddjuCZhcUyJfoocwDQYJKoZIhvcNAQEL - BQAwJjELMAkGA1UEBhMCWFgxFzAVBgNVBAMMDnJoLWRzcC1kZXZzLmlvMB4XDTI0 - MDMwNTAxMTExN1oXDTM0MDMwMzAxMTExN1owJjELMAkGA1UEBhMCWFgxFzAVBgNV - BAMMDnJoLWRzcC1kZXZzLmlvMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC - AgEAnCxNdQ0EUhswfu8/K6icQKc//2xpTvcp9Bn9QZ9UUy3f2UXv5hvd4W2PM/uX - FaZGoEzQsYagbjyuHDBxek8YOZvdRx9h7O+LLfN+DXeLbaY6tZ2AxNWwcaAmG0EH - nSDVORrk8/aZfFRoxgQigWyuK28YZn2SopjNyvOc8GkNjCFO4y7g4QuzWdGMgMIA - +whtt3EuYIwaRourKNFp4oR4InOVdPfuGezxbKRPcFfey1JEdTxGoWnHC+HDDMCf - R2vV8hAQB4fdvbOoz3+S7j7d8YiaFBK/P2us6Il5tsUw4kzhD2/OLzyERB7SloZk - NiIcSsU0USRGLb4/ybQsxu9UPIXUlKTK70HxIEIdPSPPMM84khIOuax0QXKORFHT - Ti9jgEfXjuX/2RPijQoCMDrqRQvDxExnTVMncqud6PeDxOWfvSG4oyZBr4HgNAap - wX7FWEY6SOH0e3GrH9ceI3afDO4A4YR+EE426GgHgYe8g4NTfD1D79+txmSY6VvV - MBwEvPo1LJVmvz23HBC60+e6Ld3WjwE+viOktt20R5Td3NPj7qcBlMDs105yiz+l - Ex1h/WDrAssETrelppg3Xgkkz+iY5RwiUB2BTzeiiDbN+AE6X+S5c61Izc2qAeH2 - gVrvMDlAK6t6bQ696TzItdAs5SnXauxPjfwmK+F65SYy7z8CAwEAAaNTMFEwHQYD - VR0OBBYEFDj7l4fu0pXChZsXU5Cgsmr5TYq7MB8GA1UdIwQYMBaAFDj7l4fu0pXC - hZsXU5Cgsmr5TYq7MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIB - AGr5DblOsH7JE9JM3M4p4eiXD40B/VIACEDMYJvyr6QjmcT8+XnHkiu7OV3OJV/G - S4NKhleBhfpaaP2ZPGO/vUTmqXwcK78jl0WEjPrMVjs1eDoSnUNi+KwFTBypIusD - gSEnICXa26v1CHCQG0QB+rUrIxJqjtq+bnlw/Ns1wxTYfZBFW1ykCJuMsekPo0pN - yTH1eWr0eSVWgljqHKaUjKbRRTSTWvk2Sewaq004W+6QOSb3nb1+GHVMov/Q6vsz - j6/3B7+7wybR80UTBI/1DfTlefQaOOgEPBjQZ92NXSxMKe2J7FPD+7NHvwTNzzVD - jg3cmW8pbtLEyxa+C+6EN8xnmklVfyzuzVsRJvrZvzYcOgLK2ji35oq9FYGXm0yH - HRpQPBFkcgNedD3qrJNYKkIBiAh2SSKKA+J8eP3uD9NUOScgl2aKVz/phU5rSDwt - NlhRuX8sS7q4gpL9qk4jWrMb8tNeN5nYRvmJj+Slf9sQSTfvukKo+2X8GpAecQNC - z6OeQyN+3C2zm4cLCHHWC0ZR/iHQyHIVKlFXznWe6qA64o4x1A0GurjVMAw0Pe0v - WBV3KJBsYK/wijtLeip1oKobU76oE0ML/bnhV10k6usvl4n8cDmcONo5FnGoT8Pk - 80htx6w5fanMFu4MnoBeyJhhzNfg7ywJcc2VZSM27s2B - -----END CERTIFICATE----- - - -----BEGIN CERTIFICATE----- - MIIFLTCCAxWgAwIBAgIUIvY4jV0212P/ddjuCZhcUyJfoocwDQYJKoZIhvcNAQEL - BQAwJjELMAkGA1UEBhMCWFgxFzAVBgNVBAMMDnJoLWRzcC1kZXZzLmlvMB4XDTI0 - MDMwNTAxMTExN1oXDTM0MDMwMzAxMTExN1owJjELMAkGA1UEBhMCWFgxFzAVBgNV - BAMMDnJoLWRzcC1kZXZzLmlvMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC - AgEAnCxNdQ0EUhswfu8/K6icQKc//2xpTvcp9Bn9QZ9UUy3f2UXv5hvd4W2PM/uX - FaZGoEzQsYagbjyuHDBxek8YOZvdRx9h7O+LLfN+DXeLbaY6tZ2AxNWwcaAmG0EH - nSDVORrk8/aZfFRoxgQigWyuK28YZn2SopjNyvOc8GkNjCFO4y7g4QuzWdGMgMIA - +whtt3EuYIwaRourKNFp4oR4InOVdPfuGezxbKRPcFfey1JEdTxGoWnHC+HDDMCf - R2vV8hAQB4fdvbOoz3+S7j7d8YiaFBK/P2us6Il5tsUw4kzhD2/OLzyERB7SloZk - NiIcSsU0USRGLb4/ybQsxu9UPIXUlKTK70HxIEIdPSPPMM84khIOuax0QXKORFHT - Ti9jgEfXjuX/2RPijQoCMDrqRQvDxExnTVMncqud6PeDxOWfvSG4oyZBr4HgNAap - wX7FWEY6SOH0e3GrH9ceI3afDO4A4YR+EE426GgHgYe8g4NTfD1D79+txmSY6VvV - MBwEvPo1LJVmvz23HBC60+e6Ld3WjwE+viOktt20R5Td3NPj7qcBlMDs105yiz+l - Ex1h/WDrAssETrelppg3Xgkkz+iY5RwiUB2BTzeiiDbN+AE6X+S5c61Izc2qAeH2 - gVrvMDlAK6t6bQ696TzItdAs5SnXauxPjfwmK+F65SYy7z8CAwEAAaNTMFEwHQYD - VR0OBBYEFDj7l4fu0pXChZsXU5Cgsmr5TYq7MB8GA1UdIwQYMBaAFDj7l4fu0pXC - hZsXU5Cgsmr5TYq7MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIB - AGr5DblOsH7JE9JM3M4p4eiXD40B/VIACEDMYJvyr6QjmcT8+XnHkiu7OV3OJV/G - S4NKhleBhfpaaP2ZPGO/vUTmqXwcK78jl0WEjPrMVjs1eDoSnUNi+KwFTBypIusD - gSEnICXa26v1CHCQG0QB+rUrIxJqjtq+bnlw/Ns1wxTYfZBFW1ykCJuMsekPo0pN - yTH1eWr0eSVWgljqHKaUjKbRRTSTWvk2Sewaq004W+6QOSb3nb1+GHVMov/Q6vsz - j6/3B7+7wybR80UTBI/1DfTlefQaOOgEPBjQZ92NXSxMKe2J7FPD+7NHvwTNzzVD - jg3cmW8pbtLEyxa+C+6EN8xnmklVfyzuzVsRJvrZvzYcOgLK2ji35oq9FYGXm0yH - HRpQPBFkcgNedD3qrJNYKkIBiAh2SSKKA+J8eP3uD9NUOScgl2aKVz/phU5rSDwt - NlhRuX8sS7q4gpL9qk4jWrMb8tNeN5nYRvmJj+Slf9sQSTfvukKo+2X8GpAecQNC - z6OeQyN+3C2zm4cLCHHWC0ZR/iHQyHIVKlFXznWe6qA64o4x1A0GurjVMAw0Pe0v - WBV3KJBsYK/wijtLeip1oKobU76oE0ML/bnhV10k6usvl4n8cDmcONo5FnGoT8Pk - 80htx6w5fanMFu4MnoBeyJhhzNfg7ywJcc2VZSM27s2B - -----END CERTIFICATE----- - - -----BEGIN CERTIFICATE----- - MIIFlTCCA32gAwIBAgIUQTPwwkR17jDrdIe4VqhzNQ6OY1MwDQYJKoZIhvcNAQEL - BQAwJjELMAkGA1UEBhMCWFgxFzAVBgNVBAMMDnJoLWRzcC1kZXZzLmlvMB4XDTI0 - MDMwNTIzMzM0OFoXDTM0MDMwMzIzMzM0OFowJjELMAkGA1UEBhMCWFgxFzAVBgNV - BAMMDioudGNwLm5ncm9rLmlvMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC - AgEAxUS9rhHbrJUNYz3DIvSK3g7RMa7T+cxa0gWkSWqLWxOQR8Go7ouGi4hVsWlh - bXoaYMOkC/eKQ4LXCObXHg3ydr7Zmp5SrixroxQShoxFaw8uJzP7CrT9cZndys1U - KO58b3papvtEo8lxKHr1LRDQ3sN8hleEmjv90xdS/LUGXDqiwZHOaaNn2wjFK1Vv - NrflprjS5nxK571M9JPG941eR7W4opP7xEpRJPavX7r3FU3xShplAvxoruzZCeJO - a19uxRghKR95xKOAFvvYB+Q66kwfyX/njQarvUwLaeQKZhJrYluxh2vBMjk9cTge - WKbaJOFfFs6v9O2mE9ZcgreeVo+wsKPE+T+YRCwUv2/3XDB4tH8sXjBt6usdLTJF - fGfQofMq/rHQWx2JNGZGkxKU4RCFq+W9F8aSS/k6wc8Q9DBCvfyd85WMAN4NQ69E - FDZm74h8GmLIjncOYNCoeFyqA55g19NIq4ICRXR+1NArB5OS5AjihjFJuyaC+q7G - xMkSYjnWInuueM5dP5bNtMVXYKEAJkNOum6VwG60ACM7EWr9Lc427tKB7T9E3hRS - 43QsMD7mBt0uBYChgDDpi/w8U+J2nc3GB85Ek1Dx/m29eu6gr3uc6W4UWSaxOUzZ - QKecfszophJ5iHTlsyI2oGXPbdUKMRrFRl/6advMd14qbMkCAwEAAaOBujCBtzAf - BgNVHSMEGDAWgBR+eS4ZZgisrO77AKVsZp1LQfkrVTAJBgNVHRMEAjAAMGoGA1Ud - EQRjMGGCDHRjcC5uZ3Jvay5pb4IOKi50Y3Aubmdyb2suaW+CE21hcmlhZGIubWFy - aWFkYi5zdmOCIW1hcmlhZGIubWFyaWFkYi5zdmMuY2x1c3Rlci5sb2NhbIIJbG9j - YWxob3N0MB0GA1UdDgQWBBR8+P2Dd7Y122uPoc6Q48tVXhB20zANBgkqhkiG9w0B - AQsFAAOCAgEAnWdbI5Vrz94070K+trQIwQpMLzgZaIw2/L3JCHvD7I0XhYIUDV9b - b22J7MZUOMq5xhX4bzsrywWR+VdYvxnPz4AqoT0APqm6NtU+i9z4VAb2u1PUVYGy - tB56M7DUg+3u/4rBLPniXZr6k01xQleCQvw3M3siuhjlHaRgm/e8sWpcAGKU63ri - s09RdAVsRxNVEdBDNpisHh/82Mildo1MspRNiOlurVyVKbOJVko3HbPvevq6UeTb - +HfFpmG9w0daJEyJX4wbq2ToZozwH6fdTD67jQMFooCofpGHsXIF9AZvO08gEKDt - KufvbJvguk12PUwoPxBcjxoPHaw9Fw8b8uncsysYIP7wkjxNEwlWqR8j6yZGJpB7 - 87/dgbxqlRWJ7DopLRD5QiVt74EZlhjfi4+B/0Ujg9AZl9IDROAjlcFluD/nV9d8 - I6LxIFALVjppbpXpPRPA/+hvFSqG1vbY2jvBnUYIjUEODKoxJKES1XG+chwzzn5K - i3PPFmyHU3YOgV8A6lp/evKA368hdrpdpcDVzUTBic1FJUK/L03xexM5NGQYCtgs - lsiMw+o9r32W0fzjQRwipTLNM0lEbgWyErsVXFb67vY/rjy9ybuFlKMMOIlZpmut - wcr1vUGA985Lhv2jire2GTlixOiqZtuQS08lGa7kkcO8sB+7MdRdgEI= - -----END CERTIFICATE----- - - -----BEGIN CERTIFICATE----- - MIIFLTCCAxWgAwIBAgIUIvY4jV0212P/ddjuCZhcUyJfoocwDQYJKoZIhvcNAQEL - BQAwJjELMAkGA1UEBhMCWFgxFzAVBgNVBAMMDnJoLWRzcC1kZXZzLmlvMB4XDTI0 - MDMwNTAxMTExN1oXDTM0MDMwMzAxMTExN1owJjELMAkGA1UEBhMCWFgxFzAVBgNV - BAMMDnJoLWRzcC1kZXZzLmlvMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC - AgEAnCxNdQ0EUhswfu8/K6icQKc//2xpTvcp9Bn9QZ9UUy3f2UXv5hvd4W2PM/uX - FaZGoEzQsYagbjyuHDBxek8YOZvdRx9h7O+LLfN+DXeLbaY6tZ2AxNWwcaAmG0EH - nSDVORrk8/aZfFRoxgQigWyuK28YZn2SopjNyvOc8GkNjCFO4y7g4QuzWdGMgMIA - +whtt3EuYIwaRourKNFp4oR4InOVdPfuGezxbKRPcFfey1JEdTxGoWnHC+HDDMCf - R2vV8hAQB4fdvbOoz3+S7j7d8YiaFBK/P2us6Il5tsUw4kzhD2/OLzyERB7SloZk - NiIcSsU0USRGLb4/ybQsxu9UPIXUlKTK70HxIEIdPSPPMM84khIOuax0QXKORFHT - Ti9jgEfXjuX/2RPijQoCMDrqRQvDxExnTVMncqud6PeDxOWfvSG4oyZBr4HgNAap - wX7FWEY6SOH0e3GrH9ceI3afDO4A4YR+EE426GgHgYe8g4NTfD1D79+txmSY6VvV - MBwEvPo1LJVmvz23HBC60+e6Ld3WjwE+viOktt20R5Td3NPj7qcBlMDs105yiz+l - Ex1h/WDrAssETrelppg3Xgkkz+iY5RwiUB2BTzeiiDbN+AE6X+S5c61Izc2qAeH2 - gVrvMDlAK6t6bQ696TzItdAs5SnXauxPjfwmK+F65SYy7z8CAwEAAaNTMFEwHQYD - VR0OBBYEFDj7l4fu0pXChZsXU5Cgsmr5TYq7MB8GA1UdIwQYMBaAFDj7l4fu0pXC - hZsXU5Cgsmr5TYq7MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIB - AGr5DblOsH7JE9JM3M4p4eiXD40B/VIACEDMYJvyr6QjmcT8+XnHkiu7OV3OJV/G - S4NKhleBhfpaaP2ZPGO/vUTmqXwcK78jl0WEjPrMVjs1eDoSnUNi+KwFTBypIusD - gSEnICXa26v1CHCQG0QB+rUrIxJqjtq+bnlw/Ns1wxTYfZBFW1ykCJuMsekPo0pN - yTH1eWr0eSVWgljqHKaUjKbRRTSTWvk2Sewaq004W+6QOSb3nb1+GHVMov/Q6vsz - j6/3B7+7wybR80UTBI/1DfTlefQaOOgEPBjQZ92NXSxMKe2J7FPD+7NHvwTNzzVD - jg3cmW8pbtLEyxa+C+6EN8xnmklVfyzuzVsRJvrZvzYcOgLK2ji35oq9FYGXm0yH - HRpQPBFkcgNedD3qrJNYKkIBiAh2SSKKA+J8eP3uD9NUOScgl2aKVz/phU5rSDwt - NlhRuX8sS7q4gpL9qk4jWrMb8tNeN5nYRvmJj+Slf9sQSTfvukKo+2X8GpAecQNC - z6OeQyN+3C2zm4cLCHHWC0ZR/iHQyHIVKlFXznWe6qA64o4x1A0GurjVMAw0Pe0v - WBV3KJBsYK/wijtLeip1oKobU76oE0ML/bnhV10k6usvl4n8cDmcONo5FnGoT8Pk - 80htx6w5fanMFu4MnoBeyJhhzNfg7ywJcc2VZSM27s2B - -----END CERTIFICATE----- diff --git a/controllers/testdata/declarative/case_6/expected/created/configmap_server_config.yaml b/controllers/testdata/declarative/case_6/expected/created/configmap_server_config.yaml deleted file mode 100644 index f0ae5c3ea..000000000 --- a/controllers/testdata/declarative/case_6/expected/created/configmap_server_config.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: ds-pipeline-server-config-testdsp6 - namespace: default - labels: - app: ds-pipeline-testdsp6 - component: data-science-pipelines -data: - config.json: | - - { - "DBConfig": { - "MySQLConfig": { - "ExtraParams": {"tls":"true"}, - "GroupConcatMaxLen": "4194304" - }, - "PostgreSQLConfig": {}, - "ConMaxLifeTime": "120s" - }, - "ObjectStoreConfig": { - "PipelinePath": "pipelines" - }, - "DBDriverName": "mysql", - "ARCHIVE_CONFIG_LOG_FILE_NAME": "main.log", - "ARCHIVE_CONFIG_LOG_PATH_PREFIX": "/artifacts", - "InitConnectionTimeout": "6m" - } diff --git a/controllers/testdata/declarative/case_6/expected/created/metadata_grpc_deployment.yaml b/controllers/testdata/declarative/case_6/expected/created/metadata_grpc_deployment.yaml deleted file mode 100644 index 7eeff5b0a..000000000 --- a/controllers/testdata/declarative/case_6/expected/created/metadata_grpc_deployment.yaml +++ /dev/null @@ -1,83 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: ds-pipeline-metadata-grpc-testdsp6 - namespace: default - labels: - app: ds-pipeline-metadata-grpc-testdsp6 - component: data-science-pipelines - dspa: testdsp6 -spec: - replicas: 1 - selector: - matchLabels: - app: ds-pipeline-metadata-grpc-testdsp6 - component: data-science-pipelines - dspa: testdsp6 - template: - metadata: - labels: - app: ds-pipeline-metadata-grpc-testdsp6 - component: data-science-pipelines - dspa: testdsp6 - spec: - containers: - - args: - - --grpc_port=8080 - - --mysql_config_database=$(MYSQL_DATABASE) - - --mysql_config_host=$(MYSQL_HOST) - - --mysql_config_port=$(MYSQL_PORT) - - --mysql_config_user=$(DBCONFIG_USER) - - --mysql_config_password=$(DBCONFIG_PASSWORD) - - --enable_database_upgrade=true - - --mysql_config_sslrootcert=/dspa/custom-certs/user-ca-bundle.crt - command: - - /bin/metadata_store_server - env: - - name: DBCONFIG_USER - value: testuser6 - - name: DBCONFIG_PASSWORD - valueFrom: - secretKeyRef: - key: testpswkey6 - name: testdbpswsecretname6 - - name: MYSQL_DATABASE - value: testdbname6 - - name: MYSQL_HOST - value: testdbhost6 - - name: MYSQL_PORT - value: test6 - image: quay.io/opendatahub/mlmd-grpc-server:testdsp6 - name: container - ports: - - containerPort: 8080 - name: grpc-api - protocol: TCP - livenessProbe: - initialDelaySeconds: 30 - periodSeconds: 5 - tcpSocket: - port: grpc-api - timeoutSeconds: 2 - readinessProbe: - initialDelaySeconds: 3 - periodSeconds: 5 - tcpSocket: - port: grpc-api - timeoutSeconds: 2 - resources: - requests: - cpu: 100m - memory: 256Mi - limits: - cpu: 100m - memory: 256Mi - volumeMounts: - - mountPath: /dspa/custom-certs - name: ca-bundle - serviceAccountName: ds-pipeline-metadata-grpc-testdsp6 - volumes: - - name: ca-bundle - configMap: - defaultMode: 420 - name: dsp-trusted-ca-testdsp6 diff --git a/controllers/testdata/declarative/case_8/expected/created/apiserver_deployment.yaml b/controllers/testdata/declarative/case_8/expected/created/apiserver_deployment.yaml index ebbd6721a..66a002060 100644 --- a/controllers/testdata/declarative/case_8/expected/created/apiserver_deployment.yaml +++ b/controllers/testdata/declarative/case_8/expected/created/apiserver_deployment.yaml @@ -95,6 +95,8 @@ spec: value: "60" - name: ML_PIPELINE_TLS_ENABLED value: "true" + - name: METADATA_TLS_ENABLED + value: "true" - name: EXECUTIONTYPE value: Workflow - name: DB_DRIVER_NAME diff --git a/controllers/util/util.go b/controllers/util/util.go index f0f767b1e..08276d528 100644 --- a/controllers/util/util.go +++ b/controllers/util/util.go @@ -198,3 +198,16 @@ func GetRouteIfAvailable(ctx context.Context, routeName, ns string, client clien } return true, route, nil } + +func GetSecret(ctx context.Context, secretName, ns string, client client.Client) (*v1.Secret, error) { + secret := &v1.Secret{} + namespacedName := types.NamespacedName{ + Name: secretName, + Namespace: ns, + } + err := client.Get(ctx, namespacedName, secret) + if err != nil { + return &v1.Secret{}, err + } + return secret, nil +}