From f9029110f9d35d703424d042cfb9c096de497271 Mon Sep 17 00:00:00 2001 From: Achyut Madhusudan Date: Tue, 4 Jul 2023 23:03:54 +0530 Subject: [PATCH] Infer secure based on the scheme provided. Signed-off-by: Achyut Madhusudan --- api/v1alpha1/dspipeline_types.go | 3 +++ ....opendatahub.io_datasciencepipelinesapplications.yaml | 3 +++ config/internal/apiserver/deployment.yaml.tmpl | 2 ++ config/internal/minio/secret.yaml.tmpl | 1 + controllers/config/defaults.go | 1 + controllers/dspipeline_params.go | 9 +++++++++ .../case_0/expected/created/apiserver_deployment.yaml | 2 ++ .../case_2/expected/created/apiserver_deployment.yaml | 2 ++ .../case_3/expected/created/apiserver_deployment.yaml | 2 ++ .../case_3/expected/created/storage_secret.yaml | 1 + .../case_4/expected/created/apiserver_deployment.yaml | 2 ++ .../case_5/expected/created/apiserver_deployment.yaml | 2 ++ 12 files changed, 30 insertions(+) diff --git a/api/v1alpha1/dspipeline_types.go b/api/v1alpha1/dspipeline_types.go index 71bbac23d..4bdfde796 100644 --- a/api/v1alpha1/dspipeline_types.go +++ b/api/v1alpha1/dspipeline_types.go @@ -215,6 +215,9 @@ type ExternalStorage struct { Bucket string `json:"bucket"` Scheme string `json:"scheme"` *S3CredentialSecret `json:"s3CredentialsSecret"` + // +kubebuilder:default:=true + // +kubebuilder:validation:Optional + Secure bool `json:"secure"` // +kubebuilder:validation:Optional Port string `json:"port"` } diff --git a/config/crd/bases/datasciencepipelinesapplications.opendatahub.io_datasciencepipelinesapplications.yaml b/config/crd/bases/datasciencepipelinesapplications.opendatahub.io_datasciencepipelinesapplications.yaml index c54f4d07d..b8d4db52f 100644 --- a/config/crd/bases/datasciencepipelinesapplications.opendatahub.io_datasciencepipelinesapplications.yaml +++ b/config/crd/bases/datasciencepipelinesapplications.opendatahub.io_datasciencepipelinesapplications.yaml @@ -456,6 +456,9 @@ spec: type: object scheme: type: string + secure: + default: true + type: boolean required: - bucket - host diff --git a/config/internal/apiserver/deployment.yaml.tmpl b/config/internal/apiserver/deployment.yaml.tmpl index 807e5314a..2e42d702d 100644 --- a/config/internal/apiserver/deployment.yaml.tmpl +++ b/config/internal/apiserver/deployment.yaml.tmpl @@ -84,6 +84,8 @@ spec: secretKeyRef: key: "{{.ObjectStorageConnection.CredentialsSecret.SecretKey}}" name: "{{.ObjectStorageConnection.CredentialsSecret.SecretName}}" + - name: OBJECTSTORECONFIG_SECURE + value: "{{.ObjectStorageConnection.Secure}}" - name: MINIO_SERVICE_SERVICE_HOST value: "{{.ObjectStorageConnection.Host}}" - name: MINIO_SERVICE_SERVICE_PORT diff --git a/config/internal/minio/secret.yaml.tmpl b/config/internal/minio/secret.yaml.tmpl index 7cda54603..17192f27f 100644 --- a/config/internal/minio/secret.yaml.tmpl +++ b/config/internal/minio/secret.yaml.tmpl @@ -9,6 +9,7 @@ metadata: stringData: host: "{{.ObjectStorageConnection.Host}}" port: "{{.ObjectStorageConnection.Port}}" + secure: "{{.ObjectStorageConnection.Secure}}" data: accesskey: "{{.ObjectStorageConnection.AccessKeyID}}" secretkey: "{{.ObjectStorageConnection.SecretAccessKey}}" diff --git a/controllers/config/defaults.go b/controllers/config/defaults.go index fdf841b9d..7c98fb5a8 100644 --- a/controllers/config/defaults.go +++ b/controllers/config/defaults.go @@ -42,6 +42,7 @@ const ( MinioHostPrefix = "minio" MinioPort = "9000" MinioScheme = "http" + MinioSecure = false MinioDefaultBucket = "mlpipeline" MinioPVCSize = "10Gi" diff --git a/controllers/dspipeline_params.go b/controllers/dspipeline_params.go index 7921212e5..b9b350787 100644 --- a/controllers/dspipeline_params.go +++ b/controllers/dspipeline_params.go @@ -66,6 +66,7 @@ type ObjectStorageConnection struct { Host string Port string Scheme string + Secure bool Endpoint string // scheme://host:port AccessKeyID string SecretAccessKey string @@ -234,6 +235,11 @@ func (p *DSPAParams) SetupObjectParams(ctx context.Context, dsp *dspa.DataScienc p.ObjectStorageConnection.Bucket = dsp.Spec.ObjectStorage.ExternalStorage.Bucket p.ObjectStorageConnection.Host = dsp.Spec.ObjectStorage.ExternalStorage.Host p.ObjectStorageConnection.Scheme = dsp.Spec.ObjectStorage.ExternalStorage.Scheme + if p.ObjectStorageConnection.Scheme == "https" { + p.ObjectStorageConnection.Secure = true + } else { + p.ObjectStorageConnection.Secure = false + } // Port can be empty, which is fine. p.ObjectStorageConnection.Port = dsp.Spec.ObjectStorage.ExternalStorage.Port customCreds = dsp.Spec.ObjectStorage.ExternalStorage.S3CredentialSecret @@ -263,6 +269,8 @@ func (p *DSPAParams) SetupObjectParams(ctx context.Context, dsp *dspa.DataScienc ) p.ObjectStorageConnection.Port = config.MinioPort p.ObjectStorageConnection.Scheme = config.MinioScheme + p.ObjectStorageConnection.Secure = config.MinioSecure + if p.Minio.S3CredentialSecret != nil { customCreds = p.Minio.S3CredentialSecret } @@ -341,6 +349,7 @@ func (p *DSPAParams) SetupObjectParams(ctx context.Context, dsp *dspa.DataScienc } return nil + } func (p *DSPAParams) SetupMLMD(ctx context.Context, dsp *dspa.DataSciencePipelinesApplication, client client.Client, log logr.Logger) error { diff --git a/controllers/testdata/declarative/case_0/expected/created/apiserver_deployment.yaml b/controllers/testdata/declarative/case_0/expected/created/apiserver_deployment.yaml index cc8dfb93e..fa277a796 100644 --- a/controllers/testdata/declarative/case_0/expected/created/apiserver_deployment.yaml +++ b/controllers/testdata/declarative/case_0/expected/created/apiserver_deployment.yaml @@ -84,6 +84,8 @@ spec: secretKeyRef: key: "secretkey" name: "mlpipeline-minio-artifact" + - name: OBJECTSTORECONFIG_SECURE + value: "false" - name: MINIO_SERVICE_SERVICE_HOST value: "minio-testdsp0.default.svc.cluster.local" - name: MINIO_SERVICE_SERVICE_PORT diff --git a/controllers/testdata/declarative/case_2/expected/created/apiserver_deployment.yaml b/controllers/testdata/declarative/case_2/expected/created/apiserver_deployment.yaml index 0ccb29271..5c1263828 100644 --- a/controllers/testdata/declarative/case_2/expected/created/apiserver_deployment.yaml +++ b/controllers/testdata/declarative/case_2/expected/created/apiserver_deployment.yaml @@ -84,6 +84,8 @@ spec: secretKeyRef: key: "secretkey" name: "mlpipeline-minio-artifact" + - name: OBJECTSTORECONFIG_SECURE + value: "false" - name: MINIO_SERVICE_SERVICE_HOST value: "minio-testdsp2.default.svc.cluster.local" - name: MINIO_SERVICE_SERVICE_PORT diff --git a/controllers/testdata/declarative/case_3/expected/created/apiserver_deployment.yaml b/controllers/testdata/declarative/case_3/expected/created/apiserver_deployment.yaml index 3a4bb70fa..0b617788d 100644 --- a/controllers/testdata/declarative/case_3/expected/created/apiserver_deployment.yaml +++ b/controllers/testdata/declarative/case_3/expected/created/apiserver_deployment.yaml @@ -84,6 +84,8 @@ spec: secretKeyRef: key: "secretkey" name: "mlpipeline-minio-artifact" + - name: OBJECTSTORECONFIG_SECURE + value: "true" - name: MINIO_SERVICE_SERVICE_HOST value: "teststoragehost3" - name: MINIO_SERVICE_SERVICE_PORT diff --git a/controllers/testdata/declarative/case_3/expected/created/storage_secret.yaml b/controllers/testdata/declarative/case_3/expected/created/storage_secret.yaml index d352b78ef..36d77f689 100644 --- a/controllers/testdata/declarative/case_3/expected/created/storage_secret.yaml +++ b/controllers/testdata/declarative/case_3/expected/created/storage_secret.yaml @@ -11,4 +11,5 @@ data: host: dGVzdHN0b3JhZ2Vob3N0Mw== port: ODA= secretkey: dGVzdHNlY3JldGtleXZhbHVlMw== + secure: dHJ1ZQ== type: Opaque diff --git a/controllers/testdata/declarative/case_4/expected/created/apiserver_deployment.yaml b/controllers/testdata/declarative/case_4/expected/created/apiserver_deployment.yaml index 8723c2009..94524294c 100644 --- a/controllers/testdata/declarative/case_4/expected/created/apiserver_deployment.yaml +++ b/controllers/testdata/declarative/case_4/expected/created/apiserver_deployment.yaml @@ -84,6 +84,8 @@ spec: secretKeyRef: key: "secretkey" name: "mlpipeline-minio-artifact" + - name: OBJECTSTORECONFIG_SECURE + value: "false" - name: MINIO_SERVICE_SERVICE_HOST value: "minio-testdsp4.default.svc.cluster.local" - name: MINIO_SERVICE_SERVICE_PORT diff --git a/controllers/testdata/declarative/case_5/expected/created/apiserver_deployment.yaml b/controllers/testdata/declarative/case_5/expected/created/apiserver_deployment.yaml index a5e34d6ef..92f6ac5b9 100644 --- a/controllers/testdata/declarative/case_5/expected/created/apiserver_deployment.yaml +++ b/controllers/testdata/declarative/case_5/expected/created/apiserver_deployment.yaml @@ -84,6 +84,8 @@ spec: secretKeyRef: key: "secretkey" name: "mlpipeline-minio-artifact" + - name: OBJECTSTORECONFIG_SECURE + value: "false" - name: MINIO_SERVICE_SERVICE_HOST value: "minio-testdsp5.default.svc.cluster.local" - name: MINIO_SERVICE_SERVICE_PORT