Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[helm/affinity] - Updates to iam jupyter operator charts #5

Merged
merged 3 commits into from
Jul 12, 2024
Merged

[helm/affinity] - Updates to iam jupyter operator charts #5

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
c750ddd
updates to iam jupyter operator charts
tyu0912 Jul 11, 2024
ace9c8c
updated the namespace
tyu0912 Jul 12, 2024
155df15
updated the path of values for namespace
tyu0912 Jul 12, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
61 changes: 61 additions & 0 deletions .github/workflows/unittest.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
name: Unit tests

on:
pull_request:
types:
- opened
- reopened
- synchronize
- ready_for_review

jobs:
unittests:
runs-on:
labels: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
ref: ${{ github.head_ref }}
fetch-depth: 0

- name: Get changed files
id: changed-files
uses: tj-actions/changed-files@cc733854b1f224978ef800d29e4709d5ee2883e4 # v44.5.5
with:
files: "./**"
dir_names: "true"
dir_names_max_depth: "2"
dir_names_deleted_files_include_only_deleted_dirs: "true"

- name: List all changed files
id: modify-changed-files
run: |
echo "Number of changed files: ${{ steps.changed-files.outputs.all_modified_files_count }}"

folders=""
counter=0

for folder in ${{ steps.changed-files.outputs.all_modified_files }}; do
echo "$folder was changed"

# Check if overall chart folder still exists
if [[ -d "$folder" ]]; then
folders+="$folder "
counter=$((counter+1))
else
echo "$folder no longer exists and will not be tested"
fi
done

modified_folders=$(echo "$folders" | sed 's/ *$//')

echo "folder_string=$modified_folders" >> "$GITHUB_OUTPUT"
echo "folder_count=$counter" >> "$GITHUB_OUTPUT"

- name: Setup up Helm and unittest
uses: d3adb5/helm-unittest-action@66140cd099aa6c4f2ebc59735b8e421135a6d4e3 # v2.4
if: steps.modify-changed-files.outputs.folder_count > 0
with:
helm-version: v3.12.2
charts: ${{ steps.changed-files.outputs.folder_string }}
107 changes: 21 additions & 86 deletions datalayer-iam/templates/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ .Release.Name }}
namespace: {{ .Values.namespace }}
namespace: {{ default .Values.iam.namespace .Release.Namespace }}
labels:
app: {{ template "iam.app-name" . }}
spec:
Expand All @@ -21,100 +21,35 @@ spec:
datalayer.io/app: {{ template "iam.app-name" . }}
spec:
terminationGracePeriodSeconds: 0
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: role.datalayer.io/api
operator: In
values:
- "true"
{{- with .Values.iam.affinity }}
affinity: {{- toYaml . | nindent 8 }}
{{- end }}
imagePullSecrets:
- name: reg-creds
- name: reg-creds
containers:
- name: iam
image: {{ .Values.iam.image }}
imagePullPolicy: {{ .Values.iam.imagePullPolicy }}
ports:
- containerPort: {{ .Values.iam.port }}
protocol: TCP
{{- if or .Values.iam.env .Values.iam.envValueFrom }}
env:
- name: DATALAYER_RUNTIME_ENV
value: {{ .Values.iam.env.DATALAYER_RUNTIME_ENV }}
- name: DATALAYER_RUN_HOST
value: {{ .Values.iam.env.DATALAYER_RUN_HOST }}
- name: DATALAYER_CDN_URL
value: {{ .Values.iam.env.DATALAYER_CDN_URL }}
- name: DATALAYER_JWT_ISSUER
value: {{ .Values.iam.env.DATALAYER_JWT_ISSUER }}
- name: DATALAYER_JWT_SECRET
value: {{ .Values.iam.env.DATALAYER_JWT_SECRET }}
- name: DATALAYER_JWT_ALLOWED_ISSUERS
value: {{ .Values.iam.env.DATALAYER_JWT_ALLOWED_ISSUERS }}
- name: DATALAYER_JWT_ALGORITHM
value: {{ .Values.iam.env.DATALAYER_JWT_ALGORITHM }}
- name: DATALAYER_JWT_DEFAULT_KID_ISSUER
value: {{ .Values.iam.env.DATALAYER_JWT_DEFAULT_KID_ISSUER }}
- name: DATALAYER_JWT_SKIP_3RD_TOKEN_SIGNATURE_VERIFICATION
value: {{ .Values.iam.env.DATALAYER_JWT_SKIP_3RD_TOKEN_SIGNATURE_VERIFICATION | quote }}
- name: DATALAYER_AUTHZ_ENGINE
value: {{ .Values.iam.env.DATALAYER_AUTHZ_ENGINE }}
- name: DATALAYER_OPENFGA_REST_URL
value: {{ .Values.iam.env.DATALAYER_OPENFGA_REST_URL }}
- name: DATALAYER_OPENFGA_STORE_ID
value: {{ .Values.iam.env.DATALAYER_OPENFGA_STORE_ID }}
- name: DATALAYER_OPENFGA_AUTHZ_MODEL_ID
value: {{ .Values.iam.env.DATALAYER_OPENFGA_AUTHZ_MODEL_ID }}
- name: DATALAYER_SOLR_ZK_HOST
value: {{ .Values.iam.env.DATALAYER_SOLR_ZK_HOST }}
- name: DATALAYER_SOLR_USERNAME
valueFrom:
secretKeyRef:
name: solr-basic-auth
key: username
- name: DATALAYER_SOLR_PASSWORD
valueFrom:
secretKeyRef:
name: solr-basic-auth
key: password
- name: DATALAYER_SUPPORT_EMAIL
value: {{ .Values.iam.env.DATALAYER_SUPPORT_EMAIL }}
- name: DATALAYER_SMTP_HOST
value: {{ .Values.iam.env.DATALAYER_SMTP_HOST }}
- name: DATALAYER_SMTP_PORT
value: {{ .Values.iam.env.DATALAYER_SMTP_PORT | quote }}
- name: DATALAYER_SMTP_USERNAME
value: {{ .Values.iam.env.DATALAYER_SMTP_USERNAME }}
- name: DATALAYER_SMTP_PASSWORD
value: {{ .Values.iam.env.DATALAYER_SMTP_PASSWORD }}
- name: DATALAYER_GITHUB_CLIENT_ID
value: {{ .Values.iam.env.DATALAYER_GITHUB_CLIENT_ID }}
- name: DATALAYER_GITHUB_CLIENT_SECRET
value: {{ .Values.iam.env.DATALAYER_GITHUB_CLIENT_SECRET }}
- name: DATALAYER_CREDITS_PROVIDER
value: {{ .Values.iam.env.DATALAYER_CREDITS_PROVIDER }}
- name: DATALAYER_IAM_API_KEY
value: {{ .Values.iam.env.DATALAYER_IAM_API_KEY }}
- name: DATALAYER_PUB_SUB_ENGINE
value: {{ .Values.iam.env.DATALAYER_PUB_SUB_ENGINE }}
- name: DATALAYER_PULSAR_URL
value: {{ .Values.iam.env.DATALAYER_PULSAR_URL }}
# Addons
{{ if eq .Values.iam.env.DATALAYER_CREDITS_PROVIDER "stripe" }}
- name: DATALAYER_STRIPE_API_KEY
value: {{ .Values.iam.env.DATALAYER_STRIPE_API_KEY }}
- name: DATALAYER_STRIPE_JS_API_KEY
value: {{ .Values.iam.env.DATALAYER_STRIPE_JS_API_KEY }}
- name: DATALAYER_STRIPE_PRODUCT_ID
value: {{ .Values.iam.env.DATALAYER_STRIPE_PRODUCT_ID }}
- name: DATALAYER_STRIPE_BILLING_ROUTE
value: {{ .Values.iam.env.DATALAYER_STRIPE_BILLING_ROUTE }}
- name: DATALAYER_STRIPE_WEBHOOK_SECRET
value: {{ .Values.iam.env.DATALAYER_STRIPE_WEBHOOK_SECRET }}{{ end }}
volumeMounts:
resources:
{{ toYaml .Values.iam.resources | indent 12 }}
{{- range $key, $value := .Values.iam.envValueFrom }}
- name: {{ $key }}
valueFrom: {{- $value | toYaml | nindent 16 }}
{{- end }}
{{- range $key, $value := .Values.iam.env }}
- name: {{ $key }}
value: {{ $value | quote }}
{{- end }}
{{- end }}
{{- with .Values.iam.resources }}
resources: {{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.iam.volumeMounts }}
volumeMounts: {{- toYaml . | nindent 12 }}
{{- end }}
# - name: iam-sidecar
# image: {{ .Values.iam.sidecar.image }}
# imagePullPolicy: {{ .Values.iam.imagePullPolicy }}
Expand Down
2 changes: 2 additions & 0 deletions datalayer-iam/templates/traefik-middleware.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
{{- if eq .Values.ingressClass "datalayer-traefik" }}
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
Expand All @@ -9,3 +10,4 @@ spec:
trustForwardHeader: true
# authRequestHeaders:
# - "Authorization"
{{- end }}
96 changes: 96 additions & 0 deletions datalayer-iam/tests/deployment_test.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,96 @@
suite: test deployment
templates:
- templates/deployment.yaml
tests:
- it: "test affinity"
asserts:
- isSubset:
path: spec.template.spec
content:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: role.datalayer.io/api
operator: In
values:
- "true"
- it: "test environment variables"
asserts:
- isSubset:
path: spec.template.spec.containers[0]
content:
env:
- name: DATALAYER_SOLR_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: solr-basic-auth
- name: DATALAYER_SOLR_USERNAME
valueFrom:
secretKeyRef:
key: username
name: solr-basic-auth
- name: DATALAYER_AUTHZ_ENGINE
value: "openfga"
- name: DATALAYER_CDN_URL
value: ""
- name: DATALAYER_CREDITS_PROVIDER
value: ""
- name: DATALAYER_GITHUB_CLIENT_ID
value: ""
- name: DATALAYER_GITHUB_CLIENT_SECRET
value: ""
- name: DATALAYER_IAM_API_KEY
value: ""
- name: DATALAYER_JWT_ALGORITHM
value: ""
- name: DATALAYER_JWT_ALLOWED_ISSUERS
value: ""
- name: DATALAYER_JWT_DEFAULT_KID_ISSUER
value: ""
- name: DATALAYER_JWT_ISSUER
value: "https://id.datalayer.run"
- name: DATALAYER_JWT_SECRET
value: ""
- name: DATALAYER_JWT_SKIP_3RD_TOKEN_SIGNATURE_VERIFICATION
value: "false"
- name: DATALAYER_OPENFGA_AUTHZ_MODEL_ID
value: ""
- name: DATALAYER_OPENFGA_REST_URL
value: "http://datalayer-openfga.datalayer-openfga.svc.cluster.local:8080"
- name: DATALAYER_OPENFGA_STORE_ID
value: ""
- name: DATALAYER_PUB_SUB_ENGINE
value: "pulsar"
- name: DATALAYER_PULSAR_URL
value: "pulsar://datalayer-pulsar-broker.datalayer-pulsar.svc.cluster.local:6650"
- name: DATALAYER_RUNTIME_ENV
value: "prod"
- name: DATALAYER_RUN_HOST
value: ""
- name: DATALAYER_SMTP_HOST
value: ""
- name: DATALAYER_SMTP_PASSWORD
value: ""
- name: DATALAYER_SMTP_PORT
value: "0"
- name: DATALAYER_SMTP_USERNAME
value: ""
- name: DATALAYER_SOLR_ZK_HOST
value: "solr-datalayer-solrcloud-zookeeper-headless.datalayer-solr.svc.cluster.local"
- name: DATALAYER_STRIPE_API_KEY
value: ""
- name: DATALAYER_STRIPE_BILLING_ROUTE
value: "/usage/billing"
- name: DATALAYER_STRIPE_JS_API_KEY
value: ""
- name: DATALAYER_STRIPE_PRODUCT_ID
value: ""
- name: DATALAYER_STRIPE_WEBHOOK_SECRET
value: ""
- name: DATALAYER_SUPPORT_EMAIL
value: ""


10 changes: 10 additions & 0 deletions datalayer-iam/tests/traefik-middleware_test.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
suite: test traefik-middleware
templates:
- templates/traefik-middleware.yaml
tests:
- it: "test traefik middleware resource"
values:
- ./values/alternate_ingressclass.yaml
asserts:
- hasDocuments:
count: 0
2 changes: 2 additions & 0 deletions datalayer-iam/tests/values/alternate_ingressclass.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
iam:
ingressClass: "nginx"
28 changes: 23 additions & 5 deletions datalayer-iam/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,10 +7,24 @@ iam:
clusterType: any
certificateIssuer: letsencrypt
ingressClass: datalayer-traefik
# resources:
# limits:
# memory: "8192Mi"
# cpu: "3000m"
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: role.datalayer.io/api
operator: In
values:
- "true"
envValueFrom:
DATALAYER_SOLR_USERNAME:
secretKeyRef:
name: solr-basic-auth
key: username
DATALAYER_SOLR_PASSWORD:
secretKeyRef:
name: solr-basic-auth
key: password
env:
DATALAYER_AUTHZ_ENGINE: "openfga"
DATALAYER_CDN_URL: ""
Expand All @@ -27,7 +41,6 @@ iam:
DATALAYER_OPENFGA_AUTHZ_MODEL_ID: ""
DATALAYER_OPENFGA_REST_URL: "http://datalayer-openfga.datalayer-openfga.svc.cluster.local:8080"
DATALAYER_OPENFGA_STORE_ID: ""
DATALAYER_OPENFGA_AUTHZ_MODEL_ID: ""
DATALAYER_PUB_SUB_ENGINE: "pulsar"
DATALAYER_PULSAR_URL: "pulsar://datalayer-pulsar-broker.datalayer-pulsar.svc.cluster.local:6650"
DATALAYER_RUNTIME_ENV: "prod"
Expand All @@ -43,3 +56,8 @@ iam:
DATALAYER_STRIPE_PRODUCT_ID: ""
DATALAYER_STRIPE_WEBHOOK_SECRET: ""
DATALAYER_SUPPORT_EMAIL: ""

# resources:
# limits:
# memory: "8192Mi"
# cpu: "3000m"
Loading
Loading