From 3b3a72b4f7b3277b25dd14a0a0c7a5352e7e9cad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Collonval?= Date: Mon, 14 Oct 2024 11:16:40 +0200 Subject: [PATCH 1/8] Add PUB/SUB config for jupyter --- charts/datalayer-jupyter/values.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/charts/datalayer-jupyter/values.yaml b/charts/datalayer-jupyter/values.yaml index ea700de..fe35bb3 100644 --- a/charts/datalayer-jupyter/values.yaml +++ b/charts/datalayer-jupyter/values.yaml @@ -37,6 +37,8 @@ jupyter: DATALAYER_OPENFGA_STORE_ID: "" DATALAYER_OPERATOR_API_KEY: "" DATALAYER_OPERATOR_HOST: "datalayer-operator-svc.datalayer-jupyter.svc.cluster.local:2111" + DATALAYER_PUB_SUB_ENGINE: "pulsar" + DATALAYER_PULSAR_URL: "pulsar://datalayer-pulsar-broker.datalayer-pulsar.svc.cluster.local:6650" DATALAYER_RUNTIME_ENV: "prod" DATALAYER_RUN_HOST: "" DATALAYER_SOLR_ZK_HOST: "solr-datalayer-solrcloud-zookeeper-headless.datalayer-solr.svc.cluster.local" From 21e6580a4beab3e18ddc0d5ea7f20bf53ac83784 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Collonval?= Date: Mon, 14 Oct 2024 17:24:59 +0200 Subject: [PATCH 2/8] Add config to jupyter api --- charts/datalayer-jupyter/values.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/charts/datalayer-jupyter/values.yaml b/charts/datalayer-jupyter/values.yaml index fe35bb3..a356e64 100644 --- a/charts/datalayer-jupyter/values.yaml +++ b/charts/datalayer-jupyter/values.yaml @@ -41,6 +41,7 @@ jupyter: DATALAYER_PULSAR_URL: "pulsar://datalayer-pulsar-broker.datalayer-pulsar.svc.cluster.local:6650" DATALAYER_RUNTIME_ENV: "prod" DATALAYER_RUN_HOST: "" + DATALAYER_USERS_VOLUME_CLAIM_NAME: "" DATALAYER_SOLR_ZK_HOST: "solr-datalayer-solrcloud-zookeeper-headless.datalayer-solr.svc.cluster.local" OTEL_EXPORTER_OTLP_METRICS_ENDPOINT: "" OTEL_EXPORTER_OTLP_TRACES_ENDPOINT: "" From cda89ed6e2dc9c26cc12ec2877d87465a3dcc2a3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Collonval?= Date: Mon, 14 Oct 2024 17:25:13 +0200 Subject: [PATCH 3/8] Add pulsar-manager helper --- charts/datalayer-pulsar/pulsar-admin.yaml | 37 +++++++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 charts/datalayer-pulsar/pulsar-admin.yaml diff --git a/charts/datalayer-pulsar/pulsar-admin.yaml b/charts/datalayer-pulsar/pulsar-admin.yaml new file mode 100644 index 0000000..1c08190 --- /dev/null +++ b/charts/datalayer-pulsar/pulsar-admin.yaml @@ -0,0 +1,37 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: pulsar-manager + namespace: datalayer-pulsar +spec: + replicas: 1 + selector: + matchLabels: + app: pulsar-manager + template: + metadata: + labels: + app: pulsar-manager + spec: + restartPolicy: Never + containers: + # The pulsar manager container + - name: pulsar-manager + image: apachepulsar/pulsar-manager:v0.3.0 + env: + - name: SPRING_CONFIGURATION_FILE + value: /pulsar-manager/pulsar-manager/application.properties + # Container to initialize an admin account + - name: set-pwd + image: curlimages/curl:8.10.1 + command: ["sh", "-c"] + args: + - | + sleep 10 + export CSRF_TOKEN=$(curl http://localhost:7750/pulsar-manager/csrf-token) + curl \ + -H 'X-XSRF-TOKEN: $CSRF_TOKEN' \ + -H 'Cookie: XSRF-TOKEN=$CSRF_TOKEN;' \ + -H "Content-Type: application/json" \ + -X PUT http://localhost:7750/pulsar-manager/users/superuser \ + -d '{"name": "admin", "password": "apachepulsar", "description": "test", "email": "username@test.org"}' From 31d73edc16c0cb6442ec7869bf31f1bf1aea810d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Collonval?= Date: Wed, 16 Oct 2024 14:38:46 +0200 Subject: [PATCH 4/8] Fix k8s RBAC for datalayer-jupyter --- .../datalayer-jupyter/templates/deployment.yaml | 1 + charts/datalayer-jupyter/templates/role.yaml | 17 +++++++++++++++++ .../templates/rolebinding.yaml | 13 +++++++++++++ .../templates/serviceaccount.yaml | 5 +++++ .../templates/companion-rolebinding.yaml | 2 +- 5 files changed, 37 insertions(+), 1 deletion(-) create mode 100644 charts/datalayer-jupyter/templates/role.yaml create mode 100644 charts/datalayer-jupyter/templates/rolebinding.yaml create mode 100644 charts/datalayer-jupyter/templates/serviceaccount.yaml diff --git a/charts/datalayer-jupyter/templates/deployment.yaml b/charts/datalayer-jupyter/templates/deployment.yaml index 3f46856..c172e26 100644 --- a/charts/datalayer-jupyter/templates/deployment.yaml +++ b/charts/datalayer-jupyter/templates/deployment.yaml @@ -29,6 +29,7 @@ spec: {{- end }} imagePullSecrets: - name: reg-creds + serviceAccountName: datalayer-jupyter containers: - name: jupyter image: {{ .Values.jupyter.image }} diff --git a/charts/datalayer-jupyter/templates/role.yaml b/charts/datalayer-jupyter/templates/role.yaml new file mode 100644 index 0000000..45a743d --- /dev/null +++ b/charts/datalayer-jupyter/templates/role.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + namespace: datalayer-jupyter + name: datalayer-jupyter + labels: + k8s-app: datalayer-jupyter + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +rules: +- apiGroups: [""] # "" indicates the core API group + resources: ["pods", "secrets"] + verbs: ["get"] +- apiGroups: ["batchs"] + resources: ["jobs"] + verbs: ["create"] diff --git a/charts/datalayer-jupyter/templates/rolebinding.yaml b/charts/datalayer-jupyter/templates/rolebinding.yaml new file mode 100644 index 0000000..f883c0c --- /dev/null +++ b/charts/datalayer-jupyter/templates/rolebinding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: datalayer-jupyter-svc + namespace: datalayer-jupyter +subjects: +- kind: ServiceAccount + name: datalayer-jupyter + namespace: datalayer-api +roleRef: + kind: Role + name: datalayer-jupyter + apiGroup: rbac.authorization.k8s.io diff --git a/charts/datalayer-jupyter/templates/serviceaccount.yaml b/charts/datalayer-jupyter/templates/serviceaccount.yaml new file mode 100644 index 0000000..5b9a4c5 --- /dev/null +++ b/charts/datalayer-jupyter/templates/serviceaccount.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: datalayer-jupyter + namespace: datalayer-api diff --git a/charts/datalayer-operator/templates/companion-rolebinding.yaml b/charts/datalayer-operator/templates/companion-rolebinding.yaml index 28b26a7..07376b0 100644 --- a/charts/datalayer-operator/templates/companion-rolebinding.yaml +++ b/charts/datalayer-operator/templates/companion-rolebinding.yaml @@ -1,7 +1,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: read-pods + name: datalayer-jupyter-companion-svc namespace: datalayer-jupyter subjects: - kind: ServiceAccount From e6e69c8b8b5f2ba8d9f8424b0c9af323516504b6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Collonval?= Date: Thu, 17 Oct 2024 10:55:52 +0200 Subject: [PATCH 5/8] Fix companion role --- charts/datalayer-operator/templates/companion-role.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/datalayer-operator/templates/companion-role.yaml b/charts/datalayer-operator/templates/companion-role.yaml index 4658359..5aa9a3a 100644 --- a/charts/datalayer-operator/templates/companion-role.yaml +++ b/charts/datalayer-operator/templates/companion-role.yaml @@ -11,4 +11,4 @@ metadata: rules: - apiGroups: [""] # "" indicates the core API group resources: ["pods"] - verbs: ["get"] + verbs: ["get", "delete"] From c2dcbe3d963662f65979e6d11b6409ef76c3e4c3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Collonval?= Date: Thu, 17 Oct 2024 16:19:28 +0200 Subject: [PATCH 6/8] Fix companion role --- charts/datalayer-operator/templates/companion-role.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/datalayer-operator/templates/companion-role.yaml b/charts/datalayer-operator/templates/companion-role.yaml index 5aa9a3a..d2145d1 100644 --- a/charts/datalayer-operator/templates/companion-role.yaml +++ b/charts/datalayer-operator/templates/companion-role.yaml @@ -11,4 +11,4 @@ metadata: rules: - apiGroups: [""] # "" indicates the core API group resources: ["pods"] - verbs: ["get", "delete"] + verbs: ["get", "delete", "patch"] From 74feb0ce01ce6a4c3aa0a07377982c626fa75115 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Collonval?= Date: Fri, 18 Oct 2024 11:09:48 +0200 Subject: [PATCH 7/8] Fix jupyter service role --- charts/datalayer-jupyter/templates/role.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/datalayer-jupyter/templates/role.yaml b/charts/datalayer-jupyter/templates/role.yaml index 45a743d..d6f64dd 100644 --- a/charts/datalayer-jupyter/templates/role.yaml +++ b/charts/datalayer-jupyter/templates/role.yaml @@ -12,6 +12,6 @@ rules: - apiGroups: [""] # "" indicates the core API group resources: ["pods", "secrets"] verbs: ["get"] -- apiGroups: ["batchs"] +- apiGroups: ["batch"] resources: ["jobs"] verbs: ["create"] From b92790d7be188581afa8a562bbff7352616b8e9b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Collonval?= Date: Fri, 18 Oct 2024 15:23:10 +0200 Subject: [PATCH 8/8] Add new folder on ceph --- charts/datalayer-ceph-filesystem/templates/users-storage.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/datalayer-ceph-filesystem/templates/users-storage.yaml b/charts/datalayer-ceph-filesystem/templates/users-storage.yaml index 534ec81..59f3078 100644 --- a/charts/datalayer-ceph-filesystem/templates/users-storage.yaml +++ b/charts/datalayer-ceph-filesystem/templates/users-storage.yaml @@ -36,7 +36,7 @@ spec: - -e - -c - | - for DIRECTORY in home public datasets tmp + for DIRECTORY in home public datalayer datasets tmp do mkdir -p /mnt/ceph/$DIRECTORY chown $KERNEL_UID:$KERNEL_GID /mnt/ceph/$DIRECTORY