Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(backend): Source ObjStore Creds from Env in Tekton Template #122

Merged
merged 3 commits into from
Aug 31, 2023
Merged

feat(backend): Source ObjStore Creds from Env in Tekton Template #122

merged 3 commits into from
Aug 31, 2023

Conversation

gmfrasca
Copy link
Member

Which issue is resolved by this Pull Request:
Unblocks opendatahub-io/data-science-pipelines-operator#151

Description of your changes:
Cherry-pick feature from upstream kubeflow#1259

Allow admins to define OBJECTSTORECONFIG_CREDENTIALS(SECRET|ACCESSKEYKEY|SECRETKEYKEY) env vars instead of the previously hardcoded mlpipeline-minio-artifact, accesskey, and secretkey values, respectively

Environment tested:

  • Python Version (use python --version): 3.11
  • Tekton Version (use tkn version): 0.31
  • Kubernetes Version (use kubectl version): 1.22
  • OS (e.g. from /etc/os-release): Fedora 38

Checklist:

@gmfrasca
Copy link
Member Author

/retest

@HumairAK HumairAK added the qe/verify Labels to inform qe on issues to verify. label Aug 31, 2023
@HumairAK
Copy link

/lgtm
/approve

@openshift-ci openshift-ci bot added the lgtm label Aug 31, 2023
@HumairAK HumairAK merged commit 95caa70 into opendatahub-io:master Aug 31, 2023
10 of 12 checks passed
@openshift-ci
Copy link

openshift-ci bot commented Aug 31, 2023

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: gmfrasca, HumairAK

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@HumairAK
Copy link

Good way to test this:

  1. Deploy dspa via dspo
  2. scale down DSPO
  3. Add deploy: false to DSP sever in DSPA:
spec:
  apiServer:
    deploy: false

copy the mlpipeline-minio-artifact secret, recreate it with metadata.name: custom-secret, update the accesskey and secretkey KEYS to custom values, delete mlpipeline-minio-artifact, restart pipeline server pod, you'll see it crash because it's missing the secret we just deleted, replace it with a custom secret, add the following env vars to the dsp server deployment:

OBJECTSTORECONFIG_CREDENTIALSSECRET
OBJECTSTORECONFIG_CREDENTIALSACCESSKEYKEY
OBJECTSTORECONFIG_CREDENTIALSSECRETKEYKEY
OBJECTSTORECONFIG_ACCESSKEY
OBJECTSTORECONFIG_SECRETACCESSKEY

OBJECTSTORECONFIG_ACCESSKEY and OBJECTSTORECONFIG_SECRETACCESSKEY will already exist, point the secret refs to custom-script, update the remaining env vars accordingly, restart server pod, should just work.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gregsheremeta gregsheremeta Awaiting requested review from gregsheremeta

@HumairAK HumairAK Awaiting requested review from HumairAK

Assignees

@HumairAK HumairAK

Labels
approved lgtm qe/verify Labels to inform qe on issues to verify.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@gmfrasca @HumairAK