Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Add custom CA support to Launch Agent #74

Merged
merged 3 commits into from
Feb 5, 2024
Merged

feat: Add custom CA support to Launch Agent #74

merged 3 commits into from
Feb 5, 2024

Conversation

flamarion
Copy link
Contributor

Relevant configuration in values.yaml

customCABundle:
 configMap:
   name:
   key:

Create a configMap with the CA Bundle

kubectl -n wandb create configmap my-custom-ca-bundle --from-file=wandb.local.crt

Configure the values.yaml with the configMap name and key

[...]
customCABundle:
 configMap:
   name: my-custom-ca-bundle
   key: wandb.local.crt

Upgrade the deployment. Here demonstrated the current pod has no CA Bundle configured.

$ kubectl -n wandb get pods
NAME                                         READY   STATUS    RESTARTS   AGE
launch-agent-wandb-launch-69b8c9b96b-82m8m   1/1     Running   0          2m8s

$ kubectl -n wandb exec -ti launch-agent-wandb-launch-69b8c9b96b-82m8m -- env|grep CA

$ helm upgrade --namespace=wandb --install wandb-launch ./launch-agent -f values-test-ca.yaml
Release "wandb-launch" has been upgraded. Happy Helming!
NAME: wandb-launch
LAST DEPLOYED: Fri Feb  2 15:17:03 2024
NAMESPACE: wandb
STATUS: deployed
REVISION: 6
TEST SUITE: None

$ kubectl -n wandb get pods -w
NAME                                         READY   STATUS        RESTARTS   AGE
[...]
launch-agent-wandb-launch-69b8c9b96b-82m8m   0/1     Terminating   0          3m29s
[...]
launch-agent-wandb-launch-5bc7688546-qpzpr   0/1     ContainerCreating   0          0s
[...]

With the new pod created, check if the CA Bundle is configured

$ kubectl -n wandb exec -ti launch-agent-wandb-launch-5bc7688546-qpzpr -- env|grep CA
REQUESTS_CA_BUNDLE=/usr/local/share/ca-certificates/custom-ca.crt

$ kubectl -n wandb exec -ti launch-agent-wandb-launch-5bc7688546-qpzpr -- cat /usr/local/share/ca-certificates/custom-ca.crt
-----BEGIN CERTIFICATE-----
MIIDnzCCAocCFGOeXz1eYRBUa5lWnkKABec6UYcJMA0GCSqGSIb3DQEBCwUAMIGH
MQswCQYDVQQGEwJOTDEQMA4GA1UECAwHVXRyZWNodDETMBEGA1UEBwwKQW1lcnNm
[...]

Remove the configuration from values.yaml and check if the new pod is updated without the CA Bundle

[...]
customCABundle:
 configMap:
   name:
   key:

Upgrade the deployment and check if the CA Bundle configuration is removed

$ helm upgrade --namespace=wandb --install wandb-launch ./launch-agent -f values-test-ca.yaml
Release "wandb-launch" has been upgraded. Happy Helming!
NAME: wandb-launch
LAST DEPLOYED: Fri Feb  2 15:20:05 2024
NAMESPACE: wandb
STATUS: deployed
REVISION: 7
TEST SUITE: None

$ kubectl -n wandb get pods -w
NAME                                         READY   STATUS        RESTARTS   AGE
launch-agent-wandb-launch-5bc7688546-qpzpr   1/1     Terminating   0          2m34s
[...]
launch-agent-wandb-launch-69b8c9b96b-gvbfp   1/1     Running             0          2s

$ kubectl -n wandb exec -ti launch-agent-wandb-launch-69b8c9b96b-gvbfp -- env|grep CA

$ kubectl -n wandb exec -ti launch-agent-wandb-launch-69b8c9b96b-gvbfp -- cat /usr/local/share/ca-certificates/custom-ca.crt
cat: /usr/local/share/ca-certificates/custom-ca.crt: No such file or directory
command terminated with exit code 1

@flamarion flamarion merged commit 8881641 into main Feb 5, 2024
1 check passed
@flamarion flamarion deleted the add_custom_ca_bundle_to_launch_agent branch February 5, 2024 17:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@KyleGoyette KyleGoyette KyleGoyette approved these changes

@bcsherma bcsherma Awaiting requested review from bcsherma bcsherma is a code owner

@gtarpenning gtarpenning Awaiting requested review from gtarpenning

@nickpenaranda nickpenaranda Awaiting requested review from nickpenaranda

@TimH98 TimH98 Awaiting requested review from TimH98 TimH98 is a code owner

@zacharyblasczyk zacharyblasczyk Awaiting requested review from zacharyblasczyk

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@flamarion @KyleGoyette