Skip to content

Commit

Permalink
make oauth image and cert generator configurable via env vars
Browse files Browse the repository at this point in the history
Signed-off-by: Kevin <kpostlet@redhat.com>
  • Loading branch information
KPostOffice authored and openshift-merge-bot[bot] committed Jul 12, 2024
1 parent 3b5a5d2 commit a8b6591
Show file tree
Hide file tree
Showing 8 changed files with 38 additions and 12 deletions.
13 changes: 12 additions & 1 deletion .github/workflows/project-codeflare-release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -98,7 +98,18 @@ jobs:
steps:
- name: Release CodeFlare operator
run: |
gh workflow run tag-and-build.yml --repo ${{ github.event.inputs.codeflare-repository-organization }}/codeflare-operator --ref ${{ github.ref }} --field is-stable=${{ github.event.inputs.is-stable }} --field version=${{ github.event.inputs.operator-version }} --field replaces=${{ github.event.inputs.replaces }} --field codeflare-sdk-version=${{ github.event.inputs.codeflare-sdk-version }} --field appwrapper-version=${{ github.event.inputs.appwrapper-version }} --field kuberay-version=${{ github.event.inputs.kuberay-version }} --field kueue-version=${{ github.event.inputs.kueue-version }} --field quay-organization=${{ github.event.inputs.quay-organization }} --field community-operators-prod-fork-organization=${{ github.event.inputs.codeflare-repository-organization }} --field community-operators-prod-organization=${{ github.event.inputs.community-operators-prod-organization }}
gh workflow run tag-and-build.yml --repo ${{ github.event.inputs.codeflare-repository-organization }}/codeflare-operator \
--ref ${{ github.ref }} \
--field is-stable=${{ github.event.inputs.is-stable }} \
--field version=${{ github.event.inputs.operator-version }} \
--field replaces=${{ github.event.inputs.replaces }} \
--field codeflare-sdk-version=${{ github.event.inputs.codeflare-sdk-version }} \
--field appwrapper-version=${{ github.event.inputs.appwrapper-version }} \
--field kuberay-version=${{ github.event.inputs.kuberay-version }} \
--field kueue-version=${{ github.event.inputs.kueue-version }} \
--field quay-organization=${{ github.event.inputs.quay-organization }} \
--field community-operators-prod-fork-organization=${{ github.event.inputs.codeflare-repository-organization }} \
--field community-operators-prod-organization=${{ github.event.inputs.community-operators-prod-organization }}
env:
GITHUB_TOKEN: ${{ secrets.CODEFLARE_MACHINE_ACCOUNT_TOKEN }}
shell: bash
Expand Down
1 change: 0 additions & 1 deletion config/e2e/config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,5 @@ data:
kuberay:
rayDashboardOAuthEnabled: false
ingressDomain: "kind"
certGeneratorImage: quay.io/rhoai/ray:2.23.0-py39-cu121
appwrapper:
enabled: true
5 changes: 5 additions & 0 deletions config/e2e/patch_resources.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,3 +3,8 @@
- op: replace
path: /spec/template/spec/containers/0/imagePullPolicy
value: IfNotPresent
- op: add
path: /spec/template/spec/containers/0/env/-
value:
name: CERT_GENERATOR_IMAGE
value: quay.io/rhoai/ray:2.23.0-py39-cu121
1 change: 0 additions & 1 deletion main.go
Original file line number Diff line number Diff line change
Expand Up @@ -147,7 +147,6 @@ func main() {
RayDashboardOAuthEnabled: ptr.To(true),
IngressDomain: "",
MTLSEnabled: ptr.To(true),
CertGeneratorImage: "registry.redhat.io/ubi9@sha256:770cf07083e1c85ae69c25181a205b7cdef63c11b794c89b3b487d4670b4c328",
},
AppWrapper: &config.AppWrapperConfiguration{
Enabled: ptr.To(false),
Expand Down
2 changes: 0 additions & 2 deletions pkg/config/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -50,8 +50,6 @@ type KubeRayConfiguration struct {
IngressDomain string `json:"ingressDomain"`

MTLSEnabled *bool `json:"mTLSEnabled,omitempty"`

CertGeneratorImage string `json:"certGeneratorImage"`
}

type ControllerManager struct {
Expand Down
6 changes: 3 additions & 3 deletions pkg/controllers/raycluster_webhook.go
Original file line number Diff line number Diff line change
Expand Up @@ -231,7 +231,7 @@ func validateHeadGroupServiceAccountName(rayCluster *rayv1.RayCluster) field.Err
func oauthProxyContainer(rayCluster *rayv1.RayCluster) corev1.Container {
return corev1.Container{
Name: oauthProxyContainerName,
Image: "registry.redhat.io/openshift4/ose-oauth-proxy@sha256:1ea6a01bf3e63cdcf125c6064cbd4a4a270deaf0f157b3eabb78f60556840366",
Image: OAuthProxyImage,
Ports: []corev1.ContainerPort{
{ContainerPort: 8443, Name: "oauth-proxy"},
},
Expand Down Expand Up @@ -349,7 +349,7 @@ func rayHeadInitContainer(rayCluster *rayv1.RayCluster, config *config.KubeRayCo

initContainerHead := corev1.Container{
Name: "create-cert",
Image: config.CertGeneratorImage,
Image: CertGeneratorImage,
Command: []string{
"sh",
"-c",
Expand All @@ -363,7 +363,7 @@ func rayHeadInitContainer(rayCluster *rayv1.RayCluster, config *config.KubeRayCo
func rayWorkerInitContainer(config *config.KubeRayConfiguration) corev1.Container {
initContainerWorker := corev1.Container{
Name: "create-cert",
Image: config.CertGeneratorImage,
Image: CertGeneratorImage,
Command: []string{
"sh",
"-c",
Expand Down
8 changes: 4 additions & 4 deletions pkg/controllers/raycluster_webhook_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -243,7 +243,7 @@ func TestValidateCreate(t *testing.T) {
Containers: []corev1.Container{
{
Name: oauthProxyContainerName,
Image: "registry.redhat.io/openshift4/ose-oauth-proxy@sha256:1ea6a01bf3e63cdcf125c6064cbd4a4a270deaf0f157b3eabb78f60556840366",
Image: OAuthProxyImage,
Ports: []corev1.ContainerPort{
{ContainerPort: 8443, Name: "oauth-proxy"},
},
Expand Down Expand Up @@ -363,7 +363,7 @@ func TestValidateUpdate(t *testing.T) {
Containers: []corev1.Container{
{
Name: oauthProxyContainerName,
Image: "registry.redhat.io/openshift4/ose-oauth-proxy@sha256:1ea6a01bf3e63cdcf125c6064cbd4a4a270deaf0f157b3eabb78f60556840366",
Image: OAuthProxyImage,
Ports: []corev1.ContainerPort{
{ContainerPort: 8443, Name: "oauth-proxy"},
},
Expand Down Expand Up @@ -414,7 +414,7 @@ func TestValidateUpdate(t *testing.T) {
InitContainers: []corev1.Container{
{
Name: "create-cert",
Image: "",
Image: "registry.redhat.io/ubi9@sha256:770cf07083e1c85ae69c25181a205b7cdef63c11b794c89b3b487d4670b4c328",
Command: []string{
"sh",
"-c",
Expand Down Expand Up @@ -490,7 +490,7 @@ func TestValidateUpdate(t *testing.T) {
InitContainers: []corev1.Container{
{
Name: "create-cert",
Image: "",
Image: "registry.redhat.io/ubi9@sha256:770cf07083e1c85ae69c25181a205b7cdef63c11b794c89b3b487d4670b4c328",
Command: []string{
"sh",
"-c",
Expand Down
14 changes: 14 additions & 0 deletions pkg/controllers/support.go
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
package controllers

import (
"os"

rayv1 "github.com/ray-project/kuberay/ray-operator/apis/ray/v1"

corev1 "k8s.io/api/core/v1"
Expand All @@ -14,6 +16,18 @@ import (
routeapply "github.com/openshift/client-go/route/applyconfigurations/route/v1"
)

var (
CertGeneratorImage = getEnv("CERT_GENERATOR_IMAGE", "registry.redhat.io/ubi9@sha256:770cf07083e1c85ae69c25181a205b7cdef63c11b794c89b3b487d4670b4c328")
OAuthProxyImage = getEnv("OAUTH_PROXY_IMAGE", "registry.redhat.io/openshift4/ose-oauth-proxy@sha256:1ea6a01bf3e63cdcf125c6064cbd4a4a270deaf0f157b3eabb78f60556840366")
)

func getEnv(key, fallback string) string {
if value, ok := os.LookupEnv(key); ok {
return value
}
return fallback
}

func serviceNameFromCluster(cluster *rayv1.RayCluster) string {
return cluster.Name + "-head-svc"
}
Expand Down

0 comments on commit a8b6591

Please sign in to comment.