From 63623f55ff986f5455fc4f85dc0f4fc95340cc68 Mon Sep 17 00:00:00 2001 From: Kevin Date: Wed, 10 Jul 2024 10:50:49 -0400 Subject: [PATCH] make oauth image and cert generator configurable via env vars Signed-off-by: Kevin --- .github/workflows/project-codeflare-release.yml | 13 ++++++++++++- main.go | 1 - pkg/config/config.go | 2 -- pkg/controllers/raycluster_webhook.go | 6 +++--- pkg/controllers/raycluster_webhook_test.go | 8 ++++---- pkg/controllers/support.go | 14 ++++++++++++++ 6 files changed, 33 insertions(+), 11 deletions(-) diff --git a/.github/workflows/project-codeflare-release.yml b/.github/workflows/project-codeflare-release.yml index 93f7b6e07..d946d5c55 100644 --- a/.github/workflows/project-codeflare-release.yml +++ b/.github/workflows/project-codeflare-release.yml @@ -98,7 +98,18 @@ jobs: steps: - name: Release CodeFlare operator run: | - gh workflow run tag-and-build.yml --repo ${{ github.event.inputs.codeflare-repository-organization }}/codeflare-operator --ref ${{ github.ref }} --field is-stable=${{ github.event.inputs.is-stable }} --field version=${{ github.event.inputs.operator-version }} --field replaces=${{ github.event.inputs.replaces }} --field codeflare-sdk-version=${{ github.event.inputs.codeflare-sdk-version }} --field appwrapper-version=${{ github.event.inputs.appwrapper-version }} --field kuberay-version=${{ github.event.inputs.kuberay-version }} --field kueue-version=${{ github.event.inputs.kueue-version }} --field quay-organization=${{ github.event.inputs.quay-organization }} --field community-operators-prod-fork-organization=${{ github.event.inputs.codeflare-repository-organization }} --field community-operators-prod-organization=${{ github.event.inputs.community-operators-prod-organization }} + gh workflow run tag-and-build.yml --repo ${{ github.event.inputs.codeflare-repository-organization }}/codeflare-operator \ + --ref ${{ github.ref }} \ + --field is-stable=${{ github.event.inputs.is-stable }} \ + --field version=${{ github.event.inputs.operator-version }} \ + --field replaces=${{ github.event.inputs.replaces }} \ + --field codeflare-sdk-version=${{ github.event.inputs.codeflare-sdk-version }} \ + --field appwrapper-version=${{ github.event.inputs.appwrapper-version }} \ + --field kuberay-version=${{ github.event.inputs.kuberay-version }} \ + --field kueue-version=${{ github.event.inputs.kueue-version }} \ + --field quay-organization=${{ github.event.inputs.quay-organization }} \ + --field community-operators-prod-fork-organization=${{ github.event.inputs.codeflare-repository-organization }} \ + --field community-operators-prod-organization=${{ github.event.inputs.community-operators-prod-organization }} env: GITHUB_TOKEN: ${{ secrets.CODEFLARE_MACHINE_ACCOUNT_TOKEN }} shell: bash diff --git a/main.go b/main.go index 9c0d0437d..eb0d149aa 100644 --- a/main.go +++ b/main.go @@ -147,7 +147,6 @@ func main() { RayDashboardOAuthEnabled: ptr.To(true), IngressDomain: "", MTLSEnabled: ptr.To(true), - CertGeneratorImage: "registry.redhat.io/ubi9@sha256:770cf07083e1c85ae69c25181a205b7cdef63c11b794c89b3b487d4670b4c328", }, AppWrapper: &config.AppWrapperConfiguration{ Enabled: ptr.To(false), diff --git a/pkg/config/config.go b/pkg/config/config.go index 49749dfec..ddbff27ce 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -50,8 +50,6 @@ type KubeRayConfiguration struct { IngressDomain string `json:"ingressDomain"` MTLSEnabled *bool `json:"mTLSEnabled,omitempty"` - - CertGeneratorImage string `json:"certGeneratorImage"` } type ControllerManager struct { diff --git a/pkg/controllers/raycluster_webhook.go b/pkg/controllers/raycluster_webhook.go index dab128115..4e4b259f6 100644 --- a/pkg/controllers/raycluster_webhook.go +++ b/pkg/controllers/raycluster_webhook.go @@ -231,7 +231,7 @@ func validateHeadGroupServiceAccountName(rayCluster *rayv1.RayCluster) field.Err func oauthProxyContainer(rayCluster *rayv1.RayCluster) corev1.Container { return corev1.Container{ Name: oauthProxyContainerName, - Image: "registry.redhat.io/openshift4/ose-oauth-proxy@sha256:1ea6a01bf3e63cdcf125c6064cbd4a4a270deaf0f157b3eabb78f60556840366", + Image: OAuthProxyImage, Ports: []corev1.ContainerPort{ {ContainerPort: 8443, Name: "oauth-proxy"}, }, @@ -349,7 +349,7 @@ func rayHeadInitContainer(rayCluster *rayv1.RayCluster, config *config.KubeRayCo initContainerHead := corev1.Container{ Name: "create-cert", - Image: config.CertGeneratorImage, + Image: CertGeneratorImage, Command: []string{ "sh", "-c", @@ -363,7 +363,7 @@ func rayHeadInitContainer(rayCluster *rayv1.RayCluster, config *config.KubeRayCo func rayWorkerInitContainer(config *config.KubeRayConfiguration) corev1.Container { initContainerWorker := corev1.Container{ Name: "create-cert", - Image: config.CertGeneratorImage, + Image: CertGeneratorImage, Command: []string{ "sh", "-c", diff --git a/pkg/controllers/raycluster_webhook_test.go b/pkg/controllers/raycluster_webhook_test.go index 44927309d..d8e4f8c43 100644 --- a/pkg/controllers/raycluster_webhook_test.go +++ b/pkg/controllers/raycluster_webhook_test.go @@ -243,7 +243,7 @@ func TestValidateCreate(t *testing.T) { Containers: []corev1.Container{ { Name: oauthProxyContainerName, - Image: "registry.redhat.io/openshift4/ose-oauth-proxy@sha256:1ea6a01bf3e63cdcf125c6064cbd4a4a270deaf0f157b3eabb78f60556840366", + Image: OAuthProxyImage, Ports: []corev1.ContainerPort{ {ContainerPort: 8443, Name: "oauth-proxy"}, }, @@ -363,7 +363,7 @@ func TestValidateUpdate(t *testing.T) { Containers: []corev1.Container{ { Name: oauthProxyContainerName, - Image: "registry.redhat.io/openshift4/ose-oauth-proxy@sha256:1ea6a01bf3e63cdcf125c6064cbd4a4a270deaf0f157b3eabb78f60556840366", + Image: OAuthProxyImage, Ports: []corev1.ContainerPort{ {ContainerPort: 8443, Name: "oauth-proxy"}, }, @@ -414,7 +414,7 @@ func TestValidateUpdate(t *testing.T) { InitContainers: []corev1.Container{ { Name: "create-cert", - Image: "", + Image: "registry.redhat.io/ubi9@sha256:770cf07083e1c85ae69c25181a205b7cdef63c11b794c89b3b487d4670b4c328", Command: []string{ "sh", "-c", @@ -490,7 +490,7 @@ func TestValidateUpdate(t *testing.T) { InitContainers: []corev1.Container{ { Name: "create-cert", - Image: "", + Image: "registry.redhat.io/ubi9@sha256:770cf07083e1c85ae69c25181a205b7cdef63c11b794c89b3b487d4670b4c328", Command: []string{ "sh", "-c", diff --git a/pkg/controllers/support.go b/pkg/controllers/support.go index 24285ff1b..61ba32d2a 100644 --- a/pkg/controllers/support.go +++ b/pkg/controllers/support.go @@ -1,6 +1,8 @@ package controllers import ( + "os" + rayv1 "github.com/ray-project/kuberay/ray-operator/apis/ray/v1" corev1 "k8s.io/api/core/v1" @@ -14,6 +16,18 @@ import ( routeapply "github.com/openshift/client-go/route/applyconfigurations/route/v1" ) +var ( + CertGeneratorImage = getEnv("CERT_GENERATOR_IMAGE", "registry.redhat.io/ubi9@sha256:770cf07083e1c85ae69c25181a205b7cdef63c11b794c89b3b487d4670b4c328") + OAuthProxyImage = getEnv("OAUTH_PROXY_IMAGE", "registry.redhat.io/openshift4/ose-oauth-proxy@sha256:1ea6a01bf3e63cdcf125c6064cbd4a4a270deaf0f157b3eabb78f60556840366") +) + +func getEnv(key, fallback string) string { + if value, ok := os.LookupEnv(key); ok { + return value + } + return fallback +} + func serviceNameFromCluster(cluster *rayv1.RayCluster) string { return cluster.Name + "-head-svc" }