Skip to content

Commit

Permalink
[sn-platform] Avoid downloading in jwt secret int job (#1121)
Browse files Browse the repository at this point in the history
* Remove kubectl download

* Make isito-proxy quit after job completed

* Apply to slim

* Fix curl when istio disabled
  • Loading branch information
ciiiii authored Nov 2, 2023
1 parent a815e3f commit 775a6e4
Show file tree
Hide file tree
Showing 4 changed files with 57 additions and 4 deletions.
26 changes: 24 additions & 2 deletions charts/sn-platform-slim/templates/toolset/jwt-secret-init-job.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -50,31 +50,53 @@ spec:
- name: {{ template "pulsar.fullname" . }}-jwt-secret-init-config
configMap:
name: {{ template "pulsar.fullname" . }}-jwt-secret-init-config
- name: tmp
emptyDir: {}
initContainers:
- name: "kubectl"
image: "{{ .Values.images.toolset.kubectl.repository }}:{{ .Values.images.toolset.kubectl.tag }}"
imagePullPolicy: {{ .Values.images.toolset.kubectl.pullPolicy }}
command: ["cp", "/opt/bitnami/kubectl/bin/kubectl", "/tmp/binaries"]
{{- if .Values.toolset.resources }}
resources:
{{ toYaml .Values.toolset.resources | indent 10 }}
{{- end }}
volumeMounts:
- name: tmp
mountPath: /tmp/binaries
{{- if .Values.toolset.securityContext }}
securityContext: {{- toYaml .Values.toolset.securityContext | nindent 8 }}
{{- end }}
containers:
- name: "{{ template "pulsar.fullname" . }}-jwt-secret-init"
image: "{{ .Values.images.toolset.repository }}:{{ .Values.images.toolset.tag }}"
imagePullPolicy: {{ .Values.images.toolset.pullPolicy }}
command: ["bash", "-c"]
args:
- >
curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl";
- |
set -ex;
cp /tmp/binaries/kubectl /pulsar/kubectl;
chmod +x /pulsar/kubectl;
mkdir -p scripts/pulsar;
cp scripts/jwt-secret-config/* scripts/pulsar;
chmod +x scripts/pulsar/*;
usingSecretKey={{ .Values.auth.authentication.jwt.usingSecretKey }};
ls -lh scripts/pulsar/;
if [ "${usingSecretKey}" = "true" ]; then
./scripts/pulsar/prepare_helm_release.sh -n {{ template "pulsar.namespace" . }} -k {{ .Release.Name }} --symmetric;
else
./scripts/pulsar/prepare_helm_release.sh -n {{ template "pulsar.namespace" . }} -k {{ .Release.Name }};
fi;
curl -sf -XPOST http://127.0.0.1:15020/quitquitquit || true;
{{- if .Values.toolset.resources }}
resources:
{{ toYaml .Values.toolset.resources | indent 10 }}
{{- end }}
volumeMounts:
- mountPath: /pulsar/scripts/jwt-secret-config
name: {{ template "pulsar.fullname" . }}-jwt-secret-init-config
- name: tmp
mountPath: /tmp/binaries
restartPolicy: Never
{{- if .Values.toolset.securityContext }}
securityContext: {{- toYaml .Values.toolset.securityContext | nindent 8 }}
Expand Down
4 changes: 4 additions & 0 deletions charts/sn-platform-slim/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -166,6 +166,10 @@ images:
repository: busybox
tag: "1.36.1-uclibc"
pullPolicy: IfNotPresent
kubectl:
repository: bitnami/kubectl
tag: "1.28.3"
pullPolicy: IfNotPresent
prometheus:
repository: quay.io/prometheus/prometheus
tag: "v2.43.0"
Expand Down
27 changes: 25 additions & 2 deletions charts/sn-platform/templates/toolset/jwt-secret-init-job.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -50,31 +50,54 @@ spec:
- name: {{ template "pulsar.fullname" . }}-jwt-secret-init-config
configMap:
name: {{ template "pulsar.fullname" . }}-jwt-secret-init-config
- name: tmp
emptyDir: {}
initContainers:
- name: "kubectl"
image: "{{ .Values.images.toolset.kubectl.repository }}:{{ .Values.images.toolset.kubectl.tag }}"
imagePullPolicy: {{ .Values.images.toolset.kubectl.pullPolicy }}
command: ["cp", "/opt/bitnami/kubectl/bin/kubectl", "/tmp/binaries"]
{{- if .Values.toolset.resources }}
resources:
{{ toYaml .Values.toolset.resources | indent 10 }}
{{- end }}
volumeMounts:
- name: tmp
mountPath: /tmp/binaries
{{- if .Values.toolset.securityContext }}
securityContext: {{- toYaml .Values.toolset.securityContext | nindent 8 }}
{{- end }}
containers:
- name: "{{ template "pulsar.fullname" . }}-jwt-secret-init"
image: "{{ .Values.images.toolset.repository }}:{{ .Values.images.toolset.tag }}"
imagePullPolicy: {{ .Values.images.toolset.pullPolicy }}
command: ["bash", "-c"]
args:
- >
curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl";
- |
set -ex;
cp /tmp/binaries/kubectl /pulsar/kubectl;
chmod +x /pulsar/kubectl;
mkdir -p scripts/pulsar;
cp scripts/jwt-secret-config/* scripts/pulsar;
chmod +x scripts/pulsar/*;
usingSecretKey={{ .Values.auth.authentication.jwt.usingSecretKey }};
ls -lh scripts/pulsar/;
if [ "${usingSecretKey}" = "true" ]; then
./scripts/pulsar/prepare_helm_release.sh -n {{ template "pulsar.namespace" . }} -k {{ .Release.Name }} --symmetric;
else
./scripts/pulsar/prepare_helm_release.sh -n {{ template "pulsar.namespace" . }} -k {{ .Release.Name }};
fi;
curl -sf -XPOST http://127.0.0.1:15020/quitquitquit || true;
{{- if .Values.toolset.resources }}
resources:
{{ toYaml .Values.toolset.resources | indent 10 }}
{{- end }}
volumeMounts:
- mountPath: /pulsar/scripts/jwt-secret-config
name: {{ template "pulsar.fullname" . }}-jwt-secret-init-config
- name: tmp
mountPath: /tmp/binaries
restartPolicy: Never
{{- if .Values.toolset.securityContext }}
securityContext: {{- toYaml .Values.toolset.securityContext | nindent 8 }}
Expand Down
4 changes: 4 additions & 0 deletions charts/sn-platform/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -193,6 +193,10 @@ images:
repository: busybox
tag: "1.36.1-uclibc"
pullPolicy: IfNotPresent
kubectl:
repository: bitnami/kubectl
tag: "1.28.3"
pullPolicy: IfNotPresent
prometheus:
repository: quay.io/prometheus/prometheus
tag: "v2.43.0"
Expand Down

0 comments on commit 775a6e4

Please sign in to comment.