Skip to content

Commit

Permalink
Merge pull request #8180 from Param-29/paramm/secrets-file
Browse files Browse the repository at this point in the history 
Randomizing default helm credentials
  • Loading branch information
@rasswanth-s
rasswanth-s authored Dec 10, 2023
2 parents 4088773 + da9a9ef commit 6b0da6a
Show file tree
Hide file tree
Showing 43 changed files with 358 additions and 10,561 deletions.
2 changes: 2 additions & 0 deletions .bumpversion.cfg
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,3 +53,5 @@ first_value = 1
[bumpversion:file:packages/grid/podman/podman-kube/podman-syft-kube-config.yaml]

[bumpversion:file:packages/syftcli/manifest.yml]

[bumpversion:file:packages/grid/helm/syft/values.yaml]
2 changes: 1 addition & 1 deletion .github/workflows/cd-syft.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -358,7 +358,7 @@ jobs:
author_name: ${{ secrets.OM_BOT_NAME }}
author_email: ${{ secrets.OM_BOT_EMAIL }}
message: "[syft]bump version"
add: "['.bumpversion.cfg', 'VERSION', 'packages/grid/VERSION','packages/syft/PYPI.md', 'packages/grid/devspace.yaml', 'packages/syft/src/syft/VERSION', 'packages/syft/setup.cfg', 'packages/grid/frontend/package.json', 'packages/syft/src/syft/__init__.py', 'packages/hagrid/hagrid/manifest_template.yml', 'packages/grid/helm/syft/Chart.yaml','packages/grid/helm/repo', 'packages/hagrid/hagrid/deps.py', 'packages/grid/podman/podman-kube/podman-syft-kube.yaml' ,'packages/grid/podman/podman-kube/podman-syft-kube-config.yaml', 'packages/syftcli/manifest.yml', 'packages/syft/src/syft/protocol/protocol_version.json', 'packages/grid/backend/worker_cpu.dockerfile']"
add: "['.bumpversion.cfg', 'VERSION', 'packages/grid/VERSION','packages/syft/PYPI.md', 'packages/grid/devspace.yaml', 'packages/syft/src/syft/VERSION', 'packages/syft/setup.cfg', 'packages/grid/frontend/package.json', 'packages/syft/src/syft/__init__.py', 'packages/hagrid/hagrid/manifest_template.yml', 'packages/grid/helm/syft/Chart.yaml','packages/grid/helm/repo', 'packages/hagrid/hagrid/deps.py', 'packages/grid/podman/podman-kube/podman-syft-kube.yaml' ,'packages/grid/podman/podman-kube/podman-syft-kube-config.yaml', 'packages/syftcli/manifest.yml', 'packages/syft/src/syft/protocol/protocol_version.json', 'packages/grid/backend/worker_cpu.dockerfile','packages/grid/helm/syft/values.yaml','packages/grid/helm/syft']"

- name: Scheduled Build and Publish
if: github.event_name == 'schedule'
Expand Down
8 changes: 4 additions & 4 deletions .github/workflows/pr-tests-stack.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -82,7 +82,7 @@ jobs:
echo "dir=$(pip cache dir)" >> $GITHUB_OUTPUT
- name: pip cache
uses: buildjet/cache@v3
uses: actions/cache@v3
if: steps.changes.outputs.stack == 'true'
with:
path: ${{ steps.pip-cache.outputs.dir }}
Expand Down Expand Up @@ -272,7 +272,7 @@ jobs:
echo "dir=$(pip cache dir)" >> $GITHUB_OUTPUT
- name: pip cache
uses: buildjet/cache@v3
uses: actions/cache@v3
if: steps.changes.outputs.stack == 'true'
with:
path: ${{ steps.pip-cache.outputs.dir }}
Expand Down Expand Up @@ -354,7 +354,7 @@ jobs:
echo "dir=$(pip cache dir)" >> $GITHUB_OUTPUT
- name: pip cache
uses: buildjet/cache@v3
uses: actions/cache@v3
if: steps.changes.outputs.stack == 'true'
with:
path: ${{ steps.pip-cache.outputs.dir }}
Expand Down Expand Up @@ -560,7 +560,7 @@ jobs:
echo "dir=$(pip cache dir)" >> $GITHUB_OUTPUT
- name: pip cache
uses: buildjet/cache@v3
uses: actions/cache@v3
if: steps.changes.outputs.stack == 'true'
with:
path: ${{ steps.pip-cache.outputs.dir }}
Expand Down
8 changes: 4 additions & 4 deletions .github/workflows/pr-tests-syft.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,7 @@ jobs:
echo "dir=$(pip cache dir)" >> $GITHUB_OUTPUT
- name: pip cache
uses: buildjet/cache@v3
uses: actions/cache@v3
if: steps.changes.outputs.syft == 'true'
with:
path: ${{ steps.pip-cache.outputs.dir }}
Expand Down Expand Up @@ -160,7 +160,7 @@ jobs:
echo "dir=$(pip cache dir)" >> $GITHUB_OUTPUT
- name: pip cache
uses: buildjet/cache@v3
uses: actions/cache@v3
if: steps.changes.outputs.syft == 'true' || steps.changes.outputs.notebooks == 'true'
with:
path: ${{ steps.pip-cache.outputs.dir }}
Expand Down Expand Up @@ -240,7 +240,7 @@ jobs:
echo "dir=$(pip cache dir)" >> $GITHUB_OUTPUT
- name: pip cache
uses: buildjet/cache@v3
uses: actions/cache@v3
if: steps.changes.outputs.stack == 'true' || steps.changes.outputs.notebooks == 'true'
with:
path: ${{ steps.pip-cache.outputs.dir }}
Expand Down Expand Up @@ -338,7 +338,7 @@ jobs:
echo "dir=$(pip cache dir)" >> $GITHUB_OUTPUT
- name: pip cache
uses: buildjet/cache@v3
uses: actions/cache@v3
if: steps.changes.outputs.syft == 'true'
with:
path: ${{ steps.pip-cache.outputs.dir }}
Expand Down
4 changes: 2 additions & 2 deletions packages/grid/default.env
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,9 +66,9 @@ VITE_PUBLIC_API_BASE_URL="/api/v2"
S3_ENDPOINT="seaweedfs"
S3_PORT=8333
S3_ROOT_USER="admin"
S3_ROOT_PWD="admin"
S3_ROOT_PWD="admin" # needs randomizing
S3_REGION="us-east-1"
S3_PRESIGNED_TIMEOUT_SECS=1800
S3_PRESIGNED_TIMEOUT_SECS=1800 #not-using
S3_VOLUME_SIZE_MB=1024

# Jax
Expand Down
249 changes: 19 additions & 230 deletions packages/grid/devspace.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,12 +15,13 @@ pipelines:
run: |-
run_dependencies --all
ensure_pull_secrets --all
build_images --all -t $(git rev-parse --short=6 HEAD) -t 0.8.4-beta.2 -t dev-latest
build_images --all
create_deployments --all
vars:
DEVSPACE_ENV_FILE: "default.env"
CONTAINER_REGISTRY: "docker.io"
NODE_NAME: "mynode"
VERSION: "0.8.4-beta.2"

# This is a list of `images` that DevSpace can build for this project
Expand All @@ -34,6 +35,7 @@ images:
tags:
- dev-latest
- "${VERSION}"
- "${devspace.git.commit}"
frontend:
image: "${CONTAINER_REGISTRY}/${DOCKER_IMAGE_FRONTEND}"
buildKit:
Expand All @@ -44,6 +46,7 @@ images:
tags:
- dev-latest
- "${VERSION}"
- "${devspace.git.commit}"
seaweedfs:
image: "${CONTAINER_REGISTRY}/${DOCKER_IMAGE_SEAWEEDFS}"
buildKit: {}
Expand All @@ -54,237 +57,24 @@ images:
tags:
- dev-latest
- "${VERSION}"
- "${devspace.git.commit}"

# This is a list of `deployments` that DevSpace can create for this project
deployments:
grid-stack-ingress:
kubectl:
manifests:
- k8s/manifests/ingress.yaml

traefik-main-config:
kubectl:
manifests:
- "k8s/manifests/traefik-domain.yaml"

seaweedfs-config:
kubectl:
manifests:
- "k8s/manifests/seaweedfs.yaml"

proxy:
helm:
upgradeArgs:
- --dependency-update
chart:
name: component-chart
repo: https://charts.devspace.sh
values:
containers:
- image: "${DOCKER_IMAGE_TRAEFIK}:${TRAEFIK_VERSION}"
volumeMounts:
- containerPath: /etc/traefik
volume:
name: traefik-conf
env:
- name: SERVICE_NAME
value: "proxy"
volumes:
- name: traefik-conf
configMap:
name: traefik-main-config
service:
name: "proxy"
ports:
- name: proxy
port: 80
# - name: api
# port: 4000

backend:
helm:
upgradeArgs:
- --dependency-update
chart:
name: component-chart
repo: https://charts.devspace.sh
values:
# PodSecurityContext (uncomment for rootless "syftuser")
# securityContext:
# runAsNonRoot: true
# runAsUser: 1000
# runAsGroup: 1000
# fsGroup: 1000
# fsGroupChangePolicy: "Always"
containers:
- image: "${CONTAINER_REGISTRY}/${DOCKER_IMAGE_BACKEND}:${VERSION}"
volumeMounts:
- containerPath: /root/data/creds/
volume:
name: credentials-data
subPath: /credentials-data
readOnly: false
env:
- name: MONGO_PORT
value: "${MONGO_PORT}"
- name: MONGO_HOST
value: "${MONGO_HOST}"
- name: MONGO_USERNAME
value: "${MONGO_USERNAME}"
- name: MONGO_PASSWORD
value: "${MONGO_PASSWORD}"
- name: SERVICE_NAME
value: "backend"
- name: RELEASE
value: "${RELEASE}"
- name: VERSION
value: "${VERSION}"
- name: VERSION_HASH
value: "${VERSION_HASH}"
- name: NODE_TYPE
value: "${NODE_TYPE}"
- name: NODE_NAME
value: "${NODE_NAME}"
- name: NODE_SIDE_TYPE
value: "${NODE_SIDE_TYPE}"
- name: STACK_API_KEY
value: "changeme"
- name: PORT
value: "${HTTP_PORT}"
- name: IGNORE_TLS_ERRORS
value: "${IGNORE_TLS_ERRORS}"
- name: HTTP_PORT
value: "${HTTP_PORT}"
- name: HTTPS_PORT
value: "${HTTPS_PORT}"
- name: CONTAINER_HOST
value: "k8s"
- name: TRACE
value: "${TRACE}"
- name: JAEGER_HOST
value: "${JAEGER_HOST}"
- name: JAEGER_PORT
value: "${JAEGER_PORT}"
- name: DEV_MODE
value: "${DEV_MODE}"
- name: DOMAIN_CONNECTION_PORT
value: "${DOMAIN_CONNECTION_PORT}"
- name: ENABLE_OBLV
value: "${ENABLE_OBLV}"
- name: DEFAULT_ROOT_EMAIL
value: "${DEFAULT_ROOT_EMAIL}"
- name: DEFAULT_ROOT_PASSWORD
value: "${DEFAULT_ROOT_PASSWORD}"
volumes:
- name: credentials-data
size: "100Mi"
service:
name: "backend"
ports:
- port: "${HTTP_PORT}"

mongo:
helm:
upgradeArgs:
- --dependency-update
chart:
name: component-chart
repo: https://charts.devspace.sh
values:
containers:
- image: "${MONGO_IMAGE}:${MONGO_VERSION}"
env:
- name: MONGO_INITDB_ROOT_USERNAME
value: "${MONGO_USERNAME}"
- name: MONGO_INITDB_ROOT_PASSWORD
value: "${MONGO_PASSWORD}"
volumeMounts:
- containerPath: /data/db
volume:
name: mongo-data
subPath: /
readOnly: false
volumes:
- name: mongo-data
size: "5Gi"
service:
name: mongo
ports:
- port: "27017"

seaweedfs:
helm:
upgradeArgs:
- --dependency-update
chart:
name: component-chart
repo: https://charts.devspace.sh
values:
containers:
- image: "${CONTAINER_REGISTRY}/${DOCKER_IMAGE_SEAWEEDFS}:${VERSION}"
env:
- name: S3_VOLUME_SIZE_MB
value: "${S3_VOLUME_SIZE_MB}"
- name: S3_ROOT_USER
value: "${S3_ROOT_USER}"
- name: S3_ROOT_PWD
value: "${S3_ROOT_PWD}"
- name: S3_PORT
value: "${S3_PORT}"
- name: SEAWEED_MOUNT_PORT
value: "${SEAWEED_MOUNT_PORT}"
volumeMounts:
- containerPath: /etc/seaweedfs/filer.toml
volume:
name: seaweedfs-config
subPath: /filer.toml
readOnly: false
- containerPath: /etc/seaweedfs/start.sh
volume:
name: seaweedfs-config
subPath: /start.sh
readOnly: false
- containerPath: /data/blob
volume:
name: seaweedfs-data
subPath: /
readOnly: false
volumes:
- name: seaweedfs-data
size: "5Gi"
- name: seaweedfs-config
configMap:
name: seaweedfs-config
service:
name: seaweedfs
ports:
- port: "8888" # filer
- port: "8333" # S3
- port: "4001" # mount azure

frontend:
syft:
helm:
upgradeArgs:
- --dependency-update
chart:
name: component-chart
repo: https://charts.devspace.sh
name: ./helm/syft
values:
containers:
- image: "${CONTAINER_REGISTRY}/${DOCKER_IMAGE_FRONTEND}:${VERSION}"
env:
- name: VERSION
value: "${VERSION}"
- name: VERSION_HASH
value: "${VERSION_HASH}"
- name: NODE_TYPE
value: "${NODE_TYPE}"
- name: NEXT_PUBLIC_API_URL
value: "${NEXT_PUBLIC_API_URL}"
service:
name: "frontend"
ports:
- port: "80"
container:
registry: ${CONTAINER_REGISTRY}
syft_version: "dev-latest"
node:
settings:
nodeName: ${NODE_NAME}
nodeType: "domain"
# configuration:
# devmode: True

dev:
mongo:
Expand All @@ -311,10 +101,9 @@ dev:
profiles:
- name: gateway
patches:
- op: remove
path: deployments.seaweedfs
- op: remove
path: deployments.seaweedfs-config
- op: replace
path: deployments.syft.helm.values.node.settings.nodeType
value: "gateway"

commands:
start:
Expand Down
Loading

0 comments on commit 6b0da6a

Please sign in to comment.