feat(livebook) AWS credentials and data folder (#17555)
**Description** <!-- Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. List any dependencies that are required for this change. --> Followup after #16880. I'm still waiting for the next release of Livebook before moving this to the stable train as it comes with a fix for clustering (https://github.com/phoenixframework/dns_cluster/issues/10). * Adding variables for AWS credentials * moved the variables in `questions.yaml` to the `podOptions` section. This ways I can put secret values inside secrets. * Run as non-root by default * Point the `LIVEBOOK_DATA_PATH` to the PVC in order to persist the config (e.g. aws storage config) **⚙️ Type of change** - [x] ⚙️ Feature/App addition - [ ] 🪛 Bugfix - [ ] ⚠️ Breaking change (fix or feature that would cause existing functionality to not work as expected) - [x] 🔃 Refactor of current code **🧪 How Has This Been Tested?** <!-- Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration --> Using `helm template` to verify the resulting manifest. **📃 Notes:** <!-- Please enter any other relevant information here --> **✔️ Checklist:** - [x] ⚖️ My code follows the style guidelines of this project - [x] 👀 I have performed a self-review of my own code - [ ] #️⃣ I have commented my code, particularly in hard-to-understand areas - [ ] 📄 I have made corresponding changes to the documentation - [x] ⚠️ My changes generate no new warnings - [ ] 🧪 I have added tests to this description that prove my fix is effective or that my feature works - [x] ⬆️ I increased versions for any altered app according to semantic versioning --- _Please don't blindly check all the boxes. Read them and only check those that apply. Those checkboxes are there for the reviewer to see what is this all about and the status of this PR with a quick glance._
This commit is contained in:
Michael Ruoss
GitHub
parent
fd246dc4ef
commit
0a85155bf1
|
|
@ -34,4 +34,4 @@ sources:
|
|||
- https://github.com/truecharts/charts/tree/master/charts/dev/livebook
|
||||
- https://ghcr.io/livebook-dev/livebook
|
||||
type: application
|
||||
version: 3.1.1
|
||||
version: 3.2.0
|
||||
|
|
|
|||
|
|
@ -0,0 +1,2 @@
|
|||
livebook:
|
||||
password: thisisunsafefortests
|
||||
|
|
@ -9,31 +9,67 @@ questions:
|
|||
# Include{replicas1}
|
||||
# Include{podSpec}
|
||||
# Include{containerMain}
|
||||
- variable: env
|
||||
label: Image Environment
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: LIVEBOOK_PASSWORD
|
||||
label: "Password (LIVEBOOK_PASSWORD)"
|
||||
description: "Password needed to access livebook (must be at least 12 characters)"
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
private: true
|
||||
- variable: LIVEBOOK_DEBUG
|
||||
label: "Debug Logging (LIVEBOOK_DEBUG)"
|
||||
description: >
|
||||
enables verbose logging, when set to "true". Disabled by default.
|
||||
schema:
|
||||
type: boolean
|
||||
- variable: LIVEBOOK_UPDATE_INSTRUCTIONS_URL
|
||||
label: "Update instruction URL (LIVEBOOK_UPDATE_INSTRUCTIONS_URL)"
|
||||
description: >
|
||||
sets the URL to direct the user to for updating Livebook when a new version becomes available.
|
||||
schema:
|
||||
type: string
|
||||
# Include{containerBasic}
|
||||
# Include{containerAdvanced}
|
||||
# Include{containerConfig}
|
||||
# Include{podOptions}
|
||||
- variable: livebook
|
||||
group: App Configuration
|
||||
label: Livebook
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: password
|
||||
label: "Password (LIVEBOOK_PASSWORD)"
|
||||
description: Password needed to access livebook (must be at least 12 characters)
|
||||
schema:
|
||||
type: string
|
||||
min_length: 12
|
||||
required: true
|
||||
private: true
|
||||
- variable: debug
|
||||
label: "Debug Logging (LIVEBOOK_DEBUG)"
|
||||
description: >
|
||||
Enables verbose logging, when set to "true". Disabled by default.
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: updateInstructionsUrl
|
||||
label: "Update instruction URL (LIVEBOOK_UPDATE_INSTRUCTIONS_URL)"
|
||||
description: >
|
||||
Sets the URL to direct the user to for updating Livebook when a new version becomes available.
|
||||
schema:
|
||||
type: string
|
||||
- variable: awsCredentials
|
||||
label: AWS Credentials
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: enabled
|
||||
label: "Set AWS Credentials"
|
||||
description: >
|
||||
Enable Livebook to read AWS Credentials from environment variables,
|
||||
AWS Credentials, EC2/ECS metadata when configuring S3 buckets.
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: accessKeyId
|
||||
label: "AWS Access Key ID"
|
||||
description: >
|
||||
AWS Access Key ID in case you want to configure AWS S3 Storage inside Livebook
|
||||
schema:
|
||||
type: string
|
||||
- variable: secretAccessKey
|
||||
label: "AWS Secret Access Key"
|
||||
description: >
|
||||
AWS Secret Access Key in case you want to configure AWS S3 Storage inside Livebook
|
||||
schema:
|
||||
type: string
|
||||
private: true
|
||||
# Include{serviceRoot}
|
||||
- variable: main
|
||||
label: "Main Service"
|
||||
|
|
@ -86,13 +122,13 @@ questions:
|
|||
description: "The UserID of the user running the application"
|
||||
schema:
|
||||
type: int
|
||||
default: 0
|
||||
default: 568
|
||||
- variable: runAsGroup
|
||||
label: "runAsGroup"
|
||||
description: "The groupID of the user running the application"
|
||||
schema:
|
||||
type: int
|
||||
default: 0
|
||||
default: 568
|
||||
# Include{securityContextContainer}
|
||||
# Include{securityContextAdvanced}
|
||||
# Include{securityContextPod}
|
||||
|
|
|
|||
|
|
@ -10,6 +10,8 @@
|
|||
{{- end }}
|
||||
enabled: true
|
||||
data:
|
||||
LIVEBOOK_SECRET_KEY_BASE: {{ $secretKeyBase }}
|
||||
LIVEBOOK_COOKIE: {{ $cookie }}
|
||||
LIVEBOOK_SECRET_KEY_BASE: {{ $secretKeyBase | quote }}
|
||||
LIVEBOOK_COOKIE: {{ $cookie | quote }}
|
||||
LIVEBOOK_PASSWORD: {{ .Values.livebook.password | quote }}
|
||||
AWS_SECRET_ACCESS_KEY: {{ .Values.livebook.awsCredentials.secretAccessKey | default "" | quote }}
|
||||
{{- end -}}
|
||||
|
|
|
|||
|
|
@ -12,8 +12,8 @@ portal:
|
|||
securityContext:
|
||||
container:
|
||||
readOnlyRootFilesystem: false
|
||||
runAsGroup: 0
|
||||
runAsUser: 0
|
||||
runAsGroup: 568
|
||||
runAsUser: 568
|
||||
service:
|
||||
main:
|
||||
ports:
|
||||
|
|
@ -42,6 +42,7 @@ workload:
|
|||
LIVEBOOK_NODE: livebook@$(A_POD_IP)
|
||||
LIVEBOOK_PORT: "{{ .Values.service.main.ports.main.port }}"
|
||||
LIVEBOOK_HOME: "{{ .Values.persistence.data.mountPath }}"
|
||||
LIVEBOOK_DATA_PATH: "{{ .Values.persistence.data.mountPath }}"
|
||||
LIVEBOOK_SECRET_KEY_BASE:
|
||||
secretKeyRef:
|
||||
name: secrets
|
||||
|
|
@ -50,3 +51,24 @@ workload:
|
|||
secretKeyRef:
|
||||
name: secrets
|
||||
key: LIVEBOOK_COOKIE
|
||||
LIVEBOOK_PASSWORD:
|
||||
secretKeyRef:
|
||||
name: secrets
|
||||
key: LIVEBOOK_PASSWORD
|
||||
LIVEBOOK_DEBUG: '{{ ternary "true" "false" .Values.livebook.debug }}'
|
||||
LIVEBOOK_UPDATE_INSTRUCTIONS_URL: "{{ .Values.livebook.updateInstructionsUrl }}"
|
||||
LIVEBOOK_AWS_CREDENTIALS: '{{ ternary "true" "false" .Values.livebook.awsCredentials.enabled }}'
|
||||
AWS_ACCESS_KEY_ID: "{{ .Values.livebook.awsCredentials.accessKeyId }}"
|
||||
AWS_SECRET_ACCESS_KEY:
|
||||
secretKeyRef:
|
||||
name: secrets
|
||||
key: AWS_SECRET_ACCESS_KEY
|
||||
# default values
|
||||
livebook:
|
||||
password: ""
|
||||
updateInstructionsUrl: ""
|
||||
debug: false
|
||||
awsCredentials:
|
||||
enabled: false
|
||||
accessKeyId: ""
|
||||
secretAccessKey: ""
|
||||
|
|
|
|||
Loading…
Reference in New Issue