diff --git a/charts/mlops/templates/cap.yml b/charts/mlops/templates/cap.yml index 9d3a9ac5..f8f6fc28 100644 --- a/charts/mlops/templates/cap.yml +++ b/charts/mlops/templates/cap.yml @@ -104,6 +104,11 @@ spec: baseConfig: jobsStorageClass: {{.Values.controlPlane.baseConfig.jobsStorageClass}} featureFlags: + {{- if eq .Values.platform "ocp"}} + OCP_ENABLED: "true" + {{- else }} + OCP_ENABLED: "false" + {{- end }} {{- range $fk, $fv := .Values.controlPlane.baseConfig.featureFlags }} {{$fk}}: "{{$fv}}" {{- end }} @@ -284,7 +289,11 @@ spec: credsRef: {{.Values.dbs.prom.grafana.credsRef}} networking: ingress: + {{- if eq .Values.platform "ocp"}} + type: "openshift" + {{- else}} type: {{.Values.networking.ingress.type}} + {{- end }} timeout: {{.Values.networking.ingress.timeout}} retriesAttempts: {{.Values.networking.ingress.retriesAttempts}} perTryTimeout: {{.Values.networking.ingress.perTryTimeout}} @@ -311,16 +320,16 @@ spec: enabled: {{.Values.sso.enabled}} version: {{.Values.sso.version}} pki: - enabled: {{.Values.sso.pki.enabled}} + enabled: {{.Values.sso.enabled}} rootCaSecret: {{.Values.sso.pki.rootCaSecret}} privateKeySecret: {{.Values.sso.pki.privateKeySecret}} publicKeySecret: {{.Values.sso.pki.publicKeySecret}} jwks: - enabled: {{.Values.sso.jwks.enabled}} + enabled: {{.Values.sso.enabled}} image: {{.Values.sso.jwks.image}} cacheImage: {{.Values.sso.jwks.cacheImage}} central: - enabled: {{.Values.sso.central.enabled}} + enabled: {{.Values.sso.enabled}} publicUrl: {{.Values.sso.central.publicUrl}} oauthProxyImage: {{.Values.sso.central.oauthProxyImage}} centralUiImage: {{.Values.sso.central.centralUiImage}} @@ -344,7 +353,7 @@ spec: cpu: "{{.Values.sso.central.limits.cpu}}" memory: "{{.Values.sso.central.limits.memory}}" proxy: - enabled: {{.Values.sso.proxy.enabled}} + enabled: {{.Values.sso.enabled}} image: {{.Values.sso.proxy.image}} address: {{.Values.sso.proxy.address}} readiness: {{.Values.sso.proxy.readiness}} diff --git a/charts/mlops/values.yaml b/charts/mlops/values.yaml index 68efc7ce..91a1e7e5 100644 --- a/charts/mlops/values.yaml +++ b/charts/mlops/values.yaml @@ -103,7 +103,6 @@ controlPlane: CNVRG_ENABLE_MOUNT_FOLDERS: false CNVRG_MOUNT_HOST_FOLDERS: false CNVRG_PROMETHEUS_METRICS: true - OCP_ENABLED: false sentryUrl: '' runJobsOnSelfCluster: '' agentCustomTag: '' @@ -340,7 +339,7 @@ sso: memory: 4Gi proxy: enabled: false - image: cnvrg-proxy:ns-watch-scope + image: cnvrg-proxy:4d10ded address: "" readiness: true requests: diff --git a/pkg/app/sso/central.go b/pkg/app/sso/central.go index d5f76c84..9b39aaf0 100644 --- a/pkg/app/sso/central.go +++ b/pkg/app/sso/central.go @@ -64,7 +64,11 @@ func (c *CentralStateManager) depData() map[string]interface{} { "Namespace": c.app.Namespace, "SsoDomainId": strings.Split(c.app.Spec.ClusterDomain, ".")[0], "Spec": c.app.Spec, - "AppUrl": fmt.Sprintf("%s://%s.%s", c.schema(), c.app.Spec.ControlPlane.WebApp.SvcName, c.app.Spec.ClusterDomain), + "AppUrl": fmt.Sprintf("%s://%s%s.%s", c.schema(), + c.app.Spec.Networking.ClusterDomainPrefix.Prefix, + c.app.Spec.ControlPlane.WebApp.SvcName, + c.app.Spec.ClusterDomain, + ), } } @@ -79,9 +83,10 @@ func (c *CentralStateManager) proxyCfgData() map[string]interface{} { "Provider": c.app.Spec.SSO.Central.Provider, "ClientId": c.app.Spec.SSO.Central.ClientID, "ClientSecret": c.app.Spec.SSO.Central.ClientSecret, - "RedirectUrl": fmt.Sprintf("%s://%s.%s/oauth2/callback", + "RedirectUrl": fmt.Sprintf("%s://%s%s.%s/oauth2/callback", c.schema(), c.app.Spec.SSO.Central.SvcName, + c.app.Spec.Networking.ClusterDomainPrefix.Prefix, c.app.Spec.ClusterDomain), "OidcIssuerURL": c.app.Spec.SSO.Central.OidcIssuerURL, "Scope": c.app.Spec.SSO.Central.Scope, diff --git a/pkg/app/sso/tmpl/proxy/dep.tpl b/pkg/app/sso/tmpl/proxy/dep.tpl index 8b9e470d..996fe8c8 100644 --- a/pkg/app/sso/tmpl/proxy/dep.tpl +++ b/pkg/app/sso/tmpl/proxy/dep.tpl @@ -66,6 +66,7 @@ spec: - start - --authz-addr=127.0.0.1:50052 - --ingress-type={{.Spec.Networking.Ingress.Type}} + - --namespace={{.Namespace }} ports: - containerPort: 8888 {{- if isTrue .Spec.SSO.Proxy.Readiness }} @@ -90,6 +91,7 @@ spec: - /opt/app-root/authz - start - --ingress-type={{.Spec.Networking.Ingress.Type}} + - --namespace={{.Namespace }} resources: limits: cpu: {{ .Spec.SSO.Proxy.Limits.Cpu }}