Skip to content

Commit

Permalink
perf(k8s): avoid fetching secrets multiple times (reanahub#456)
Browse files Browse the repository at this point in the history
  • Loading branch information
mdonadoni committed Aug 8, 2024
1 parent 273b72d commit e9cc2d9
Show file tree
Hide file tree
Showing 5 changed files with 419 additions and 324 deletions.
15 changes: 9 additions & 6 deletions reana_commons/k8s/kerberos.py
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@
KRB5_TOKEN_CACHE_LOCATION,
)
from reana_commons.errors import REANASecretDoesNotExist
from reana_commons.k8s.secrets import REANAUserSecretsStore
from reana_commons.k8s.secrets import UserSecrets


KerberosConfig = namedtuple(
Expand All @@ -33,7 +33,7 @@


def get_kerberos_k8s_config(
secrets_store: REANAUserSecretsStore, kubernetes_uid: int
secrets_store: UserSecrets, kubernetes_uid: int
) -> KerberosConfig:
"""Get the k8s specification for the Kerberos init and renew containers.
Expand All @@ -49,14 +49,17 @@ def get_kerberos_k8s_config(
- specification for renew container used to periodically renew Kerberos ticket
"""
secrets_volume_mount = secrets_store.get_secrets_volume_mount_as_k8s_spec()
keytab_file = secrets_store.get_secret_value("CERN_KEYTAB")
cern_user = secrets_store.get_secret_value("CERN_USER")
keytab_file_name = secrets_store.get_secret("CERN_KEYTAB")
cern_user = secrets_store.get_secret("CERN_USER")

if not keytab_file:
if not keytab_file_name:
raise REANASecretDoesNotExist(missing_secrets_list=["CERN_KEYTAB"])
if not cern_user:
raise REANASecretDoesNotExist(missing_secrets_list=["CERN_USER"])

keytab_file_name = keytab_file_name.value_str
cern_user = cern_user.value_str

ticket_cache_volume = {
"name": "krb5-cache",
"emptyDir": {},
Expand Down Expand Up @@ -95,7 +98,7 @@ def get_kerberos_k8s_config(
"command": [
"kinit",
"-kt",
f"/etc/reana/secrets/{keytab_file}",
f"/etc/reana/secrets/{keytab_file_name}",
f"{cern_user}@CERN.CH",
],
"name": KRB5_INIT_CONTAINER_NAME,
Expand Down
Loading

0 comments on commit e9cc2d9

Please sign in to comment.