feat: support existing secret for etcd auth (#34)

* fix & test: enrich test cases and fix bug found Signed-off-by: arkbriar <[email protected]> * feat: support existing secret for etcd auth Signed-off-by: arkbriar <[email protected]> * feat: support extra volumes and volume mounts Signed-off-by: arkbriar <[email protected]> * chore: append new lines to all files Signed-off-by: arkbriar <[email protected]> --------- Signed-off-by: arkbriar <[email protected]>
risingwavelabs · Mar 7, 2024 · 2162b82 · 2162b82
1 parent e092b33
commit 2162b82
Show file tree

Hide file tree

Showing 65 changed files with 177 additions and 60 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -32,4 +32,4 @@ jobs:
     - name: Run chart-releaser
       uses: helm/[email protected]
       env:
-        CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+        CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -30,4 +30,4 @@ jobs:
 
     - name: Run Unit Tests
       run: |
-        make test
+        make test
diff --git a/.gitignore b/.gitignore
@@ -134,4 +134,4 @@ Temporary Items
 
 .idea
 **/.debug
-**/__snapshot__
+**/__snapshot__
diff --git a/Makefile b/Makefile
@@ -10,4 +10,7 @@ test:
 	$(foreach chart,$(HELM_CHARTS),helm unittest charts/$(chart);)
 
 sync-crds:
-	./scripts/sync-crds.sh charts/risingwave-operator/crds
+	./scripts/sync-crds.sh charts/risingwave-operator/crds
+
+sanitize:
+	@./scripts/sanitize.sh
diff --git a/charts/risingwave-operator/.helmignore b/charts/risingwave-operator/.helmignore
@@ -21,4 +21,4 @@
 .idea/
 *.tmproj
 .vscode/
-tests
+tests
diff --git a/charts/risingwave-operator/templates/_helpers.tpl b/charts/risingwave-operator/templates/_helpers.tpl
@@ -96,4 +96,4 @@ Create the image name to use.
 {{- else -}}
     {{- printf "%s%s%s"  $repositoryName $separator $termination -}}
 {{- end -}}
-{{- end }}
+{{- end }}
diff --git a/charts/risingwave-operator/templates/certs/certificate.yaml b/charts/risingwave-operator/templates/certs/certificate.yaml
@@ -24,4 +24,4 @@ spec:
   issuerRef:
     name: {{ include "risingwave-operator.fullname" . }}
     kind: Issuer
-  secretName: {{ include "risingwave-operator.fullname" . }}
+  secretName: {{ include "risingwave-operator.fullname" . }}
diff --git a/charts/risingwave-operator/templates/certs/issuer.yaml b/charts/risingwave-operator/templates/certs/issuer.yaml
@@ -18,4 +18,4 @@ metadata:
     {{- toYaml . | nindent 4 }}
   {{- end }}
 spec:
-  selfSigned: {}
+  selfSigned: {}
diff --git a/charts/risingwave-operator/templates/clusterrole.yaml b/charts/risingwave-operator/templates/clusterrole.yaml
@@ -170,4 +170,4 @@ rules:
   verbs:
   - get
   - patch
-  - update
+  - update
diff --git a/charts/risingwave-operator/templates/clusterrolebinding.yaml b/charts/risingwave-operator/templates/clusterrolebinding.yaml
@@ -22,4 +22,4 @@ roleRef:
 subjects:
 - kind: ServiceAccount
   name: {{ include "risingwave-operator.serviceAccountName" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ .Release.Namespace }}
diff --git a/charts/risingwave-operator/templates/deployment.yaml b/charts/risingwave-operator/templates/deployment.yaml
@@ -162,4 +162,4 @@ spec:
       {{- if .Values.manager.additionalContainers }}
       {{- toYaml .Values.manager.additionalContainers | nindent 6 }}
       {{- end }}
-      {{- end }}
+      {{- end }}
diff --git a/charts/risingwave-operator/templates/podmonitor.yaml b/charts/risingwave-operator/templates/podmonitor.yaml
@@ -51,4 +51,4 @@ spec:
     {{- if .Values.monitor.podMonitor.relabelings }}
     {{- include "common.tplvalues.render" (dict "value" .Values.monitor.podMonitor.relabelings "context" $) | nindent 4 }}
     {{- end }}
-{{- end }}
+{{- end }}
diff --git a/charts/risingwave-operator/templates/proxy/clusterrole.yaml b/charts/risingwave-operator/templates/proxy/clusterrole.yaml
@@ -29,4 +29,4 @@ rules:
   resources:
   - subjectaccessreviews
   verbs:
-  - create
+  - create
diff --git a/charts/risingwave-operator/templates/proxy/clusterrolebinding.yaml b/charts/risingwave-operator/templates/proxy/clusterrolebinding.yaml
@@ -24,4 +24,4 @@ roleRef:
 subjects:
 - kind: ServiceAccount
   name: {{ include "risingwave-operator.serviceAccountName" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ .Release.Namespace }}
diff --git a/charts/risingwave-operator/templates/role.yaml b/charts/risingwave-operator/templates/role.yaml
@@ -45,4 +45,4 @@ rules:
   - events
   verbs:
   - create
-  - patch
+  - patch
diff --git a/charts/risingwave-operator/templates/rolebinding.yaml b/charts/risingwave-operator/templates/rolebinding.yaml
@@ -21,4 +21,4 @@ roleRef:
 subjects:
 - kind: ServiceAccount
   name: {{ include "risingwave-operator.serviceAccountName" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ .Release.Namespace }}
diff --git a/charts/risingwave-operator/templates/service.yaml b/charts/risingwave-operator/templates/service.yaml
@@ -25,4 +25,4 @@ spec:
     targetPort: metrics
     name: metrics
   selector:
-    {{- include "risingwave-operator.selectorLabels" . | nindent 4 }}
+    {{- include "risingwave-operator.selectorLabels" . | nindent 4 }}
diff --git a/charts/risingwave/templates/NOTES.txt b/charts/risingwave/templates/NOTES.txt
@@ -34,4 +34,4 @@ Keep the above command running and open a new terminal window to run the followi
     {{- end }}
     psql {{ $psqlHostArgs -}} -p {{ $port }} -d {{ $firstDatabase }} -U {{ .Values.auth.rootUser }}
 
-For more advanced applications, refer to our documentation at: https://www.risingwave.dev
+For more advanced applications, refer to our documentation at: https://www.risingwave.dev
diff --git a/charts/risingwave/templates/_helpers.tpl b/charts/risingwave/templates/_helpers.tpl
@@ -82,8 +82,12 @@ Create the name of the service account to use
 Create the name of the etcd credentials Secret to use
 */}}
 {{- define "risingwave.etcdCredentialsSecretName" -}}
+{{- if .Values.metaStore.etcd.authentication.existingSecretName }}
+{{- .Values.metaStore.etcd.authentication.existingSecretName }}
+{{- else }}
 {{- printf "%s-etcd" (include "risingwave.fullname" .) | trunc 63 | trimSuffix "-" }}
 {{- end }}
+{{- end }}
 
 {{/*
 Create the name of the S3 credentials Secret to use
@@ -315,4 +319,4 @@ Create the OBS endpoint to use.
 */}}
 {{- define "risingwave.obs.endpoint" }}
 {{- printf "https://obs.$(OBS_REGION).myhuaweicloud.com" }}
-{{- end }}
+{{- end }}
diff --git a/charts/risingwave/templates/compactor-deploy.yaml b/charts/risingwave/templates/compactor-deploy.yaml
@@ -53,6 +53,9 @@ spec:
       - name: config
         configMap:
           name: {{ include "risingwave.configurationConfigMapName" . }}
+      {{- if .Values.compactorComponent.extraVolumes }}
+      {{- toYaml .Values.compactorComponent.extraVolumes | nindent 6}}
+      {{- end }}
       restartPolicy: Always
       {{- if .Values.compactorComponent.terminationGracePeriodSeconds }}
       terminationGracePeriodSeconds: {{ .Values.compactorComponent.terminationGracePeriodSeconds }}
@@ -221,6 +224,9 @@ spec:
         - mountPath: /risingwave/config
           name: config
           readOnly: true
+        {{- if .Values.compactorComponent.extraVolumeMounts }}
+        {{- toYaml .Values.compactorComponent.extraVolumeMounts | nindent 8 }}
+        {{- end }}
         {{- if .Values.compactorComponent.securityContext }}
         securityContext: {{ toYaml .Values.compactorComponent.securityContext | nindent 10 }}
         {{- end }}

diff --git a/charts/risingwave/templates/compute-headless-svc.yaml b/charts/risingwave/templates/compute-headless-svc.yaml
@@ -44,4 +44,4 @@ spec:
     port: {{ .Values.ports.frontend.metrics }}
     targetPort: f-metrics
   {{- end }}
-{{- end -}}
+{{- end -}}
diff --git a/charts/risingwave/templates/compute-sts.yaml b/charts/risingwave/templates/compute-sts.yaml
@@ -57,6 +57,9 @@ spec:
       - name: config
         configMap:
           name: {{ include "risingwave.configurationConfigMapName" . }}
+      {{- if .Values.computeComponent.extraVolumes }}
+      {{- toYaml .Values.computeComponent.extraVolumes | nindent 6}}
+      {{- end }}
       restartPolicy: Always
       {{- if .Values.computeComponent.terminationGracePeriodSeconds }}
       terminationGracePeriodSeconds: {{ .Values.computeComponent.terminationGracePeriodSeconds }}
@@ -239,6 +242,9 @@ spec:
         - mountPath: /risingwave/config
           name: config
           readOnly: true
+        {{- if .Values.computeComponent.extraVolumeMounts }}
+        {{- toYaml .Values.computeComponent.extraVolumeMounts | nindent 8 }}
+        {{- end }}
         {{- if .Values.computeComponent.securityContext }}
         securityContext: {{ toYaml .Values.computeComponent.securityContext | nindent 10 }}
         {{- end }}
@@ -436,6 +442,9 @@ spec:
         - mountPath: /risingwave/config
           name: config
           readOnly: true
+        {{- if .Values.frontendComponent.extraVolumeMounts }}
+        {{- toYaml .Values.frontendComponent.extraVolumeMounts | nindent 8 }}
+        {{- end }}
         {{- if .Values.frontendComponent.securityContext }}
         securityContext: {{ toYaml .Values.frontendComponent.securityContext | nindent 10 }}
         {{- end }}

diff --git a/charts/risingwave/templates/configmap.yaml b/charts/risingwave/templates/configmap.yaml
@@ -18,4 +18,4 @@ metadata:
 data:
   risingwave.toml: |
     {{ .Values.configuration | nindent 4 }}
-{{- end }}
+{{- end }}
diff --git a/charts/risingwave/templates/etcd-secret.yaml b/charts/risingwave/templates/etcd-secret.yaml
@@ -4,6 +4,7 @@ SPDX-License-Identifier: APACHE-2.0
 */}}
 
 {{- if and (not .Values.tags.etcd) .Values.metaStore.etcd.authentication.enabled }}
+{{- if not .Values.metaStore.etcd.authentication.existingSecretName }}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -19,3 +20,4 @@ stringData:
   RW_ETCD_USERNAME: {{ .Values.metaStore.etcd.authentication.username | quote }}
   RW_ETCD_PASSWORD: {{ .Values.metaStore.etcd.authentication.password | quote }}
 {{- end }}
+{{- end }}
diff --git a/charts/risingwave/templates/frontend-deploy.yaml b/charts/risingwave/templates/frontend-deploy.yaml
@@ -54,6 +54,9 @@ spec:
       - name: config
         configMap:
           name: {{ include "risingwave.configurationConfigMapName" . }}
+      {{- if .Values.frontendComponent.extraVolumes }}
+      {{- toYaml .Values.frontendComponent.extraVolumes | nindent 6}}
+      {{- end }}
       restartPolicy: Always
       {{- if .Values.frontendComponent.terminationGracePeriodSeconds }}
       terminationGracePeriodSeconds: {{ .Values.frontendComponent.terminationGracePeriodSeconds }}
@@ -174,6 +177,9 @@ spec:
         - mountPath: /risingwave/config
           name: config
           readOnly: true
+        {{- if .Values.frontendComponent.extraVolumeMounts }}
+        {{- toYaml .Values.frontendComponent.extraVolumeMounts | nindent 8 }}
+        {{- end }}
         {{- if .Values.frontendComponent.securityContext }}
         securityContext: {{ toYaml .Values.frontendComponent.securityContext | nindent 10 }}
         {{- end }}

diff --git a/charts/risingwave/templates/hooks/post-install-create-databases.yaml b/charts/risingwave/templates/hooks/post-install-create-databases.yaml
@@ -57,4 +57,4 @@ spec:
           {{- end }}
           EOSQL
           echo "Created databases {{ join "," .Values.databases }}"
-{{- end }}
+{{- end }}
diff --git a/charts/risingwave/templates/hooks/post-install-wait.yaml b/charts/risingwave/templates/hooks/post-install-wait.yaml
@@ -50,4 +50,4 @@ spec:
           done
 
           echo "RisingWave is ready"
-{{- end }}
+{{- end }}
diff --git a/charts/risingwave/templates/meta-headless-svc.yaml b/charts/risingwave/templates/meta-headless-svc.yaml
@@ -31,4 +31,4 @@ spec:
   - name: metrics
     port: {{ .Values.ports.meta.metrics }}
     targetPort: metrics
-{{- end -}}
+{{- end -}}
diff --git a/charts/risingwave/templates/meta-sts.yaml b/charts/risingwave/templates/meta-sts.yaml
@@ -57,6 +57,9 @@ spec:
       - name: config
         configMap:
           name: {{ include "risingwave.configurationConfigMapName" . }}
+      {{- if .Values.metaComponent.extraVolumes }}
+      {{- toYaml .Values.metaComponent.extraVolumes | nindent 6}}
+      {{- end }}
       restartPolicy: Always
       {{- if .Values.metaComponent.terminationGracePeriodSeconds }}
       terminationGracePeriodSeconds: {{ .Values.metaComponent.terminationGracePeriodSeconds }}
@@ -130,7 +133,7 @@ spec:
         - secretRef:
             name: {{ $credentialsSecret }}
         {{- end }}
-        {{- if .Values.metaStore.etcd.authentication.enabled }}
+        {{- if and .Values.metaStore.etcd.authentication.enabled (not .Values.metaStore.etcd.authentication.existingSecretName) }}
         - secretRef:
             name: {{ include "risingwave.etcdCredentialsSecretName" . }}
         {{- end }}
@@ -236,6 +239,19 @@ spec:
               key: {{ include "etcd.secretPasswordKey" .Subcharts.etcd }}
               name: {{ include "etcd.secretName" .Subcharts.etcd }}
         {{- end }}
+        {{- else }}
+        {{- if and .Values.metaStore.etcd.authentication.enabled .Values.metaStore.etcd.authentication.existingSecretName }}
+        - name: RW_ETCD_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              key: username
+              name: {{ include "risingwave.etcdCredentialsSecretName" . }}
+        - name: RW_ETCD_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              key: password
+              name: {{ include "risingwave.etcdCredentialsSecretName" . }}
+        {{- end }}
         {{- end }}
         {{- range .Values.metaComponent.extraEnvVars }}
         - {{ . }}
@@ -253,6 +269,9 @@ spec:
         - mountPath: /risingwave/config
           name: config
           readOnly: true
+        {{- if .Values.metaComponent.extraVolumeMounts }}
+        {{- toYaml .Values.metaComponent.extraVolumeMounts | nindent 8 }}
+        {{- end }}
         {{- if .Values.metaComponent.securityContext }}
         securityContext: {{ toYaml .Values.metaComponent.securityContext | nindent 10 }}
         {{- end }}

diff --git a/charts/risingwave/templates/oss-secret.yaml b/charts/risingwave/templates/oss-secret.yaml
@@ -20,4 +20,4 @@ stringData:
   OSS_ACCESS_KEY_ID: {{ .Values.stateStore.oss.authentication.accessKey }}
   OSS_ACCESS_KEY_SECRET: {{ .Values.stateStore.oss.authentication.secretAccessKey }}
 {{- end }}
-{{- end }}
+{{- end }}
diff --git a/charts/risingwave/templates/podmonitor.yaml b/charts/risingwave/templates/podmonitor.yaml
@@ -123,4 +123,4 @@ spec:
     {{- end }}
   {{- end }}
 {{- end }}
-{{- end -}}
+{{- end -}}
diff --git a/charts/risingwave/templates/service.yaml b/charts/risingwave/templates/service.yaml
@@ -62,4 +62,4 @@ spec:
     {{- end }}
     {{- if or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer") }}
     nodePort: {{ .Values.service.nodePort }}
-    {{- end }}
+    {{- end }}
diff --git a/charts/risingwave/templates/standalone/standalone-sts.yaml b/charts/risingwave/templates/standalone/standalone-sts.yaml
@@ -54,6 +54,9 @@ spec:
       - name: config
         configMap:
           name: {{ include "risingwave.configurationConfigMapName" . }}
+      {{- if .Values.standalone.extraVolumes }}
+      {{- toYaml .Values.standalone.extraVolumes | nindent 6}}
+      {{- end }}
       restartPolicy: Always
       {{- if .Values.standalone.terminationGracePeriodSeconds }}
       terminationGracePeriodSeconds: {{ .Values.standalone.terminationGracePeriodSeconds }}
@@ -184,7 +187,7 @@ spec:
         - secretRef:
             name: {{ $credentialsSecret }}
         {{- end }}
-        {{- if .Values.metaStore.etcd.authentication.enabled }}
+        {{- if and .Values.metaStore.etcd.authentication.enabled (not .Values.metaStore.etcd.authentication.existingSecretName) }}
         - secretRef:
             name: {{ include "risingwave.etcdCredentialsSecretName" . }}
         {{- end }}
@@ -286,6 +289,19 @@ spec:
               key: {{ include "etcd.secretPasswordKey" .Subcharts.etcd }}
               name: {{ include "etcd.secretName" .Subcharts.etcd }}
         {{- end }}
+        {{- else }}
+        {{- if and .Values.metaStore.etcd.authentication.enabled .Values.metaStore.etcd.authentication.existingSecretName }}
+        - name: RW_ETCD_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              key: username
+              name: {{ include "risingwave.etcdCredentialsSecretName" . }}
+        - name: RW_ETCD_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              key: password
+              name: {{ include "risingwave.etcdCredentialsSecretName" . }}
+        {{- end }}
         {{- end }}
         {{- range .Values.standalone.extraEnvVars }}
         - {{ . }}
@@ -303,6 +319,9 @@ spec:
         - mountPath: /risingwave/config
           name: config
           readOnly: true
+        {{- if .Values.standalone.extraVolumeMounts }}
+        {{- toYaml .Values.standalone.extraVolumeMounts | nindent 8 }}
+        {{- end }}
         {{- if .Values.standalone.securityContext }}
         securityContext: {{ toYaml .Values.standalone.securityContext | nindent 10 }}
         {{- end }}

diff --git a/charts/risingwave/tests/azblob_secret_test.yaml b/charts/risingwave/tests/azblob_secret_test.yaml
@@ -99,4 +99,4 @@ tests:
   - isSubset:
       path: metadata.annotations
       content:
-        ANNOTATION: ANNOTATION_V
+        ANNOTATION: ANNOTATION_V
diff --git a/charts/risingwave/tests/configmap_test.yaml b/charts/risingwave/tests/configmap_test.yaml
@@ -70,4 +70,4 @@ tests:
   - isSubset:
       path: metadata.annotations
       content:
-        ANNOTATION: ANNOTATION_V
+        ANNOTATION: ANNOTATION_V