bugfix: support sync ak/sk secret key-values in JindoRuntime (#4212)

* bugfix: support sync ak/sk secret key-values in JindoRuntime Signed-off-by: trafalgarzzz <[email protected]> * Update CHANGELOG.md Signed-off-by: trafalgarzzz <[email protected]> --------- Signed-off-by: trafalgarzzz <[email protected]>
fluid-cloudnative · Jul 16, 2024 · 873ee01 · 873ee01
1 parent 82e2ca7
commit 873ee01
Show file tree

Hide file tree

Showing 12 changed files with 79 additions and 105 deletions.
diff --git a/charts/jindocache/CHANGELOG.md b/charts/jindocache/CHANGELOG.md
@@ -108,3 +108,6 @@ Fix worker's annotations for pod spec overwrites master's annotations
 1.0.2
 Delete runtime's fsGroup
 Mount ufs volumes according to dataset's accessModes
+
+1.0.3
+Supporting syncing AK/SK secret key-value pairs
diff --git a/charts/jindocache/Chart.yaml b/charts/jindocache/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 appVersion: 6.2.0
-version: 1.0.0
+version: 1.0.3
 description: FileSystem on the cloud based on Aliyun Object Storage aimed for data
   acceleration.
 home: https://help.aliyun.com/document_detail/164207.html

diff --git a/charts/jindocache/templates/_helpers.tpl b/charts/jindocache/templates/_helpers.tpl
@@ -30,3 +30,32 @@ Create chart name and version as used by the chart label.
 {{- define "jindofs.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
+
+{{/*
+Distribute credential key and values with secret volume mounting on Jindo's pods
+*/}}
+{{- define "jindofs.cred.secret.volumeMounts" -}}
+- name: jindofs-secret-token
+  mountPath: /token
+  readOnly: true
+{{- end -}}
+
+{{/*
+Distribute credential key and values with secret volumes
+*/}}
+{{- define "jindofs.cred.secret.volumes" -}}
+{{- if .Values.UseStsToken }}
+- name: jindofs-secret-token
+  secret:
+    secretName: {{ .Values.secret }}
+{{- else }}
+- name: jindofs-secret-token
+  secret:
+    secretName: {{ .Values.secret }}
+    items:
+    - key: {{ .Values.secretKey }}
+      path: AccessKeyId
+    - key: {{ .Values.secretValue }}
+      path: AccessKeySecret
+{{- end }}
+{{- end -}}
diff --git a/charts/jindocache/templates/fuse/daemonset.yaml b/charts/jindocache/templates/fuse/daemonset.yaml
@@ -158,20 +158,7 @@ spec:
           {{- end }}
           {{- end }}
           {{- if .Values.secret }}
-          {{- if .Values.UseStsToken }}
-            - name: jindofs-secret-token
-              mountPath: /token
-              readOnly: true
-          {{- else }}
-            - name: jindofs-secret-token
-              mountPath: /token/AccessKeyId
-              subPath: {{ .Values.secretKey }}
-              readOnly: true
-            - name: jindofs-secret-token
-              mountPath: /token/AccessKeySecret
-              subPath: {{ .Values.secretValue }}
-              readOnly: true
-          {{- end }}
+            {{ include "jindofs.cred.secret.volumeMounts" . | nindent 12 }}
           {{- end }}
           {{- if .Values.ufsVolumes }}
           {{- range .Values.ufsVolumes }}
@@ -209,9 +196,7 @@ spec:
             path: /dev/fuse
             type: CharDevice
         {{- if .Values.secret }}
-        - name: jindofs-secret-token
-          secret:
-            secretName: {{ .Values.secret }}
+        {{ include "jindofs.cred.secret.volumes" . | nindent 8 }}
         {{- end }}
         {{- if .Values.ufsVolumes }}
         {{- range .Values.ufsVolumes }}

diff --git a/charts/jindocache/templates/master/statefulset.yaml b/charts/jindocache/templates/master/statefulset.yaml
@@ -162,20 +162,7 @@ spec:
           {{- end }}
           {{- end }}
           {{- if .Values.secret }}
-          {{- if .Values.UseStsToken }}
-            - name: jindofs-secret-token
-              mountPath: /token
-              readOnly: true
-          {{- else }}
-            - name: jindofs-secret-token
-              mountPath: /token/AccessKeyId
-              subPath: {{ .Values.secretKey }}
-              readOnly: true
-            - name: jindofs-secret-token
-              mountPath: /token/AccessKeySecret
-              subPath: {{ .Values.secretValue }}
-              readOnly: true
-          {{- end }}
+            {{ include "jindofs.cred.secret.volumeMounts" . | nindent 12 }}
           {{- end }}
           {{- if .Values.ufsVolumes }}
           {{- range .Values.ufsVolumes }}
@@ -237,9 +224,7 @@ spec:
         {{- end }}
         {{- end }}
         {{- if .Values.secret }}
-        - name: jindofs-secret-token
-          secret:
-            secretName: {{ .Values.secret }}
+        {{ include "jindofs.cred.secret.volumes" . | nindent 8 }}
         {{- end }}
         {{- if .Values.master.volumes }}
 {{ toYaml .Values.master.volumes | indent 8 }}

diff --git a/charts/jindocache/templates/worker/statefulset.yaml b/charts/jindocache/templates/worker/statefulset.yaml
@@ -162,20 +162,7 @@ spec:
           {{- end }}
           {{- end }}
           {{- if .Values.secret }}
-          {{- if .Values.UseStsToken }}
-            - name: jindofs-secret-token
-              mountPath: /token
-              readOnly: true
-          {{- else }}
-            - name: jindofs-secret-token
-              mountPath: /token/AccessKeyId
-              subPath: {{ .Values.secretKey }}
-              readOnly: true
-            - name: jindofs-secret-token
-              mountPath: /token/AccessKeySecret
-              subPath: {{ .Values.secretValue }}
-              readOnly: true
-          {{- end }}
+            {{ include "jindofs.cred.secret.volumeMounts" . | nindent 12 }}
           {{- end }}
           {{- if .Values.ufsVolumes }}
           {{- range .Values.ufsVolumes }}
@@ -238,9 +225,7 @@ spec:
         {{- end }}
         {{- end }}
         {{- if .Values.secret }}
-        - name: jindofs-secret-token
-          secret:
-            secretName: {{ .Values.secret }}
+        {{ include "jindofs.cred.secret.volumes" . | nindent 8 }}
         {{- end }}
         - name: bigboot-config
           configMap:

diff --git a/charts/jindofsx/CHANGELOG.md b/charts/jindofsx/CHANGELOG.md
@@ -104,4 +104,7 @@ Fix worker's annotations for pod spec overwrites master's annotations
 
 1.0.2
 Delete runtime's fsGroup
-Mount ufs volumes according to dataset's accessModes
+Mount ufs volumes according to dataset's accessModes
+
+1.0.3
+Supporting syncing AK/SK secret key-value pairs
diff --git a/charts/jindofsx/Chart.yaml b/charts/jindofsx/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 appVersion: 4.6.8
-version: 1.0.0
+version: 1.0.3
 description: FileSystem on the cloud based on Aliyun Object Storage aimed for data
   acceleration.
 home: https://help.aliyun.com/document_detail/164207.html

diff --git a/charts/jindofsx/templates/_helpers.tpl b/charts/jindofsx/templates/_helpers.tpl
@@ -30,3 +30,32 @@ Create chart name and version as used by the chart label.
 {{- define "jindofs.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
+
+{{/*
+Distribute credential key and values with secret volume mounting on Jindo's pods
+*/}}
+{{- define "jindofs.cred.secret.volumeMounts" -}}
+- name: jindofs-secret-token
+  mountPath: /token
+  readOnly: true
+{{- end -}}
+
+{{/*
+Distribute credential key and values with secret volumes
+*/}}
+{{- define "jindofs.cred.secret.volumes" -}}
+{{- if .Values.UseStsToken }}
+- name: jindofs-secret-token
+  secret:
+    secretName: {{ .Values.secret }}
+{{- else }}
+- name: jindofs-secret-token
+  secret:
+    secretName: {{ .Values.secret }}
+    items:
+    - key: {{ .Values.secretKey }}
+      path: AccessKeyId
+    - key: {{ .Values.secretValue }}
+      path: AccessKeySecret
+{{- end }}
+{{- end -}}
diff --git a/charts/jindofsx/templates/fuse/daemonset.yaml b/charts/jindofsx/templates/fuse/daemonset.yaml
@@ -158,20 +158,7 @@ spec:
           {{- end }}
           {{- end }}
           {{- if .Values.secret }}
-          {{- if .Values.UseStsToken }}
-            - name: jindofs-secret-token
-              mountPath: /token
-              readOnly: true
-          {{- else }}
-            - name: jindofs-secret-token
-              mountPath: /token/AccessKeyId
-              subPath: {{ .Values.secretKey }}
-              readOnly: true
-            - name: jindofs-secret-token
-              mountPath: /token/AccessKeySecret
-              subPath: {{ .Values.secretValue }}
-              readOnly: true
-          {{- end }}
+            {{ include "jindofs.cred.secret.volumeMounts" . | nindent 12 }}
           {{- end }}
           {{- if .Values.ufsVolumes }}
           {{- range .Values.ufsVolumes }}
@@ -209,9 +196,7 @@ spec:
             path: /dev/fuse
             type: CharDevice
         {{- if .Values.secret }}
-        - name: jindofs-secret-token
-          secret:
-            secretName: {{ .Values.secret }}
+        {{ include "jindofs.cred.secret.volumes" . | nindent 8 }}
         {{- end }}
         {{- if .Values.ufsVolumes }}
         {{- range .Values.ufsVolumes }}

diff --git a/charts/jindofsx/templates/master/statefulset.yaml b/charts/jindofsx/templates/master/statefulset.yaml
@@ -162,20 +162,7 @@ spec:
           {{- end }}
           {{- end }}
           {{- if .Values.secret }}
-          {{- if .Values.UseStsToken }}
-            - name: jindofs-secret-token
-              mountPath: /token
-              readOnly: true
-          {{- else }}
-            - name: jindofs-secret-token
-              mountPath: /token/AccessKeyId
-              subPath: {{ .Values.secretKey }}
-              readOnly: true
-            - name: jindofs-secret-token
-              mountPath: /token/AccessKeySecret
-              subPath: {{ .Values.secretValue }}
-              readOnly: true
-          {{- end }}
+            {{ include "jindofs.cred.secret.volumeMounts" . | nindent 12 }}
           {{- end }}
           {{- if .Values.ufsVolumes }}
           {{- range .Values.ufsVolumes }}
@@ -237,9 +224,7 @@ spec:
         {{- end }}
         {{- end }}
         {{- if .Values.secret }}
-        - name: jindofs-secret-token
-          secret:
-            secretName: {{ .Values.secret }}
+        {{ include "jindofs.cred.secret.volumes" . | nindent 8 }}
         {{- end }}
         {{- if .Values.master.volumes }}
 {{ toYaml .Values.master.volumes | indent 8 }}

diff --git a/charts/jindofsx/templates/worker/statefulset.yaml b/charts/jindofsx/templates/worker/statefulset.yaml
@@ -162,20 +162,7 @@ spec:
           {{- end }}
           {{- end }}
           {{- if .Values.secret }}
-          {{- if .Values.UseStsToken }}
-            - name: jindofs-secret-token
-              mountPath: /token
-              readOnly: true
-          {{- else }}
-            - name: jindofs-secret-token
-              mountPath: /token/AccessKeyId
-              subPath: {{ .Values.secretKey }}
-              readOnly: true
-            - name: jindofs-secret-token
-              mountPath: /token/AccessKeySecret
-              subPath: {{ .Values.secretValue }}
-              readOnly: true
-          {{- end }}
+            {{ include "jindofs.cred.secret.volumeMounts" . | nindent 12 }}
           {{- end }}
           {{- if .Values.ufsVolumes }}
           {{- range .Values.ufsVolumes }}
@@ -238,9 +225,7 @@ spec:
         {{- end }}
         {{- end }}
         {{- if .Values.secret }}
-        - name: jindofs-secret-token
-          secret:
-            secretName: {{ .Values.secret }}
+        {{ include "jindofs.cred.secret.volumes" . | nindent 8 }}
         {{- end }}
         - name: bigboot-config
           configMap: