Skip to content

Commit

Permalink
Juicefs/fix secret key (fluid-cloudnative#2509)
Browse files Browse the repository at this point in the history
* fix key of secret

Signed-off-by: zwwhdls <[email protected]>

* fix secretkey & update changelog

Signed-off-by: zwwhdls <[email protected]>

Signed-off-by: zwwhdls <[email protected]>
  • Loading branch information
zwwhdls authored Jan 12, 2023
1 parent 5cf584d commit 80d4fbb
Show file tree
Hide file tree
Showing 8 changed files with 35 additions and 20 deletions.
3 changes: 3 additions & 0 deletions charts/juicefs/CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -41,3 +41,6 @@

0.2.10
- Set root user in worker & fuse pod

0.2.11
- Support credential key in secret
2 changes: 1 addition & 1 deletion charts/juicefs/Chart.yaml
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
name: juicefs
apiVersion: v1
description: FileSystem aimed for data analytics and machine learning in any cloud.
version: 0.2.10
version: 0.2.11
appVersion: v1.0.0
home: https://juicefs.com/
maintainers:
Expand Down
8 changes: 4 additions & 4 deletions charts/juicefs/templates/fuse/daemonset.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -83,28 +83,28 @@ spec:
valueFrom:
secretKeyRef:
name: {{ .Values.configs.metaurlSecret }}
key: metaurl
key: {{ .Values.configs.metaurlSecretKey }}
{{- end }}
{{- if .Values.configs.accesskeySecret }}
- name: ACCESS_KEY
valueFrom:
secretKeyRef:
name: {{ .Values.configs.accesskeySecret }}
key: access-key
key: {{ .Values.configs.accesskeySecretKey }}
{{- end }}
{{- if .Values.configs.secretkeySecret }}
- name: SECRET_KEY
valueFrom:
secretKeyRef:
name: {{ .Values.configs.secretkeySecret }}
key: secret-key
key: {{ .Values.configs.secretkeySecretKey }}
{{- end }}
{{- if .Values.configs.tokenSecret }}
- name: TOKEN
valueFrom:
secretKeyRef:
name: {{ .Values.configs.tokenSecret }}
key: token
key: {{ .Values.configs.tokenSecretKey }}
{{- end }}
- name: FLUID_RUNTIME_TYPE
value: "juicefs"
Expand Down
8 changes: 4 additions & 4 deletions charts/juicefs/templates/worker/statefuleset.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -96,28 +96,28 @@ spec:
valueFrom:
secretKeyRef:
name: {{ .Values.configs.metaurlSecret }}
key: metaurl
key: {{ .Values.configs.metaurlSecretKey }}
{{- end }}
{{- if .Values.configs.accesskeySecret }}
- name: ACCESS_KEY
valueFrom:
secretKeyRef:
name: {{ .Values.configs.accesskeySecret }}
key: access-key
key: {{ .Values.configs.accesskeySecretKey }}
{{- end }}
{{- if .Values.configs.secretkeySecret }}
- name: SECRET_KEY
valueFrom:
secretKeyRef:
name: {{ .Values.configs.secretkeySecret }}
key: secret-key
key: {{ .Values.configs.secretkeySecretKey }}
{{- end }}
{{- if .Values.configs.tokenSecret }}
- name: TOKEN
valueFrom:
secretKeyRef:
name: {{ .Values.configs.tokenSecret }}
key: token
key: {{ .Values.configs.tokenSecretKey }}
{{- end }}
lifecycle:
preStop:
Expand Down
4 changes: 4 additions & 0 deletions charts/juicefs/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -60,11 +60,15 @@ worker:
configs:
name: ""
accesskeySecret: ""
accesskeySecretKey: ""
secretkeySecret: ""
secretkeySecretKey: ""
bucket: ""
metaurlSecret: ""
metaurlSecretKey: ""
storage: ""
tokenSecret: ""
tokenSecretKey: ""
formatCmd : ""

## FUSE ##
Expand Down
4 changes: 4 additions & 0 deletions pkg/ddc/juicefs/transform_fuse.go
Original file line number Diff line number Diff line change
Expand Up @@ -133,17 +133,21 @@ func (j *JuiceFSEngine) genValue(mount datav1alpha1.Mount, tiredStoreLevel *data
case JuiceMetaUrl:
source = "${METAURL}"
value.Configs.MetaUrlSecret = secretKeyRef.Name
value.Configs.MetaUrlSecretKey = secretKeyRef.Key
_, ok := secret.Data[secretKeyRef.Key]
if !ok {
return nil, fmt.Errorf("can't get metaurl from secret %s", secret.Name)
}
value.Edition = CommunityEdition
case JuiceAccessKey:
value.Configs.AccessKeySecret = secretKeyRef.Name
value.Configs.AccessKeySecretKey = secretKeyRef.Key
case JuiceSecretKey:
value.Configs.SecretKeySecret = secretKeyRef.Name
value.Configs.SecretKeySecretKey = secretKeyRef.Key
case JuiceToken:
value.Configs.TokenSecret = secretKeyRef.Name
value.Configs.TokenSecretKey = secretKeyRef.Key
}
}

Expand Down
20 changes: 12 additions & 8 deletions pkg/ddc/juicefs/type.go
Original file line number Diff line number Diff line change
Expand Up @@ -44,14 +44,18 @@ type JuiceFS struct {
}

type Configs struct {
Name string `json:"name"`
AccessKeySecret string `json:"accesskeySecret,omitempty"`
SecretKeySecret string `json:"secretkeySecret,omitempty"`
Bucket string `json:"bucket,omitempty"`
MetaUrlSecret string `json:"metaurlSecret,omitempty"`
TokenSecret string `json:"tokenSecret,omitempty"`
Storage string `json:"storage,omitempty"`
FormatCmd string `json:"formatCmd,omitempty"`
Name string `json:"name"`
AccessKeySecret string `json:"accesskeySecret,omitempty"`
AccessKeySecretKey string `json:"accesskeySecretKey,omitempty"`
SecretKeySecret string `json:"secretkeySecret,omitempty"`
SecretKeySecretKey string `json:"secretkeySecretKey,omitempty"`
Bucket string `json:"bucket,omitempty"`
MetaUrlSecret string `json:"metaurlSecret,omitempty"`
MetaUrlSecretKey string `json:"metaurlSecretKey,omitempty"`
TokenSecret string `json:"tokenSecret,omitempty"`
TokenSecretKey string `json:"tokenSecretKey,omitempty"`
Storage string `json:"storage,omitempty"`
FormatCmd string `json:"formatCmd,omitempty"`
}

type Worker struct {
Expand Down
6 changes: 3 additions & 3 deletions test/prow/juicefs_access_data.py
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ def create_redis_secret():
"apiVersion": "v1",
"kind": "Secret",
"metadata": {"name": SECRET_NAME},
"stringData": {"metaurl": "redis://redis:6379/0", "access-key": "minioadmin", "secret-key": "minioadmin"}
"stringData": {"metaurl": "redis://redis:6379/0", "accesskey": "minioadmin", "secretkey": "minioadmin"}
}

api.create_namespaced_secret(namespace=APP_NAMESPACE, body=jfs_secret)
Expand All @@ -82,8 +82,8 @@ def create_dataset_and_runtime(dataset_name):
"options": {"bucket": "http://%s:9000/minio/test" % NODE_IP, "storage": "minio"},
"encryptOptions": [
{"name": "metaurl", "valueFrom": {"secretKeyRef": {"name": SECRET_NAME, "key": "metaurl"}}},
{"name": "access-key", "valueFrom": {"secretKeyRef": {"name": SECRET_NAME, "key": "access-key"}}},
{"name": "secret-key", "valueFrom": {"secretKeyRef": {"name": SECRET_NAME, "key": "secret-key"}}}
{"name": "access-key", "valueFrom": {"secretKeyRef": {"name": SECRET_NAME, "key": "accesskey"}}},
{"name": "secret-key", "valueFrom": {"secretKeyRef": {"name": SECRET_NAME, "key": "secretkey"}}}
]
}],
"accessModes": ["ReadWriteMany"]
Expand Down

0 comments on commit 80d4fbb

Please sign in to comment.