From bc182026307ad50bf6637884b852ab89ec3bc0a6 Mon Sep 17 00:00:00 2001 From: JR40159 <126243293+JR40159@users.noreply.github.com> Date: Wed, 12 Jun 2024 13:23:23 +0000 Subject: [PATCH] Upgrade registry deployment --- .../bailo/templates/bailo/bailo.deployment.yaml | 3 +++ infrastructure/helm/bailo/templates/certs.yaml | 2 +- .../templates/registry/registry.configmap.yaml | 2 +- .../templates/registry/registry.deployment.yaml | 17 +++++++---------- infrastructure/helm/bailo/values.yaml | 15 ++++++--------- 5 files changed, 18 insertions(+), 21 deletions(-) diff --git a/infrastructure/helm/bailo/templates/bailo/bailo.deployment.yaml b/infrastructure/helm/bailo/templates/bailo/bailo.deployment.yaml index fe2b2bf31..72cdfca76 100644 --- a/infrastructure/helm/bailo/templates/bailo/bailo.deployment.yaml +++ b/infrastructure/helm/bailo/templates/bailo/bailo.deployment.yaml @@ -21,6 +21,9 @@ spec: labels: name: backend spec: + {{- if .Values.backend.serviceAccount }} + serviceAccountName: {{ .Values.backend.serviceAccount }} + {{- end }} {{- with .Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} diff --git a/infrastructure/helm/bailo/templates/certs.yaml b/infrastructure/helm/bailo/templates/certs.yaml index 2319173ad..2728b6e83 100644 --- a/infrastructure/helm/bailo/templates/certs.yaml +++ b/infrastructure/helm/bailo/templates/certs.yaml @@ -6,4 +6,4 @@ metadata: {{- include "bailo.labels" . | nindent 4 }} type: Opaque data: -{{ (.Files.Glob "certs/**.pem").AsSecrets | indent 2 }} \ No newline at end of file +{{ (.Files.Glob "{certs/**.pem,certs/jwks.json}").AsSecrets | indent 2 }} \ No newline at end of file diff --git a/infrastructure/helm/bailo/templates/registry/registry.configmap.yaml b/infrastructure/helm/bailo/templates/registry/registry.configmap.yaml index 2bf48fa3e..02085c705 100644 --- a/infrastructure/helm/bailo/templates/registry/registry.configmap.yaml +++ b/infrastructure/helm/bailo/templates/registry/registry.configmap.yaml @@ -16,7 +16,7 @@ data: cache: blobdescriptor: inmemory s3: - {{- if .Values.minio.enabled }} + {{- if .Values.minio.enabled }} regionendpoint: {{ ternary "https" "http" (eq .Values.minio.useSSL true)}}://{{ include "bailo.minio.host" . }}:{{ .Values.minio.service.ports.api }} {{- end }} bucket: {{ .Values.minio.registryBucket }} diff --git a/infrastructure/helm/bailo/templates/registry/registry.deployment.yaml b/infrastructure/helm/bailo/templates/registry/registry.deployment.yaml index c9ba873f6..dae659e94 100644 --- a/infrastructure/helm/bailo/templates/registry/registry.deployment.yaml +++ b/infrastructure/helm/bailo/templates/registry/registry.deployment.yaml @@ -15,6 +15,9 @@ spec: labels: name: registry spec: + {{- if .Values.registry.serviceAccount }} + serviceAccountName: {{ .Values.registry.serviceAccount }} + {{- end }} {{- with .Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} @@ -40,16 +43,6 @@ spec: value: {{ .Values.registry.certDir }}/{{ .Values.registry.certFile }} - name: REGISTRY_HTTP_TLS_KEY value: {{ .Values.registry.certDir }}/{{ .Values.registry.keyFile }} - - name: REGISTRY_STORAGE_S3_ACCESSKEY - valueFrom: - secretKeyRef: - name: {{ include "bailo.fullname" . }}-minio - key: root-user - - name: REGISTRY_STORAGE_S3_SECRETKEY - valueFrom: - secretKeyRef: - name: {{ include "bailo.fullname" . }}-minio - key: root-password - name: REGISTRY_AUTH value: "token" - name: REGISTRY_AUTH_TOKEN_REALM @@ -61,6 +54,8 @@ spec: value: "RegistryIssuer" - name: REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE value: {{ .Values.registry.certDir }}/{{ .Values.registry.certFile }} + - name: REGISTRY_AUTH_TOKEN_JWKS + value: {{ .Values.registry.certDir }}/{{ .Values.registry.jwksFile }} - name: REGISTRY_HTTP_SECRET valueFrom: secretKeyRef: @@ -87,3 +82,5 @@ spec: path: {{ .Values.registry.certFile }} - key: {{ .Values.nginxcert.key }} path: {{ .Values.registry.keyFile }} + - key: {{ .Values.registry.jwksFile }} + path: {{ .Values.registry.jwksFile }} diff --git a/infrastructure/helm/bailo/values.yaml b/infrastructure/helm/bailo/values.yaml index e2cd993a2..523a3f422 100644 --- a/infrastructure/helm/bailo/values.yaml +++ b/infrastructure/helm/bailo/values.yaml @@ -178,7 +178,7 @@ minio: # Registry Dependencies registry: repository: registry - tag: 2 + tag: 3.0.0-alpha.1 enabled: true protocol: "https" #host: "bailo-registry" # service name @@ -186,7 +186,9 @@ registry: insecure: "true" certDir: "/certs" certFile: cert.pem #use san.cnf to create certs + jwksFile: jwks.json keyFile: key.pem + serviceAccount: '' # Nginx Dependencies nginxAuth: @@ -210,11 +212,6 @@ openshift: # Instance Settings config: - s2i: - name: "seldonio - 1.10.0" - image: seldonio/seldon-core-s2i-python37:1.10.0 - supportEmail: "support@example.com" - ui: banner: enabled: false @@ -231,9 +228,6 @@ config: pass: "mailpass" from: "bailo@example.com" - build: - environment: img # 'img' for k8s | eks and 'openshfit' for openshift - app: protocol: "https" port: 443 @@ -263,3 +257,6 @@ inference: # Url for the inferencing cluster host: 'https://example.com' gpus: + +backend: + serviceAccount: ''