Skip to content

Commit 659b02b

Browse files
committed
fix: harden jindo multi-mount secret projection coverage
Signed-off-by: CAICAIIs <3360776475@qq.com>
1 parent 6df6421 commit 659b02b

32 files changed

Lines changed: 3177 additions & 108 deletions

.github/scripts/build-all-images.sh

Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,15 @@ function get_image_tag() {
1010
}
1111

1212
function build_images() {
13+
minio_e2e_img=local/minio-e2e:latest
14+
oss_emulator_img=${IMG_REPO}/oss-emulator:e2e
15+
csi_registrar_src_img=registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.14.0
16+
csi_registrar_img=${IMG_REPO}/csi-node-driver-registrar:v2.14.0
17+
alluxio_runtime_img=alluxio/alluxio-dev:2.9.0
18+
alluxio_ufs_img=nginx:1.27-alpine
19+
alluxio_init_img=fluidcloudnative/init-users:v0.9.0
20+
jindo_smartdata_img=registry-cn-hongkong.ack.aliyuncs.com/acs/smartdata:6.9.1-202509151826
21+
jindo_fuse_img=registry-cn-hongkong.ack.aliyuncs.com/acs/jindo-fuse:6.9.1-202509151826
1322
images=(
1423
${IMG_REPO}/dataset-controller:${IMAGE_TAG}
1524
${IMG_REPO}/application-controller:${IMAGE_TAG}
@@ -24,9 +33,31 @@ function build_images() {
2433
${IMG_REPO}/fluid-csi:${IMAGE_TAG}
2534
${IMG_REPO}/fluid-webhook:${IMAGE_TAG}
2635
${IMG_REPO}/fluid-crd-upgrader:${IMAGE_TAG}
36+
${minio_e2e_img}
37+
${oss_emulator_img}
38+
${csi_registrar_img}
39+
${alluxio_runtime_img}
40+
${alluxio_ufs_img}
41+
${alluxio_init_img}
42+
${jindo_smartdata_img}
43+
${jindo_fuse_img}
2744
)
2845

2946
make docker-build-all
47+
tmpdir=$(mktemp -d)
48+
cat > ${tmpdir}/Dockerfile <<'EOF'
49+
FROM minio/minio:latest
50+
EOF
51+
docker build -t ${minio_e2e_img} ${tmpdir}
52+
rm -rf ${tmpdir}
53+
docker build -t ${oss_emulator_img} test/gha-e2e/jindo/oss-emulator
54+
docker pull ${csi_registrar_src_img}
55+
docker tag ${csi_registrar_src_img} ${csi_registrar_img}
56+
docker pull ${alluxio_runtime_img}
57+
docker pull ${alluxio_ufs_img}
58+
docker pull ${alluxio_init_img}
59+
docker pull ${jindo_smartdata_img}
60+
docker pull ${jindo_fuse_img}
3061

3162
for img in ${images[@]}; do
3263
echo "Loading image $img to kind cluster..."

charts/fluid/fluid/templates/csi/daemonset.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -105,6 +105,7 @@ spec:
105105
value: unix://{{ .Values.csi.kubelet.rootDir }}/csi-plugins/fuse.csi.fluid.io/csi.sock
106106
- name: NODEPUBLISH_METHOD
107107
value: {{ .Values.csi.nodePublishMethod }}
108+
imagePullPolicy: "IfNotPresent"
108109
volumeMounts:
109110
- name: plugin-dir
110111
mountPath: /plugin

charts/jindocache/Chart.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
apiVersion: v2
22
appVersion: 6.2.0
3-
version: 1.0.4
3+
version: 1.0.5
44
description: FileSystem on the cloud based on Aliyun Object Storage aimed for data
55
acceleration.
66
home: https://help.aliyun.com/document_detail/164207.html

charts/jindocache/templates/_helpers.tpl

Lines changed: 26 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -44,7 +44,32 @@ Distribute credential key and values with secret volume mounting on Jindo's pods
4444
Distribute credential key and values with secret volumes
4545
*/}}
4646
{{- define "jindofs.cred.secret.volumes" -}}
47-
{{- if .Values.UseStsToken }}
47+
{{- if .Values.secretProjections }}
48+
- name: jindofs-secret-token
49+
projected:
50+
sources:
51+
{{- if and .Values.UseStsToken .Values.secret }}
52+
- secret:
53+
name: {{ .Values.secret }}
54+
{{- else if .Values.secret }}
55+
- secret:
56+
name: {{ .Values.secret }}
57+
items:
58+
- key: {{ .Values.secretKey }}
59+
path: AccessKeyId
60+
- key: {{ .Values.secretValue }}
61+
path: AccessKeySecret
62+
{{- end }}
63+
{{- range .Values.secretProjections }}
64+
- secret:
65+
name: {{ .name }}
66+
items:
67+
{{- range .items }}
68+
- key: {{ .key }}
69+
path: {{ .path }}
70+
{{- end }}
71+
{{- end }}
72+
{{- else if .Values.UseStsToken }}
4873
- name: jindofs-secret-token
4974
secret:
5075
secretName: {{ .Values.secret }}

charts/jindocache/templates/fuse/daemonset.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -150,7 +150,7 @@ spec:
150150
subPath: hdfs-site.xml
151151
{{- end }}
152152
{{- end }}
153-
{{- if .Values.secret }}
153+
{{- if or .Values.secret .Values.secretProjections }}
154154
{{ include "jindofs.cred.secret.volumeMounts" . | nindent 12 }}
155155
{{- end }}
156156
{{- if .Values.ufsVolumes }}
@@ -188,7 +188,7 @@ spec:
188188
hostPath:
189189
path: /dev/fuse
190190
type: CharDevice
191-
{{- if .Values.secret }}
191+
{{- if or .Values.secret .Values.secretProjections }}
192192
{{ include "jindofs.cred.secret.volumes" . | nindent 8 }}
193193
{{- end }}
194194
{{- if .Values.ufsVolumes }}

charts/jindocache/templates/master/statefulset.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -175,7 +175,7 @@ spec:
175175
subPath: hdfs-site.xml
176176
{{- end }}
177177
{{- end }}
178-
{{- if .Values.secret }}
178+
{{- if or .Values.secret .Values.secretProjections }}
179179
{{ include "jindofs.cred.secret.volumeMounts" . | nindent 12 }}
180180
{{- end }}
181181
{{- if .Values.ufsVolumes }}
@@ -237,7 +237,7 @@ spec:
237237
name: {{ .Values.hadoopConfig.configMap }}
238238
{{- end }}
239239
{{- end }}
240-
{{- if .Values.secret }}
240+
{{- if or .Values.secret .Values.secretProjections }}
241241
{{ include "jindofs.cred.secret.volumes" . | nindent 8 }}
242242
{{- end }}
243243
{{- if .Values.master.volumes }}

charts/jindocache/templates/worker/statefulset.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -159,7 +159,7 @@ spec:
159159
subPath: hdfs-site.xml
160160
{{- end }}
161161
{{- end }}
162-
{{- if .Values.secret }}
162+
{{- if or .Values.secret .Values.secretProjections }}
163163
{{ include "jindofs.cred.secret.volumeMounts" . | nindent 12 }}
164164
{{- end }}
165165
{{- if .Values.ufsVolumes }}
@@ -222,7 +222,7 @@ spec:
222222
name: {{ .Values.hadoopConfig.configMap }}
223223
{{- end }}
224224
{{- end }}
225-
{{- if .Values.secret }}
225+
{{- if or .Values.secret .Values.secretProjections }}
226226
{{ include "jindofs.cred.secret.volumes" . | nindent 8 }}
227227
{{- end }}
228228
- name: bigboot-config

charts/jindofsx/Chart.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
apiVersion: v2
22
appVersion: 4.6.8
3-
version: 1.0.4
3+
version: 1.0.5
44
description: FileSystem on the cloud based on Aliyun Object Storage aimed for data
55
acceleration.
66
home: https://help.aliyun.com/document_detail/164207.html

charts/jindofsx/templates/_helpers.tpl

Lines changed: 26 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -44,7 +44,32 @@ Distribute credential key and values with secret volume mounting on Jindo's pods
4444
Distribute credential key and values with secret volumes
4545
*/}}
4646
{{- define "jindofs.cred.secret.volumes" -}}
47-
{{- if .Values.UseStsToken }}
47+
{{- if .Values.secretProjections }}
48+
- name: jindofs-secret-token
49+
projected:
50+
sources:
51+
{{- if and .Values.UseStsToken .Values.secret }}
52+
- secret:
53+
name: {{ .Values.secret }}
54+
{{- else if .Values.secret }}
55+
- secret:
56+
name: {{ .Values.secret }}
57+
items:
58+
- key: {{ .Values.secretKey }}
59+
path: AccessKeyId
60+
- key: {{ .Values.secretValue }}
61+
path: AccessKeySecret
62+
{{- end }}
63+
{{- range .Values.secretProjections }}
64+
- secret:
65+
name: {{ .name }}
66+
items:
67+
{{- range .items }}
68+
- key: {{ .key }}
69+
path: {{ .path }}
70+
{{- end }}
71+
{{- end }}
72+
{{- else if .Values.UseStsToken }}
4873
- name: jindofs-secret-token
4974
secret:
5075
secretName: {{ .Values.secret }}

charts/jindofsx/templates/fuse/daemonset.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -162,7 +162,7 @@ spec:
162162
subPath: hdfs-site.xml
163163
{{- end }}
164164
{{- end }}
165-
{{- if .Values.secret }}
165+
{{- if or .Values.secret .Values.secretProjections }}
166166
{{ include "jindofs.cred.secret.volumeMounts" . | nindent 12 }}
167167
{{- end }}
168168
{{- if .Values.ufsVolumes }}
@@ -200,7 +200,7 @@ spec:
200200
hostPath:
201201
path: /dev/fuse
202202
type: CharDevice
203-
{{- if .Values.secret }}
203+
{{- if or .Values.secret .Values.secretProjections }}
204204
{{ include "jindofs.cred.secret.volumes" . | nindent 8 }}
205205
{{- end }}
206206
{{- if .Values.ufsVolumes }}

0 commit comments

Comments
 (0)