Skip to content

Commit ccf1dcc

Browse files
committed
fix: harden jindo multi-mount secret projection coverage
Signed-off-by: CAICAIIs <3360776475@qq.com>
1 parent 6df6421 commit ccf1dcc

27 files changed

Lines changed: 3088 additions & 106 deletions

.github/scripts/build-all-images.sh

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,8 @@ function get_image_tag() {
1010
}
1111

1212
function build_images() {
13+
minio_e2e_img=local/minio-e2e:latest
14+
oss_emulator_img=${IMG_REPO}/oss-emulator:e2e
1315
images=(
1416
${IMG_REPO}/dataset-controller:${IMAGE_TAG}
1517
${IMG_REPO}/application-controller:${IMAGE_TAG}
@@ -24,9 +26,18 @@ function build_images() {
2426
${IMG_REPO}/fluid-csi:${IMAGE_TAG}
2527
${IMG_REPO}/fluid-webhook:${IMAGE_TAG}
2628
${IMG_REPO}/fluid-crd-upgrader:${IMAGE_TAG}
29+
${minio_e2e_img}
30+
${oss_emulator_img}
2731
)
2832

2933
make docker-build-all
34+
tmpdir=$(mktemp -d)
35+
cat > ${tmpdir}/Dockerfile <<'EOF'
36+
FROM minio/minio:latest
37+
EOF
38+
docker build -t ${minio_e2e_img} ${tmpdir}
39+
rm -rf ${tmpdir}
40+
docker build -t ${oss_emulator_img} test/gha-e2e/jindo/oss-emulator
3041

3142
for img in ${images[@]}; do
3243
echo "Loading image $img to kind cluster..."

charts/jindocache/Chart.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
apiVersion: v2
22
appVersion: 6.2.0
3-
version: 1.0.4
3+
version: 1.0.5
44
description: FileSystem on the cloud based on Aliyun Object Storage aimed for data
55
acceleration.
66
home: https://help.aliyun.com/document_detail/164207.html

charts/jindocache/templates/_helpers.tpl

Lines changed: 26 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -44,7 +44,32 @@ Distribute credential key and values with secret volume mounting on Jindo's pods
4444
Distribute credential key and values with secret volumes
4545
*/}}
4646
{{- define "jindofs.cred.secret.volumes" -}}
47-
{{- if .Values.UseStsToken }}
47+
{{- if .Values.secretProjections }}
48+
- name: jindofs-secret-token
49+
projected:
50+
sources:
51+
{{- if and .Values.UseStsToken .Values.secret }}
52+
- secret:
53+
name: {{ .Values.secret }}
54+
{{- else if .Values.secret }}
55+
- secret:
56+
name: {{ .Values.secret }}
57+
items:
58+
- key: {{ .Values.secretKey }}
59+
path: AccessKeyId
60+
- key: {{ .Values.secretValue }}
61+
path: AccessKeySecret
62+
{{- end }}
63+
{{- range .Values.secretProjections }}
64+
- secret:
65+
name: {{ .name }}
66+
items:
67+
{{- range .items }}
68+
- key: {{ .key }}
69+
path: {{ .path }}
70+
{{- end }}
71+
{{- end }}
72+
{{- else if .Values.UseStsToken }}
4873
- name: jindofs-secret-token
4974
secret:
5075
secretName: {{ .Values.secret }}

charts/jindocache/templates/fuse/daemonset.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -150,7 +150,7 @@ spec:
150150
subPath: hdfs-site.xml
151151
{{- end }}
152152
{{- end }}
153-
{{- if .Values.secret }}
153+
{{- if or .Values.secret .Values.secretProjections }}
154154
{{ include "jindofs.cred.secret.volumeMounts" . | nindent 12 }}
155155
{{- end }}
156156
{{- if .Values.ufsVolumes }}
@@ -188,7 +188,7 @@ spec:
188188
hostPath:
189189
path: /dev/fuse
190190
type: CharDevice
191-
{{- if .Values.secret }}
191+
{{- if or .Values.secret .Values.secretProjections }}
192192
{{ include "jindofs.cred.secret.volumes" . | nindent 8 }}
193193
{{- end }}
194194
{{- if .Values.ufsVolumes }}

charts/jindocache/templates/master/statefulset.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -175,7 +175,7 @@ spec:
175175
subPath: hdfs-site.xml
176176
{{- end }}
177177
{{- end }}
178-
{{- if .Values.secret }}
178+
{{- if or .Values.secret .Values.secretProjections }}
179179
{{ include "jindofs.cred.secret.volumeMounts" . | nindent 12 }}
180180
{{- end }}
181181
{{- if .Values.ufsVolumes }}
@@ -237,7 +237,7 @@ spec:
237237
name: {{ .Values.hadoopConfig.configMap }}
238238
{{- end }}
239239
{{- end }}
240-
{{- if .Values.secret }}
240+
{{- if or .Values.secret .Values.secretProjections }}
241241
{{ include "jindofs.cred.secret.volumes" . | nindent 8 }}
242242
{{- end }}
243243
{{- if .Values.master.volumes }}

charts/jindocache/templates/worker/statefulset.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -159,7 +159,7 @@ spec:
159159
subPath: hdfs-site.xml
160160
{{- end }}
161161
{{- end }}
162-
{{- if .Values.secret }}
162+
{{- if or .Values.secret .Values.secretProjections }}
163163
{{ include "jindofs.cred.secret.volumeMounts" . | nindent 12 }}
164164
{{- end }}
165165
{{- if .Values.ufsVolumes }}
@@ -222,7 +222,7 @@ spec:
222222
name: {{ .Values.hadoopConfig.configMap }}
223223
{{- end }}
224224
{{- end }}
225-
{{- if .Values.secret }}
225+
{{- if or .Values.secret .Values.secretProjections }}
226226
{{ include "jindofs.cred.secret.volumes" . | nindent 8 }}
227227
{{- end }}
228228
- name: bigboot-config

charts/jindofsx/Chart.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
apiVersion: v2
22
appVersion: 4.6.8
3-
version: 1.0.4
3+
version: 1.0.5
44
description: FileSystem on the cloud based on Aliyun Object Storage aimed for data
55
acceleration.
66
home: https://help.aliyun.com/document_detail/164207.html

charts/jindofsx/templates/_helpers.tpl

Lines changed: 26 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -44,7 +44,32 @@ Distribute credential key and values with secret volume mounting on Jindo's pods
4444
Distribute credential key and values with secret volumes
4545
*/}}
4646
{{- define "jindofs.cred.secret.volumes" -}}
47-
{{- if .Values.UseStsToken }}
47+
{{- if .Values.secretProjections }}
48+
- name: jindofs-secret-token
49+
projected:
50+
sources:
51+
{{- if and .Values.UseStsToken .Values.secret }}
52+
- secret:
53+
name: {{ .Values.secret }}
54+
{{- else if .Values.secret }}
55+
- secret:
56+
name: {{ .Values.secret }}
57+
items:
58+
- key: {{ .Values.secretKey }}
59+
path: AccessKeyId
60+
- key: {{ .Values.secretValue }}
61+
path: AccessKeySecret
62+
{{- end }}
63+
{{- range .Values.secretProjections }}
64+
- secret:
65+
name: {{ .name }}
66+
items:
67+
{{- range .items }}
68+
- key: {{ .key }}
69+
path: {{ .path }}
70+
{{- end }}
71+
{{- end }}
72+
{{- else if .Values.UseStsToken }}
4873
- name: jindofs-secret-token
4974
secret:
5075
secretName: {{ .Values.secret }}

charts/jindofsx/templates/fuse/daemonset.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -162,7 +162,7 @@ spec:
162162
subPath: hdfs-site.xml
163163
{{- end }}
164164
{{- end }}
165-
{{- if .Values.secret }}
165+
{{- if or .Values.secret .Values.secretProjections }}
166166
{{ include "jindofs.cred.secret.volumeMounts" . | nindent 12 }}
167167
{{- end }}
168168
{{- if .Values.ufsVolumes }}
@@ -200,7 +200,7 @@ spec:
200200
hostPath:
201201
path: /dev/fuse
202202
type: CharDevice
203-
{{- if .Values.secret }}
203+
{{- if or .Values.secret .Values.secretProjections }}
204204
{{ include "jindofs.cred.secret.volumes" . | nindent 8 }}
205205
{{- end }}
206206
{{- if .Values.ufsVolumes }}

charts/jindofsx/templates/master/statefulset.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -187,7 +187,7 @@ spec:
187187
subPath: hdfs-site.xml
188188
{{- end }}
189189
{{- end }}
190-
{{- if .Values.secret }}
190+
{{- if or .Values.secret .Values.secretProjections }}
191191
{{ include "jindofs.cred.secret.volumeMounts" . | nindent 12 }}
192192
{{- end }}
193193
{{- if .Values.ufsVolumes }}
@@ -249,7 +249,7 @@ spec:
249249
name: {{ .Values.hadoopConfig.configMap }}
250250
{{- end }}
251251
{{- end }}
252-
{{- if .Values.secret }}
252+
{{- if or .Values.secret .Values.secretProjections }}
253253
{{ include "jindofs.cred.secret.volumes" . | nindent 8 }}
254254
{{- end }}
255255
{{- if .Values.master.volumes }}

0 commit comments

Comments
 (0)