feat: Support to pull MySQL credentials from secrets

wandb · Sep 20, 2024 · 665910f · 665910f
1 parent 69d5b27
commit 665910f
Show file tree

Hide file tree

Showing 8 changed files with 31 additions and 10 deletions.
diff --git a/charts/operator-wandb/charts/app/templates/deployment.yaml b/charts/operator-wandb/charts/app/templates/deployment.yaml
@@ -62,7 +62,7 @@ spec:
               valueFrom:
                 secretKeyRef:
                   name: {{ include "wandb.mysql.passwordSecret" . }}
-                  key:  MYSQL_PASSWORD
+                  key: {{ include "wandb.mysql.passwordSecret.key" . }}
           command: ['bash', '-c', "until mysql -h$MYSQL_HOST -u$MYSQL_USER -p$MYSQL_PASSWORD -D$MYSQL_DATABASE -P$MYSQL_PORT --execute=\"SELECT 1\"; do echo waiting for db; sleep 2; done"]
       containers:
         - name: {{ .Chart.Name }}
@@ -109,7 +109,7 @@ spec:
               valueFrom:
                 secretKeyRef:
                   name: {{ include "wandb.mysql.passwordSecret" . }}
-                  key:  MYSQL_PASSWORD
+                  key: {{ include "wandb.mysql.passwordSecret.key" . }}
             - name: MYSQL
               value: "mysql://$(MYSQL_USER):$(MYSQL_PASSWORD)@$(MYSQL_HOST):$(MYSQL_PORT)/$(MYSQL_DATABASE)"
 

diff --git a/charts/operator-wandb/charts/flat-run-fields-updater/templates/deployment.yaml b/charts/operator-wandb/charts/flat-run-fields-updater/templates/deployment.yaml
@@ -104,7 +104,7 @@ spec:
               valueFrom:
                 secretKeyRef:
                   name: {{ include "wandb.mysql.passwordSecret" . }}
-                  key:  MYSQL_PASSWORD
+                  key: {{ include "wandb.mysql.passwordSecret.key" . }}
             - name: MYSQL
               value: "mysql://$(MYSQL_USER):$(MYSQL_PASSWORD)@$(MYSQL_HOST):$(MYSQL_PORT)/$(MYSQL_DATABASE)"
             - name: KAFKA_BROKER_HOST

diff --git a/charts/operator-wandb/charts/mysql/templates/statefulset.yaml b/charts/operator-wandb/charts/mysql/templates/statefulset.yaml
@@ -49,12 +49,12 @@ spec:
               valueFrom:
                 secretKeyRef:
                   name: {{ include "wandb.mysql.passwordSecret" . }}
-                  key: MYSQL_ROOT_PASSWORD
+                  key: {{ if .Values.global.mysql.passwordSecret.key }}{{ .Values.global.mysql.passwordSecret.key }}{{ else }}MYSQL_ROOT_PASSWORD{{ end }}
             - name: MYSQL_PASSWORD
               valueFrom:
                 secretKeyRef:
                   name: {{ include "wandb.mysql.passwordSecret" . }}
-                  key: MYSQL_PASSWORD
+                  key: {{ include "wandb.mysql.passwordSecret.key" . }}
             {{- include "mysql.extraEnv" (dict "global" .Values.global "local" .Values) | nindent 12 }}
             {{- include "wandb.extraEnvFrom" (dict "root" $ "local" .) | nindent 12 }}
           livenessProbe:

diff --git a/charts/operator-wandb/charts/otel/charts/agent/templates/deamonset.yaml b/charts/operator-wandb/charts/otel/charts/agent/templates/deamonset.yaml
@@ -79,7 +79,7 @@ spec:
               valueFrom:
                 secretKeyRef:
                   name: {{ include "wandb.mysql.passwordSecret" . }}
-                  key:  MYSQL_PASSWORD
+                  key: {{ include "wandb.mysql.passwordSecret.key" . }}
 
             - name: K8S_NODE_NAME
               valueFrom:

diff --git a/charts/operator-wandb/charts/parquet/templates/deployment.yaml b/charts/operator-wandb/charts/parquet/templates/deployment.yaml
@@ -77,7 +77,7 @@ spec:
               valueFrom:
                 secretKeyRef:
                   name: {{ include "wandb.mysql.passwordSecret" . }}
-                  key:  MYSQL_PASSWORD
+                  key: {{ include "wandb.mysql.passwordSecret.key" . }}
             - name: MYSQL
               value: "mysql://$(MYSQL_USER):$(MYSQL_PASSWORD)@$(MYSQL_HOST):$(MYSQL_PORT)/$(MYSQL_DATABASE)"
 

diff --git a/charts/operator-wandb/templates/_mysql.tpl b/charts/operator-wandb/templates/_mysql.tpl
@@ -1,8 +1,23 @@
 {{/*
-Return name of secret where information is stored
+Return name of the secret where information is stored, considering if the custom secret is defined
 */}}
 {{- define "wandb.mysql.passwordSecret" -}}
-{{- print .Release.Name "-mysql" -}}
+{{- if .Values.global.mysql.passwordSecret.name }}
+  {{- .Values.global.mysql.passwordSecret.name -}}
+{{- else }}
+  {{- print .Release.Name "-mysql" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return key of the secret where information is stored, considering if the custom key is defined
+*/}}
+{{- define "wandb.mysql.passwordSecret.key" -}}
+{{- if .Values.global.mysql.passwordSecret.key }}
+  {{- .Values.global.mysql.passwordSecret.key -}}
+{{- else }}
+  MYSQL_PASSWORD
+{{- end -}}
 {{- end -}}
 
 {{/*

diff --git a/charts/operator-wandb/templates/mysql.yaml b/charts/operator-wandb/templates/mysql.yaml
@@ -1,3 +1,4 @@
+{{- if and .Values.global.mysql.passwordSecret (or (not .Values.global.mysql.passwordSecret.name) (not .Values.global.mysql.passwordSecret.key)) }}
 {{- $secretName := (include "wandb.mysql.passwordSecret" .)  }}
 {{- $secret := (lookup "v1" "Secret" .Release.Namespace $secretName) }}
 apiVersion: v1
@@ -13,4 +14,6 @@ data:
 {{- else }}
   MYSQL_ROOT_PASSWORD: {{ randAlphaNum 64 | b64enc }}
   MYSQL_PASSWORD: {{ default (randAlphaNum 64) (include "wandb.mysql.password" .) | b64enc }}
+{{- end }}
+
 {{- end }}
diff --git a/charts/operator-wandb/values.yaml b/charts/operator-wandb/values.yaml
@@ -58,7 +58,10 @@ global:
     database: "wandb_local"
     user: "wandb"
     password: ""
-
+    passwordSecret:
+      name: ""
+      key: ""
+
   slack:
     secret: ""
     clientId: ""