Skip to content

Commit 96904ae

Browse files
authored
Merge pull request #218 from craddm/deployment-and-minio-fixes
Deployment and minio fixes
2 parents fcc5dda + f10d846 commit 96904ae

File tree

4 files changed

+43
-11
lines changed

4 files changed

+43
-11
lines changed

infra/fridge/access-cluster/Pulumi.yaml

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -35,9 +35,6 @@ config:
3535
harbor_fqdn_prefix:
3636
type: string
3737
description: FQDN prefix for Harbor
38-
harbor_ip:
39-
type: string
40-
description: Internal Harbor IP address - should correspond to an address in the cluster's Service CIDR
4138
lets_encrypt_email:
4239
type: string
4340
description: Email for Let's Encrypt registration

infra/fridge/access-cluster/components/network_policies.py

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -38,7 +38,13 @@ def __init__(
3838
)
3939
k8s_api_port = "443"
4040
k8s_api_endpoint_rule = {
41-
"toFQDNs": [args.config.require("isolated_cluster_api_endpoint")],
41+
"toFQDNs": [
42+
{
43+
"matchName": args.config.require(
44+
"isolated_cluster_api_endpoint"
45+
)
46+
}
47+
],
4248
"toPorts": [{"ports": [{"port": k8s_api_port, "protocol": "TCP"}]}],
4349
}
4450
fridge_api_ip_rule = {

infra/fridge/isolated-cluster/components/minio_config.py

Lines changed: 30 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -43,8 +43,22 @@ def __init__(
4343
minio_setup_sh = """
4444
#!/bin/sh
4545
mkdir -p /tmp/.mc/certs/CAs/
46-
cp /var/run/secrets/kubernetes.io/serviceaccount/ca.crt /tmp/.mc/certs/CAs/
47-
mc alias set "$MINIO_ALIAS" "$MINIO_URL" "$MINIO_ROOT_USER" "$MINIO_ROOT_PASSWORD"
46+
cp /tmp/minio-ca/ca.crt /tmp/.mc/certs/CAs/ca.crt
47+
48+
MAX_RETRIES=15
49+
RETRY_INTERVAL=5
50+
i=0
51+
52+
until mc alias set "$MINIO_ALIAS" "$MINIO_URL" "$MINIO_ROOT_USER" "$MINIO_ROOT_PASSWORD"; do
53+
i=$((i+1))
54+
if [ $i -ge $MAX_RETRIES ]; then
55+
echo "Failed to configure MinIO alias after $MAX_RETRIES attempts. Exiting."
56+
exit 1
57+
fi
58+
echo "MinIO not ready yet. Retrying in $RETRY_INTERVAL seconds... (Attempt $i/$MAX_RETRIES)"
59+
sleep $RETRY_INTERVAL
60+
done
61+
4862
echo "Configuring ingress and egress buckets with anonymous S3 policies"
4963
mc anonymous set upload "$MINIO_ALIAS/egress"
5064
mc anonymous set download "$MINIO_ALIAS/ingress"
@@ -133,7 +147,12 @@ def __init__(
133147
VolumeMountArgs(
134148
name="minio-config-volume",
135149
mount_path="/tmp/scripts/",
136-
)
150+
),
151+
VolumeMountArgs(
152+
name="minio-tls-ca",
153+
mount_path="/tmp/minio-ca/",
154+
read_only=True,
155+
),
137156
],
138157
)
139158
],
@@ -144,7 +163,14 @@ def __init__(
144163
name=minio_config_map.metadata.name,
145164
default_mode=0o777,
146165
),
147-
)
166+
),
167+
VolumeArgs(
168+
name="minio-tls-ca",
169+
secret={
170+
"secretName": "argo-artifacts-tls",
171+
"items": [{"key": "ca.crt", "path": "ca.crt"}],
172+
},
173+
),
148174
],
149175
restart_policy="Never",
150176
),

infra/fridge/isolated-cluster/components/object_storage.py

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -121,12 +121,11 @@ def __init__(
121121
),
122122
spec={
123123
"sources": [
124-
{"useDefaultCAs": True},
125124
{"secret": {"name": "dev-certificate", "key": "ca.crt"}},
126125
],
127126
"target": {
128127
"secret": {
129-
"key": "ca-certificates.crt",
128+
"key": "ca.crt",
130129
},
131130
"namespaceSelector": {
132131
"matchLabels": {
@@ -155,8 +154,12 @@ def __init__(
155154
{"name": "egress"},
156155
],
157156
"certificate": {
157+
"requestAutoCert": False,
158158
"externalCertSecret": [
159-
{"name": "argo-artifacts-tls", "type": "cert-manager.io/v1"}
159+
{
160+
"name": "argo-artifacts-tls",
161+
"type": "kubernetes.io/tls",
162+
}
160163
],
161164
},
162165
"configuration": {

0 commit comments

Comments
 (0)