You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sdap.apache.org by nc...@apache.org on 2023/07/14 23:04:52 UTC

[incubator-sdap-nexus] branch master updated: SDAP-476 Support for using service accounts for handling AWS credentials (#247)

This is an automated email from the ASF dual-hosted git repository.

nchung pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-sdap-nexus.git


The following commit(s) were added to refs/heads/master by this push:
     new e3c08b9  SDAP-476 Support for using service accounts for handling AWS credentials (#247)
e3c08b9 is described below

commit e3c08b999446df7dc4e2986d5206ff89fb3bbcfd
Author: Kevin <ke...@gmail.com>
AuthorDate: Fri Jul 14 16:04:47 2023 -0700

    SDAP-476 Support for using service accounts for handling AWS credentials (#247)
    
    * Added support for using service accounts for AWS credentials
    
    * Added support for using service accounts for AWS credentials
    
    * Fixed awsCredsEnvs bug when checking if serviceAccountName is provided
    
    * Included service account support in CHANGELOG
    
    * Update CHANGELOG.md
    
    ---------
    
    Co-authored-by: Nga Chung <17...@users.noreply.github.com>
---
 CHANGELOG.md                          | 1 +
 helm/templates/collection-manager.yml | 5 +++++
 helm/templates/granule-ingester.yml   | 5 +++++
 helm/values.yaml                      | 7 ++++++-
 4 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 53c1295..f2beb15 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -28,6 +28,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Deletebyquery: Parameter to set the number of rows to fetch from Solr. Speeds up time to gather tiles to delete; especially when there is a lot of them.
 - Added Saildrone's `baja_2018` insitu dataset.
 - SDAP-454: Added new query parameter `prioritizeDistance` to matchup algorithm
+- SDAP-476: Support for service accounts for handling AWS credentials
 - SDAP-459: Added explicit definitions of min/max lat/lon values in nexustiles Solr collection creation script
 ### Changed
 - SDAP-443:
diff --git a/helm/templates/collection-manager.yml b/helm/templates/collection-manager.yml
index 993e71e..39fdb03 100644
--- a/helm/templates/collection-manager.yml
+++ b/helm/templates/collection-manager.yml
@@ -16,6 +16,9 @@ spec:
       labels:
         app: collection-manager
     spec:
+      {{- if .Values.ingestion.granules.s3.serviceAccountName }}
+      serviceAccountName: {{ .Values.ingestion.granules.s3.serviceAccountName }}
+      {{- end }}
       containers:
         - image: {{ .Values.ingestion.collectionManager.image }}
           imagePullPolicy: Always
@@ -40,10 +43,12 @@ spec:
             - name: S3_BUCKET
               value: {{ .Values.ingestion.granules.s3.bucket }}
             {{- end }}
+            {{- if not .Values.ingestion.granules.s3.serviceAccountName }}
             {{- range $name, $value := .Values.ingestion.granules.s3.awsCredsEnvs }}
             - name: {{ $name }}
               value: {{ $value }}
             {{- end }}
+            {{- end }}
           resources:
             requests:
               cpu: {{ .Values.ingestion.collectionManager.cpu }}
diff --git a/helm/templates/granule-ingester.yml b/helm/templates/granule-ingester.yml
index 405edb8..b7eae18 100644
--- a/helm/templates/granule-ingester.yml
+++ b/helm/templates/granule-ingester.yml
@@ -16,6 +16,9 @@ spec:
       labels:
         app: granule-ingester
     spec:
+      {{- if .Values.ingestion.granules.s3.serviceAccountName }}
+      serviceAccountName: {{ .Values.ingestion.granules.s3.serviceAccountName }}
+      {{- end }}
       containers:
         - image: {{ .Values.ingestion.granuleIngester.image }}
           imagePullPolicy: Always
@@ -39,10 +42,12 @@ spec:
             - name: MAX_CONCURRENCY
               value: "{{ .Values.ingestion.granuleIngester.maxConcurrency }}"
             {{ end }}
+            {{- if not .Values.ingestion.granules.s3.serviceAccountName }}
             {{- range $name, $value := .Values.ingestion.granules.s3.awsCredsEnvs }}
             - name: {{ $name }}
               value: {{ $value }}
             {{- end }}
+            {{- end }}
           resources:
             requests:
               cpu: {{ .Values.ingestion.granuleIngester.cpu }}
diff --git a/helm/values.yaml b/helm/values.yaml
index 53c3d77..95a9e6f 100644
--- a/helm/values.yaml
+++ b/helm/values.yaml
@@ -76,7 +76,12 @@ ingestion:
       ## If bucket has a value, S3 ingestion will be enabled (and nfsServer will be ignored even if it has a value).
       bucket:
 
-      ## awsCredsEnvs can include any environment variables that contain AWS credentials
+      ## If serviceAccountName has a value, credentials will be handled by the service account (awsCredsEnvs will be ignored
+      ## even if it has a value).
+      serviceAccountName: 
+
+      ## awsCredsEnvs can include any environment variables that contain AWS credentials. Will be ignored if 
+      ## serviceAccountName has a value.
       awsCredsEnvs: {}
 
   ## Where to find the Collections Config file