You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sdap.apache.org by nc...@apache.org on 2023/07/14 23:04:52 UTC
[incubator-sdap-nexus] branch master updated: SDAP-476 Support for using service accounts for handling AWS credentials (#247)
This is an automated email from the ASF dual-hosted git repository.
nchung pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-sdap-nexus.git
The following commit(s) were added to refs/heads/master by this push:
new e3c08b9 SDAP-476 Support for using service accounts for handling AWS credentials (#247)
e3c08b9 is described below
commit e3c08b999446df7dc4e2986d5206ff89fb3bbcfd
Author: Kevin <ke...@gmail.com>
AuthorDate: Fri Jul 14 16:04:47 2023 -0700
SDAP-476 Support for using service accounts for handling AWS credentials (#247)
* Added support for using service accounts for AWS credentials
* Added support for using service accounts for AWS credentials
* Fixed awsCredsEnvs bug when checking if serviceAccountName is provided
* Included service account support in CHANGELOG
* Update CHANGELOG.md
---------
Co-authored-by: Nga Chung <17...@users.noreply.github.com>
---
CHANGELOG.md | 1 +
helm/templates/collection-manager.yml | 5 +++++
helm/templates/granule-ingester.yml | 5 +++++
helm/values.yaml | 7 ++++++-
4 files changed, 17 insertions(+), 1 deletion(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 53c1295..f2beb15 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -28,6 +28,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- Deletebyquery: Parameter to set the number of rows to fetch from Solr. Speeds up time to gather tiles to delete; especially when there is a lot of them.
- Added Saildrone's `baja_2018` insitu dataset.
- SDAP-454: Added new query parameter `prioritizeDistance` to matchup algorithm
+- SDAP-476: Support for service accounts for handling AWS credentials
- SDAP-459: Added explicit definitions of min/max lat/lon values in nexustiles Solr collection creation script
### Changed
- SDAP-443:
diff --git a/helm/templates/collection-manager.yml b/helm/templates/collection-manager.yml
index 993e71e..39fdb03 100644
--- a/helm/templates/collection-manager.yml
+++ b/helm/templates/collection-manager.yml
@@ -16,6 +16,9 @@ spec:
labels:
app: collection-manager
spec:
+ {{- if .Values.ingestion.granules.s3.serviceAccountName }}
+ serviceAccountName: {{ .Values.ingestion.granules.s3.serviceAccountName }}
+ {{- end }}
containers:
- image: {{ .Values.ingestion.collectionManager.image }}
imagePullPolicy: Always
@@ -40,10 +43,12 @@ spec:
- name: S3_BUCKET
value: {{ .Values.ingestion.granules.s3.bucket }}
{{- end }}
+ {{- if not .Values.ingestion.granules.s3.serviceAccountName }}
{{- range $name, $value := .Values.ingestion.granules.s3.awsCredsEnvs }}
- name: {{ $name }}
value: {{ $value }}
{{- end }}
+ {{- end }}
resources:
requests:
cpu: {{ .Values.ingestion.collectionManager.cpu }}
diff --git a/helm/templates/granule-ingester.yml b/helm/templates/granule-ingester.yml
index 405edb8..b7eae18 100644
--- a/helm/templates/granule-ingester.yml
+++ b/helm/templates/granule-ingester.yml
@@ -16,6 +16,9 @@ spec:
labels:
app: granule-ingester
spec:
+ {{- if .Values.ingestion.granules.s3.serviceAccountName }}
+ serviceAccountName: {{ .Values.ingestion.granules.s3.serviceAccountName }}
+ {{- end }}
containers:
- image: {{ .Values.ingestion.granuleIngester.image }}
imagePullPolicy: Always
@@ -39,10 +42,12 @@ spec:
- name: MAX_CONCURRENCY
value: "{{ .Values.ingestion.granuleIngester.maxConcurrency }}"
{{ end }}
+ {{- if not .Values.ingestion.granules.s3.serviceAccountName }}
{{- range $name, $value := .Values.ingestion.granules.s3.awsCredsEnvs }}
- name: {{ $name }}
value: {{ $value }}
{{- end }}
+ {{- end }}
resources:
requests:
cpu: {{ .Values.ingestion.granuleIngester.cpu }}
diff --git a/helm/values.yaml b/helm/values.yaml
index 53c3d77..95a9e6f 100644
--- a/helm/values.yaml
+++ b/helm/values.yaml
@@ -76,7 +76,12 @@ ingestion:
## If bucket has a value, S3 ingestion will be enabled (and nfsServer will be ignored even if it has a value).
bucket:
- ## awsCredsEnvs can include any environment variables that contain AWS credentials
+ ## If serviceAccountName has a value, credentials will be handled by the service account (awsCredsEnvs will be ignored
+ ## even if it has a value).
+ serviceAccountName:
+
+ ## awsCredsEnvs can include any environment variables that contain AWS credentials. Will be ignored if
+ ## serviceAccountName has a value.
awsCredsEnvs: {}
## Where to find the Collections Config file