Make adminOauthClientCredentials secretName configurable (#5700)

Signed-off-by: Mike Hotan <[email protected]>
Co-authored-by: Eduardo Apolinario <[email protected]>

charts/flyte-core/README.md

@@ -304,6 +304,7 @@ helm install gateway bitnami/contour -n flyte
 | secrets.adminOauthClientCredentials.clientId | string | `"flytepropeller"` |  |
 | secrets.adminOauthClientCredentials.clientSecret | string | `"foobar"` |  |
 | secrets.adminOauthClientCredentials.enabled | bool | `true` |  |
+| secrets.adminOauthClientCredentials.secretName | string | `"flyte-secret-auth"` |  |
 | sparkoperator | object | `{"enabled":false,"plugin_config":{"plugins":{"spark":{"spark-config-default":[{"spark.hadoop.fs.s3a.aws.credentials.provider":"com.amazonaws.auth.DefaultAWSCredentialsProviderChain"},{"spark.hadoop.mapreduce.fileoutputcommitter.algorithm.version":"2"},{"spark.kubernetes.allocation.batch.size":"50"},{"spark.hadoop.fs.s3a.acl.default":"BucketOwnerFullControl"},{"spark.hadoop.fs.s3n.impl":"org.apache.hadoop.fs.s3a.S3AFileSystem"},{"spark.hadoop.fs.AbstractFileSystem.s3n.impl":"org.apache.hadoop.fs.s3a.S3A"},{"spark.hadoop.fs.s3.impl":"org.apache.hadoop.fs.s3a.S3AFileSystem"},{"spark.hadoop.fs.AbstractFileSystem.s3.impl":"org.apache.hadoop.fs.s3a.S3A"},{"spark.hadoop.fs.s3a.impl":"org.apache.hadoop.fs.s3a.S3AFileSystem"},{"spark.hadoop.fs.AbstractFileSystem.s3a.impl":"org.apache.hadoop.fs.s3a.S3A"},{"spark.hadoop.fs.s3a.multipart.threshold":"536870912"},{"spark.blacklist.enabled":"true"},{"spark.blacklist.timeout":"5m"},{"spark.task.maxfailures":"8"}]}}}}` | Optional: Spark Plugin using the Spark Operator |
 | sparkoperator.enabled | bool | `false` | - enable or disable Sparkoperator deployment installation |
 | sparkoperator.plugin_config | object | `{"plugins":{"spark":{"spark-config-default":[{"spark.hadoop.fs.s3a.aws.credentials.provider":"com.amazonaws.auth.DefaultAWSCredentialsProviderChain"},{"spark.hadoop.mapreduce.fileoutputcommitter.algorithm.version":"2"},{"spark.kubernetes.allocation.batch.size":"50"},{"spark.hadoop.fs.s3a.acl.default":"BucketOwnerFullControl"},{"spark.hadoop.fs.s3n.impl":"org.apache.hadoop.fs.s3a.S3AFileSystem"},{"spark.hadoop.fs.AbstractFileSystem.s3n.impl":"org.apache.hadoop.fs.s3a.S3A"},{"spark.hadoop.fs.s3.impl":"org.apache.hadoop.fs.s3a.S3AFileSystem"},{"spark.hadoop.fs.AbstractFileSystem.s3.impl":"org.apache.hadoop.fs.s3a.S3A"},{"spark.hadoop.fs.s3a.impl":"org.apache.hadoop.fs.s3a.S3AFileSystem"},{"spark.hadoop.fs.AbstractFileSystem.s3a.impl":"org.apache.hadoop.fs.s3a.S3A"},{"spark.hadoop.fs.s3a.multipart.threshold":"536870912"},{"spark.blacklist.enabled":"true"},{"spark.blacklist.timeout":"5m"},{"spark.task.maxfailures":"8"}]}}}` | Spark plugin configuration |

charts/flyte-core/templates/clusterresourcesync/deployment.yaml

@@ -83,7 +83,7 @@ spec:
         {{- if .Values.secrets.adminOauthClientCredentials.enabled }}
         - name: auth
           secret:
-            secretName: flyte-secret-auth
+            secretName: {{ .Values.secrets.adminOauthClientCredentials.secretName }}
         {{- end }}
         {{- end }}
       {{- with .Values.cluster_resource_manager.nodeSelector }}

charts/flyte-core/templates/common/secret-auth.yaml

@@ -2,7 +2,7 @@
 apiVersion: v1
 kind: Secret
 metadata:
-  name: flyte-secret-auth
+  name: {{ .Values.secrets.adminOauthClientCredentials.secretName }}
   namespace: {{ template "flyte.namespace" . }}
 type: Opaque
 stringData:

charts/flyte-core/templates/propeller/deployment.yaml

@@ -112,7 +112,7 @@ spec:
       {{- if .Values.secrets.adminOauthClientCredentials.enabled }}
       - name: auth
         secret:
-          secretName: flyte-secret-auth
+          secretName: {{ .Values.secrets.adminOauthClientCredentials.secretName }}
       {{- end }}
       {{- with .Values.flytepropeller.additionalVolumes -}}
       {{ tpl (toYaml .) $ | nindent 6 }}

charts/flyte-core/values.yaml

@@ -487,6 +487,7 @@ secrets:
     enabled: true
     clientSecret: foobar
     clientId: flytepropeller
+    secretName: flyte-secret-auth
 
 #
 # WEBHOOK SETTINGS

docker/sandbox-bundled/manifests/complete-agent.yaml

@@ -823,7 +823,7 @@ type: Opaque
 ---
 apiVersion: v1
 data:
-  haSharedSecret: bjlDbkZsVU1UVmpLdGU4TQ==
+  haSharedSecret: QW5aNWlUNmxVWEpxUUV4ZQ==
   proxyPassword: ""
   proxyUsername: ""
 kind: Secret
@@ -1420,7 +1420,7 @@ spec:
     metadata:
       annotations:
         checksum/config: 8f50e768255a87f078ba8b9879a0c174c3e045ffb46ac8723d2eedbe293c8d81
-        checksum/secret: fd8767b33da59722977568a2a3f4cee7ef850b02f579d8d5e381c038d5a20d42
+        checksum/secret: bbd233a0f62bc60cc8937296e0ba5a8fd30953cb6a67883ee6f687add14e3de7
       labels:
         app: docker-registry
         release: flyte-sandbox

docker/sandbox-bundled/manifests/complete.yaml

@@ -805,7 +805,7 @@ type: Opaque
 ---
 apiVersion: v1
 data:
-  haSharedSecret: ZzdHam5sWUQ2RGlIVHBOSw==
+  haSharedSecret: WXBrdzVRdDlYN3hoQzlrVw==
   proxyPassword: ""
   proxyUsername: ""
 kind: Secret
@@ -1369,7 +1369,7 @@ spec:
     metadata:
       annotations:
         checksum/config: 8f50e768255a87f078ba8b9879a0c174c3e045ffb46ac8723d2eedbe293c8d81
-        checksum/secret: 3ce2fdef0e59a7eba350423dd49173ed960af107bc4c0873e80ea1cf5895e160
+        checksum/secret: a143b07663973d76476087be99820760b0767450a57fd4a9153fad3df0a49b3a
       labels:
         app: docker-registry
         release: flyte-sandbox

docker/sandbox-bundled/manifests/dev.yaml

@@ -499,7 +499,7 @@ metadata:
 ---
 apiVersion: v1
 data:
-  haSharedSecret: ckNscjBXTmJMdmF6QXJ5aw==
+  haSharedSecret: QkJ4V2NCcnJ0M0tpZEdpRQ==
   proxyPassword: ""
   proxyUsername: ""
 kind: Secret
@@ -934,7 +934,7 @@ spec:
     metadata:
       annotations:
         checksum/config: 8f50e768255a87f078ba8b9879a0c174c3e045ffb46ac8723d2eedbe293c8d81
-        checksum/secret: ee0ad692a622e9665348e44e2168eb06e24ac7683fe357f9ca92ea77283fa4d7
+        checksum/secret: 2b3345c5f413de6f29c8f7e884f6d8471c5de1245e6a4f16d7a7f4c536cca2e0
       labels:
         app: docker-registry
         release: flyte-sandbox