Randomizing default helm credentials #8180

Param-29 · 2023-10-19T03:08:24Z

Description

Please include a summary of the change, the motivation, and any additional context that will help others understand your PR. If it closes one or more open issues, please tag them as described here.

Affected Dependencies

List any dependencies that are required for this change.

How has this been tested?

Describe the tests that you ran to verify your changes.
Provide instructions so we can reproduce.
List any relevant details for your test configuration.

Checklist

I have followed the Contribution Guidelines and Code of Conduct
I have commented my code following the OpenMined Styleguide
I have labeled this PR with the relevant Type labels
My changes are covered by tests

fixed error with mongosecret naming

madhavajay · 2023-10-26T04:17:19Z

Suggestions:

change {{}} go templates to '{{}}' syntax in .yaml file
remove /helm chart folder from pre-commit yaml
add lookup syntax to secrets so that it keeps existing secrets

packages/grid/k8s/manifests/secrets.txt

one for mongo, other for syft

Param-29 · 2023-11-15T13:10:29Z

from local testing

(syft311) $ kubectl get secrets -n syft
NAME                          TYPE                 DATA   AGE
mongosecret                   Opaque               4      94s
syftsecret                    Opaque               2      94s
sh.helm.release.v1.syft3.v1   helm.sh/release.v1   1      94s
$ kubectl describe secret mongosecret -n syft
Name:         mongosecret
Namespace:    syft
Labels:       app.kubernetes.io/managed-by=Helm
Annotations:  meta.helm.sh/release-name: syft3
              meta.helm.sh/release-namespace: syft

Type:  Opaque

Data
====
mongo-password-secret:    32 bytes
mongo-username-secret:    32 bytes
mongoInitdbRootPassword:  32 bytes
mongoInitdbRootUsername:  32 bytes
$ kubectl describe secret syftsecret -n 
syft
Name:         syftsecret
Namespace:    syft
Labels:       app.kubernetes.io/managed-by=Helm
Annotations:  meta.helm.sh/release-name: syft3
              meta.helm.sh/release-namespace: syft

Type:  Opaque

Data
====
defaultRootPassword:  32 bytes
stackApiKey:          32 bytes

Param-29 · 2023-11-23T03:02:48Z

(syft311) param@param-Legion-5-15IAH7H:~/projects/oss/PySyft/packages/grid$ kubectl describe secrets seaweedfsecret -n syft4
Name:         seaweedfsecret
Namespace:    syft4
Labels:       app.kubernetes.io/managed-by=Helm
Annotations:  meta.helm.sh/release-name: syft4
              meta.helm.sh/release-namespace: syft4

Type:  Opaque

Data
====
S3_ROOT_PWD_SECRET:   32 bytes
S3_ROOT_USER_SECRET:  32 bytes

packages/grid/helm/helm.py

packages/grid/helm/syft/values.yaml

Co-authored-by: Param-29 <param.mirani1999@gmail.com>

- Deduplicated values in mongo-secret

- Removed seaweedfs username during randomization

- Added a new field for mongo username in values.yaml

- As environment variables cannot have hypens - And cluster names cannot have underscores - These are required for passing the password as environment variables to test randomization

- Add environment variable mapping for randomized password in tox

rasswanth-s

Great work @Param-29 🚀 🎸

secrets to be used instead of default values

96abe83

Param-29 changed the title ~~Randomizing default helm credentials~~ [WIP] Randomizing default helm credentials Oct 19, 2023

Support for all mongo secrets

fe976a9

madhavajay added the Purple Team label Oct 19, 2023

rasswanth-s added 2 commits October 26, 2023 08:21

removed extra comments in mongo statefulset

2c07be1

added secrets to the templates file for debugging

2db333f

fixed error with mongosecret naming

madhavajay added 0.8.2 and removed 0.8.2 labels Oct 30, 2023

Param-29 and others added 7 commits November 2, 2023 07:49

Merge branch 'dev' into paramm/secrets-file

68a2768

moved secrets.txt from secrets.yaml

63364c6

removing secrets.yaml

89c19ec

Merge branch 'dev' into paramm/secrets-file

ed82169

lookup added for 4 secrets in mongodb

bac6a2d

precommit fix

abd6dde

base64 fix for default root email and password

9a642fb

rasswanth-s reviewed Nov 7, 2023

View reviewed changes

packages/grid/k8s/manifests/secrets.txt Outdated Show resolved Hide resolved

rasswanth-s reviewed Nov 7, 2023

View reviewed changes

packages/grid/k8s/manifests/secrets.txt Outdated Show resolved Hide resolved

Param-29 and others added 2 commits November 14, 2023 19:13

Merge branch 'dev' into paramm/secrets-file

7cf7682

created 2 seperate secrets:

74a9890

one for mongo, other for syft

Param-29 changed the title ~~[WIP] Randomizing default helm credentials~~ Randomizing default helm credentials Nov 15, 2023

Param-29 and others added 3 commits November 15, 2023 18:42

Merge branch 'dev' into paramm/secrets-file

af774be

precommit fix

cce8d1f

Merge branch 'dev' into paramm/secrets-file

ad1a3ec

seaweedfs randomizing

d3ae8be

rasswanth-s reviewed Nov 28, 2023

View reviewed changes

packages/grid/helm/helm.py Outdated Show resolved Hide resolved

rasswanth-s reviewed Nov 28, 2023

View reviewed changes

packages/grid/helm/syft/values.yaml Outdated Show resolved Hide resolved

rasswanth-s reviewed Nov 28, 2023

View reviewed changes

packages/grid/helm/syft/values.yaml Outdated Show resolved Hide resolved

rasswanth-s and others added 27 commits December 6, 2023 21:28

removed unused packages

2791cfa

updated syft version

3205da5

removed tag during build images

38a4abb

trying removing component-chart

6a9051e

replace buildjet cache with actions/cache

719af50

removed component chart and updated helm notes.txt

01fc78b

added helm templates to cd-pipeline

b095995

Merge branch 'dev' into rasswanth/shift_devspace_to_helm

18b89c4

Merge branch 'dev' into paramm/secrets-file

afe53e6

Merge branch 'rasswanth/shift_devspace_to_helm' into paramm/secrets-file

a5a19a8

- Moved the secrets randomization to syft templates folder

e7bb093

Co-authored-by: Param-29 <param.mirani1999@gmail.com>

fixed helm string requirement

66157a4

fix syntax error in helm templates for referencing secrets

f92117d

simplified base64 conversion automatically during secrets creation

dcba683

- Moved Non-Public Information to node settings

846cd09

- Deduplicated values in mongo-secret

added devmode to devspace configuration

aa21958

removed unsed secrets text file

b99e541

- Added seaweedfs specific arguments to backend statefulset

5cec5d5

- Removed seaweedfs username during randomization

- Removed mongo user name from randomization

43d12fb

- Added a new field for mongo username in values.yaml

added retrieval of password by environment variables for login

d1c92a6

removed unused fields in kubernetes tox test

4755776

- Combined Variables names in tox

eee9a01

- As environment variables cannot have hypens - And cluster names cannot have underscores - These are required for passing the password as environment variables to test randomization

- Fixed Node Name intergration test

fedc977

- Add environment variable mapping for randomized password in tox

fixed randomized testing on CI

0a061e7

removed unused k8s files

4374b97

Merge branch 'dev' into paramm/secrets-file

9f7c790

updated values.yaml to new syft beta version

da9a9ef

rasswanth-s enabled auto-merge December 10, 2023 15:18

rasswanth-s approved these changes Dec 10, 2023

View reviewed changes

rasswanth-s merged commit 6b0da6a into OpenMined:dev Dec 10, 2023
29 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Randomizing default helm credentials #8180

Randomizing default helm credentials #8180

Param-29 commented Oct 19, 2023

madhavajay commented Oct 26, 2023

Param-29 commented Nov 15, 2023

Param-29 commented Nov 23, 2023

rasswanth-s left a comment

Randomizing default helm credentials #8180

Randomizing default helm credentials #8180

Conversation

Param-29 commented Oct 19, 2023

Description

Affected Dependencies

How has this been tested?

Checklist

madhavajay commented Oct 26, 2023

Param-29 commented Nov 15, 2023

Param-29 commented Nov 23, 2023

rasswanth-s left a comment

Choose a reason for hiding this comment