From 7ca06682d58e3bd05ff32bbbd5e719036c686f2a Mon Sep 17 00:00:00 2001 From: Will Date: Thu, 10 Aug 2023 11:59:23 +0100 Subject: [PATCH 01/23] Moved database auth to helm templating --- generate-secrets.sh | 6 ------ slurm-cluster-chart/templates/database-auth-secret.yaml | 6 ++++++ 2 files changed, 6 insertions(+), 6 deletions(-) create mode 100644 slurm-cluster-chart/templates/database-auth-secret.yaml diff --git a/generate-secrets.sh b/generate-secrets.sh index e98b97e..b4cc01c 100755 --- a/generate-secrets.sh +++ b/generate-secrets.sh @@ -1,11 +1,5 @@ #!/bin/bash -kubectl create secret generic database-auth-secret \ ---dry-run=client \ ---from-literal=password=$(tr -dc 'A-Za-z0-9' /dev/null | base64 -w 0) \ diff --git a/slurm-cluster-chart/templates/database-auth-secret.yaml b/slurm-cluster-chart/templates/database-auth-secret.yaml new file mode 100644 index 0000000..27c4e3f --- /dev/null +++ b/slurm-cluster-chart/templates/database-auth-secret.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Secret +metadata: + name: database-auth-secret +data: + password: {{ randAlphaNum 32 | b64enc }} \ No newline at end of file From 656aa6c058ca0cc337ed72ac83879098110f4a34 Mon Sep 17 00:00:00 2001 From: Will Date: Thu, 10 Aug 2023 12:16:08 +0100 Subject: [PATCH 02/23] Moved munge key generation to helm --- generate-secrets.sh | 6 ------ slurm-cluster-chart/templates/munge-key-secret.yaml | 6 ++++++ 2 files changed, 6 insertions(+), 6 deletions(-) create mode 100644 slurm-cluster-chart/templates/munge-key-secret.yaml diff --git a/generate-secrets.sh b/generate-secrets.sh index b4cc01c..f64c116 100755 --- a/generate-secrets.sh +++ b/generate-secrets.sh @@ -1,11 +1,5 @@ #!/bin/bash -kubectl create secret generic munge-key-secret \ ---dry-run=client \ ---from-literal=munge.key=$(dd if=/dev/urandom bs=1 count=1024 2>/dev/null | base64 -w 0) \ --o yaml | \ -kubectl apply -f - - mkdir -p ./temphostkeys/etc/ssh ssh-keygen -A -f ./temphostkeys kubectl create secret generic host-keys-secret \ diff --git a/slurm-cluster-chart/templates/munge-key-secret.yaml b/slurm-cluster-chart/templates/munge-key-secret.yaml new file mode 100644 index 0000000..153b5fe --- /dev/null +++ b/slurm-cluster-chart/templates/munge-key-secret.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Secret +metadata: + name: munge-key-secret +data: + munge.key: {{ randAscii 128 | b64enc }} \ No newline at end of file From a9003f7a17aba22cc1c0e373f8fbfa6e73c6f742 Mon Sep 17 00:00:00 2001 From: Will Date: Thu, 10 Aug 2023 13:37:40 +0100 Subject: [PATCH 03/23] Moved OOD password to values/yaml --- generate-secrets.sh | 13 ------------- slurm-cluster-chart/templates/login-deployment.yaml | 5 +---- slurm-cluster-chart/values.yaml | 5 ++++- 3 files changed, 5 insertions(+), 18 deletions(-) diff --git a/generate-secrets.sh b/generate-secrets.sh index f64c116..b6d4267 100755 --- a/generate-secrets.sh +++ b/generate-secrets.sh @@ -8,16 +8,3 @@ kubectl create secret generic host-keys-secret \ -o yaml | \ kubectl apply -f - rm -rf ./temphostkeys - -OOD_PASS=$(tr -dc 'A-Za-z0-9' Date: Thu, 10 Aug 2023 14:15:09 +0100 Subject: [PATCH 04/23] Random secrets now generated pre-install only --- slurm-cluster-chart/templates/database-auth-secret.yaml | 5 ++++- slurm-cluster-chart/templates/munge-key-secret.yaml | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/slurm-cluster-chart/templates/database-auth-secret.yaml b/slurm-cluster-chart/templates/database-auth-secret.yaml index 27c4e3f..6133576 100644 --- a/slurm-cluster-chart/templates/database-auth-secret.yaml +++ b/slurm-cluster-chart/templates/database-auth-secret.yaml @@ -2,5 +2,8 @@ apiVersion: v1 kind: Secret metadata: name: database-auth-secret + annotations: + helm.sh/hook: pre-install + helm.sh/resource-policy: keep data: - password: {{ randAlphaNum 32 | b64enc }} \ No newline at end of file + password: {{ randAlphaNum 32 | b64enc }} diff --git a/slurm-cluster-chart/templates/munge-key-secret.yaml b/slurm-cluster-chart/templates/munge-key-secret.yaml index 153b5fe..65825d6 100644 --- a/slurm-cluster-chart/templates/munge-key-secret.yaml +++ b/slurm-cluster-chart/templates/munge-key-secret.yaml @@ -2,5 +2,8 @@ apiVersion: v1 kind: Secret metadata: name: munge-key-secret + annotations: + helm.sh/hook: pre-install + helm.sh/resource-policy: keep data: - munge.key: {{ randAscii 128 | b64enc }} \ No newline at end of file + munge.key: {{ randAscii 128 | b64enc }} From e0514f6c47bfc000264708d2be82151a805a16c1 Mon Sep 17 00:00:00 2001 From: Will Date: Thu, 10 Aug 2023 14:31:46 +0100 Subject: [PATCH 05/23] Added kubectl to image --- image/Dockerfile | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/image/Dockerfile b/image/Dockerfile index 855a1cc..dceaeeb 100644 --- a/image/Dockerfile +++ b/image/Dockerfile @@ -18,6 +18,14 @@ RUN set -ex \ && yum -y module enable ruby:2.7 nodejs:14 \ && yum -y install https://yum.osc.edu/ondemand/2.0/ondemand-release-web-2.0-1.noarch.rpm \ && yum -y module install ruby nodejs \ + && cat < Date: Thu, 10 Aug 2023 14:35:29 +0100 Subject: [PATCH 06/23] Fixed Dockerfile --- image/Dockerfile | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/image/Dockerfile b/image/Dockerfile index dceaeeb..bcc3fdb 100644 --- a/image/Dockerfile +++ b/image/Dockerfile @@ -18,13 +18,13 @@ RUN set -ex \ && yum -y module enable ruby:2.7 nodejs:14 \ && yum -y install https://yum.osc.edu/ondemand/2.0/ondemand-release-web-2.0-1.noarch.rpm \ && yum -y module install ruby nodejs \ - && cat < Date: Thu, 10 Aug 2023 14:46:31 +0100 Subject: [PATCH 07/23] Testing with separate command --- image/Dockerfile | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/image/Dockerfile b/image/Dockerfile index bcc3fdb..14ad93b 100644 --- a/image/Dockerfile +++ b/image/Dockerfile @@ -9,6 +9,15 @@ LABEL org.opencontainers.image.source="https://github.com/stackhpc/slurm-docker- ARG SLURM_TAG=slurm-23.02 ARG GOSU_VERSION=1.11 +RUN cat < Date: Thu, 10 Aug 2023 14:52:37 +0100 Subject: [PATCH 08/23] Revert "Testing with separate command" This reverts commit cd0d1afb5cfaae3bd234dccb26c673435da21fd0. --- image/Dockerfile | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/image/Dockerfile b/image/Dockerfile index 14ad93b..bcc3fdb 100644 --- a/image/Dockerfile +++ b/image/Dockerfile @@ -9,15 +9,6 @@ LABEL org.opencontainers.image.source="https://github.com/stackhpc/slurm-docker- ARG SLURM_TAG=slurm-23.02 ARG GOSU_VERSION=1.11 -RUN cat < Date: Thu, 10 Aug 2023 14:53:58 +0100 Subject: [PATCH 09/23] Removed sudo from dockerfile --- image/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/image/Dockerfile b/image/Dockerfile index bcc3fdb..ee14ea3 100644 --- a/image/Dockerfile +++ b/image/Dockerfile @@ -18,7 +18,7 @@ RUN set -ex \ && yum -y module enable ruby:2.7 nodejs:14 \ && yum -y install https://yum.osc.edu/ondemand/2.0/ondemand-release-web-2.0-1.noarch.rpm \ && yum -y module install ruby nodejs \ - && cat < Date: Thu, 10 Aug 2023 15:00:29 +0100 Subject: [PATCH 10/23] Moved kubernetes repo to separate file --- image/Dockerfile | 9 ++------- image/kubernetes.repo | 6 ++++++ 2 files changed, 8 insertions(+), 7 deletions(-) create mode 100644 image/kubernetes.repo diff --git a/image/Dockerfile b/image/Dockerfile index ee14ea3..9874e58 100644 --- a/image/Dockerfile +++ b/image/Dockerfile @@ -9,6 +9,8 @@ LABEL org.opencontainers.image.source="https://github.com/stackhpc/slurm-docker- ARG SLURM_TAG=slurm-23.02 ARG GOSU_VERSION=1.11 +COPY kubernetes.repo /etc/yum.repos.d/kubernetes.repo + RUN set -ex \ && yum makecache \ && yum -y update \ @@ -19,13 +21,6 @@ RUN set -ex \ && yum -y install https://yum.osc.edu/ondemand/2.0/ondemand-release-web-2.0-1.noarch.rpm \ && yum -y module install ruby nodejs \ && cat < Date: Thu, 10 Aug 2023 15:02:45 +0100 Subject: [PATCH 11/23] Fixed leftover commands --- image/Dockerfile | 1 - 1 file changed, 1 deletion(-) diff --git a/image/Dockerfile b/image/Dockerfile index 9874e58..0d00a6a 100644 --- a/image/Dockerfile +++ b/image/Dockerfile @@ -20,7 +20,6 @@ RUN set -ex \ && yum -y module enable ruby:2.7 nodejs:14 \ && yum -y install https://yum.osc.edu/ondemand/2.0/ondemand-release-web-2.0-1.noarch.rpm \ && yum -y module install ruby nodejs \ - && cat < Date: Thu, 10 Aug 2023 16:18:53 +0100 Subject: [PATCH 12/23] Updated tag and created service account to modify host-keys-secret --- .../templates/secret-generator-role.yaml | 22 +++++++++++++++++++ .../secret-generator-serviceaccount.yaml | 10 +++++++++ slurm-cluster-chart/values.yaml | 2 +- 3 files changed, 33 insertions(+), 1 deletion(-) create mode 100644 slurm-cluster-chart/templates/secret-generator-role.yaml create mode 100644 slurm-cluster-chart/templates/secret-generator-serviceaccount.yaml diff --git a/slurm-cluster-chart/templates/secret-generator-role.yaml b/slurm-cluster-chart/templates/secret-generator-role.yaml new file mode 100644 index 0000000..67de05e --- /dev/null +++ b/slurm-cluster-chart/templates/secret-generator-role.yaml @@ -0,0 +1,22 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: secret-generator-role +rules: +- apiGroups: [""] # "" indicates the core API group + resources: ["secrets"] + verbs: ["get","apply","create", "patch"] + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: secret-generator-rolebinding +subjects: + - kind: ServiceAccount + name: secret-generator-account +roleRef: + kind: Role + name: secret-generator-role + apiGroup: rbac.authorization.k8s.io \ No newline at end of file diff --git a/slurm-cluster-chart/templates/secret-generator-serviceaccount.yaml b/slurm-cluster-chart/templates/secret-generator-serviceaccount.yaml new file mode 100644 index 0000000..6510cb9 --- /dev/null +++ b/slurm-cluster-chart/templates/secret-generator-serviceaccount.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: secret-generator-account + annotations: + "kubernetes.io/enforce-mountable-secrets": "true" +automountServiceAccountToken: True +secrets: + - name: host-keys-secret + \ No newline at end of file diff --git a/slurm-cluster-chart/values.yaml b/slurm-cluster-chart/values.yaml index e2aed84..c0b0360 100644 --- a/slurm-cluster-chart/values.yaml +++ b/slurm-cluster-chart/values.yaml @@ -1,4 +1,4 @@ -slurmImage: ghcr.io/stackhpc/slurm-docker-cluster:f52e918 +slurmImage: ghcr.io/stackhpc/slurm-docker-cluster:763de73 replicas: slurmd: 2 From d58f819e1ed9e46f9cd71e3432c20928f2922887 Mon Sep 17 00:00:00 2001 From: Will Date: Thu, 10 Aug 2023 16:24:38 +0100 Subject: [PATCH 13/23] Added entrypoint for host key generation hook --- image/docker-entrypoint.sh | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/image/docker-entrypoint.sh b/image/docker-entrypoint.sh index 14b511c..01d3519 100755 --- a/image/docker-entrypoint.sh +++ b/image/docker-entrypoint.sh @@ -148,6 +148,18 @@ then exit 1 fi +elif [ "$1" = "generate-keys-hook" ] +then + mkdir -p ./temphostkeys/etc/ssh + ssh-keygen -A -f ./temphostkeys + kubectl create secret generic host-keys-secret \ + --dry-run=client \ + --from-file=./temphostkeys/etc/ssh \ + -o yaml | \ + kubectl apply -f - + + exit 0 + elif [ "$1" = "debug" ] then start_munge --foreground From 16ee05dbb6ef16c234fe1b491a904e4190693a14 Mon Sep 17 00:00:00 2001 From: Will Date: Thu, 10 Aug 2023 16:44:42 +0100 Subject: [PATCH 14/23] Added pre-install hook to generate host keys --- .../templates/generate-keys-hook.yaml | 22 +++++++++++++++++++ .../templates/secret-generator-role.yaml | 6 +++++ .../secret-generator-serviceaccount.yaml | 3 ++- slurm-cluster-chart/values.yaml | 2 +- 4 files changed, 31 insertions(+), 2 deletions(-) create mode 100644 slurm-cluster-chart/templates/generate-keys-hook.yaml diff --git a/slurm-cluster-chart/templates/generate-keys-hook.yaml b/slurm-cluster-chart/templates/generate-keys-hook.yaml new file mode 100644 index 0000000..c05e7f2 --- /dev/null +++ b/slurm-cluster-chart/templates/generate-keys-hook.yaml @@ -0,0 +1,22 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: generate-keys-hook + annotations: + "helm.sh/hook": pre-install + "helm.sh/hook-delete-policy": hook-succeeded + "helm.sh/hook-weight": "3" +spec: + backoffLimit: 0 + ttlSecondsAfterFinished: 0 + template: + metadata: + name: generate-keys-hook + spec: + serviceAccountName: secret-generator-account + restartPolicy: Never + containers: + - name: generate-keys-hook + image: {{ .Values.slurmImage }} + args: + - generate-keys-hook diff --git a/slurm-cluster-chart/templates/secret-generator-role.yaml b/slurm-cluster-chart/templates/secret-generator-role.yaml index 67de05e..da914be 100644 --- a/slurm-cluster-chart/templates/secret-generator-role.yaml +++ b/slurm-cluster-chart/templates/secret-generator-role.yaml @@ -2,6 +2,9 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: secret-generator-role + annotations: + "helm.sh/hook": pre-install + "helm.sh/hook-weight": "1" rules: - apiGroups: [""] # "" indicates the core API group resources: ["secrets"] @@ -13,6 +16,9 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: secret-generator-rolebinding + annotations: + "helm.sh/hook": pre-install + "helm.sh/hook-weight": "2" subjects: - kind: ServiceAccount name: secret-generator-account diff --git a/slurm-cluster-chart/templates/secret-generator-serviceaccount.yaml b/slurm-cluster-chart/templates/secret-generator-serviceaccount.yaml index 6510cb9..ce860b0 100644 --- a/slurm-cluster-chart/templates/secret-generator-serviceaccount.yaml +++ b/slurm-cluster-chart/templates/secret-generator-serviceaccount.yaml @@ -4,7 +4,8 @@ metadata: name: secret-generator-account annotations: "kubernetes.io/enforce-mountable-secrets": "true" + "helm.sh/hook": pre-install + "helm.sh/hook-weight": "0" automountServiceAccountToken: True secrets: - name: host-keys-secret - \ No newline at end of file diff --git a/slurm-cluster-chart/values.yaml b/slurm-cluster-chart/values.yaml index c0b0360..0421371 100644 --- a/slurm-cluster-chart/values.yaml +++ b/slurm-cluster-chart/values.yaml @@ -1,4 +1,4 @@ -slurmImage: ghcr.io/stackhpc/slurm-docker-cluster:763de73 +slurmImage: ghcr.io/stackhpc/slurm-docker-cluster:d58f819 replicas: slurmd: 2 From 15b07a671b8e49a4e0d73bd6899a4290510bc065 Mon Sep 17 00:00:00 2001 From: Will Date: Thu, 10 Aug 2023 16:47:52 +0100 Subject: [PATCH 15/23] Removed generate-secrets.sh --- generate-secrets.sh | 10 ---------- 1 file changed, 10 deletions(-) delete mode 100755 generate-secrets.sh diff --git a/generate-secrets.sh b/generate-secrets.sh deleted file mode 100755 index b6d4267..0000000 --- a/generate-secrets.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash - -mkdir -p ./temphostkeys/etc/ssh -ssh-keygen -A -f ./temphostkeys -kubectl create secret generic host-keys-secret \ ---dry-run=client \ ---from-file=./temphostkeys/etc/ssh \ --o yaml | \ -kubectl apply -f - -rm -rf ./temphostkeys From 4b8e114aed5468a9cc74b68b0118272c194279cc Mon Sep 17 00:00:00 2001 From: Will Date: Fri, 11 Aug 2023 09:52:16 +0100 Subject: [PATCH 16/23] Now option to give public key explicitly through values.yaml --- .../templates/helm-authorized-keys-configmap.yaml | 9 +++++++++ slurm-cluster-chart/templates/login-deployment.yaml | 6 +++++- slurm-cluster-chart/values.yaml | 4 +++- 3 files changed, 17 insertions(+), 2 deletions(-) create mode 100644 slurm-cluster-chart/templates/helm-authorized-keys-configmap.yaml diff --git a/slurm-cluster-chart/templates/helm-authorized-keys-configmap.yaml b/slurm-cluster-chart/templates/helm-authorized-keys-configmap.yaml new file mode 100644 index 0000000..75ad249 --- /dev/null +++ b/slurm-cluster-chart/templates/helm-authorized-keys-configmap.yaml @@ -0,0 +1,9 @@ +#Only applied if sshPublicKey provided in values.yaml, if not assumes you have run publish-keys.sh prior to helm release +{{ if .Values.sshPublicKey }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: helm-authorized-keys-configmap +data: + authorized_keys: {{ .Values.sshPublicKey }} +{{ end }} diff --git a/slurm-cluster-chart/templates/login-deployment.yaml b/slurm-cluster-chart/templates/login-deployment.yaml index 37fb46b..0984560 100644 --- a/slurm-cluster-chart/templates/login-deployment.yaml +++ b/slurm-cluster-chart/templates/login-deployment.yaml @@ -80,7 +80,11 @@ spec: defaultMode: 0400 - name: authorized-keys configMap: - name: {{ .Values.configmaps.authorizedKeys }} + {{ if .Values.sshPublicKey }} + name: helm-authorized-keys-configmap + {{ else }} + name: authorized-keys-configmap + {{ end }} - name: cluster-config configMap: name: cluster-config diff --git a/slurm-cluster-chart/values.yaml b/slurm-cluster-chart/values.yaml index 0421371..d7fc033 100644 --- a/slurm-cluster-chart/values.yaml +++ b/slurm-cluster-chart/values.yaml @@ -13,11 +13,13 @@ sqlImage: mariadb:10.10 databaseStorage: 100Mi configmaps: - authorizedKeys: authorized-keys-configmap slurmConf: slurm-conf-configmap slurmdbdConf: slurmdbd-conf-configmap sshdConfig: sshd-config-configmap +# If let undefined, assumes you have run publish-keys.sh to publish your public key prior to deployment +sshPublicKey: + secrets: databaseAuth: database-auth-secret mungeKey: munge-key-secret From c7a724886ba2aaea3b65c4d228d3391717d8c0d7 Mon Sep 17 00:00:00 2001 From: Will Date: Fri, 11 Aug 2023 10:42:00 +0100 Subject: [PATCH 17/23] Added custom packaging to workflow --- .github/workflows/publish-helm-chart.yml | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/.github/workflows/publish-helm-chart.yml b/.github/workflows/publish-helm-chart.yml index 8ce0698..1806817 100644 --- a/.github/workflows/publish-helm-chart.yml +++ b/.github/workflows/publish-helm-chart.yml @@ -1,9 +1,6 @@ name: Release Charts -on: - push: - branches: - - main +on: push jobs: release: @@ -17,6 +14,11 @@ jobs: uses: actions/checkout@v3 with: fetch-depth: 0 + submodules: true + + - name: Get SemVer version for current commit + id: semver + uses: stackhpc/github-actions/semver@master - name: Configure Git run: | @@ -28,10 +30,15 @@ jobs: env: GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + - name: "Package Chart" + run: | + helm package slurm-cluster-chart --version ${{ steps.semver.outputs.version }} + - name: Run chart-releaser uses: helm/chart-releaser-action@v1.5.0 with: charts_dir: . + skip_packaging: True env: CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" From 69122f7b503dfd55c21bad56d077e6eec0b957a9 Mon Sep 17 00:00:00 2001 From: Will Date: Fri, 11 Aug 2023 10:46:19 +0100 Subject: [PATCH 18/23] Trying adding charts to cr packages --- .github/workflows/publish-helm-chart.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/publish-helm-chart.yml b/.github/workflows/publish-helm-chart.yml index 1806817..8a6f4f7 100644 --- a/.github/workflows/publish-helm-chart.yml +++ b/.github/workflows/publish-helm-chart.yml @@ -32,7 +32,8 @@ jobs: - name: "Package Chart" run: | - helm package slurm-cluster-chart --version ${{ steps.semver.outputs.version }} + mkdir -p .cr-release-packages + helm package slurm-cluster-chart --version ${{ steps.semver.outputs.version }} --destination .cr-release-packages - name: Run chart-releaser uses: helm/chart-releaser-action@v1.5.0 From f9d4f9a95ea28c999cc80076f949a712735f8b45 Mon Sep 17 00:00:00 2001 From: Will Date: Mon, 14 Aug 2023 13:53:22 +0100 Subject: [PATCH 19/23] Changed OOD key names --- .gitignore | 3 +++ slurm-cluster-chart/templates/login-deployment.yaml | 2 +- slurm-cluster-chart/values.yaml | 2 +- 3 files changed, 5 insertions(+), 2 deletions(-) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..0ba5327 --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +# Build artifacts from local helm install +slurm-cluster-chart/Chart.lock +slurm-cluster-chart/charts/ diff --git a/slurm-cluster-chart/templates/login-deployment.yaml b/slurm-cluster-chart/templates/login-deployment.yaml index 0984560..64a6469 100644 --- a/slurm-cluster-chart/templates/login-deployment.yaml +++ b/slurm-cluster-chart/templates/login-deployment.yaml @@ -28,7 +28,7 @@ spec: name: login env: - name: ROCKY_OOD_PASS - value: {{ .Values.openOndemand.password }} + value: {{ .Values.openOnDemand.password }} ports: - containerPort: 22 - containerPort: 80 diff --git a/slurm-cluster-chart/values.yaml b/slurm-cluster-chart/values.yaml index d7fc033..c555b98 100644 --- a/slurm-cluster-chart/values.yaml +++ b/slurm-cluster-chart/values.yaml @@ -25,5 +25,5 @@ secrets: mungeKey: munge-key-secret #OOD username is rocky -openOndemand: +openOnDemand: password: password From f25fe6ec0df1c4df5ad79c744570a7d7a28fb447 Mon Sep 17 00:00:00 2001 From: Will Date: Mon, 14 Aug 2023 14:29:19 +0100 Subject: [PATCH 20/23] Removed resource policies --- slurm-cluster-chart/templates/database-auth-secret.yaml | 1 - slurm-cluster-chart/templates/munge-key-secret.yaml | 1 - 2 files changed, 2 deletions(-) diff --git a/slurm-cluster-chart/templates/database-auth-secret.yaml b/slurm-cluster-chart/templates/database-auth-secret.yaml index 6133576..1a1d6ea 100644 --- a/slurm-cluster-chart/templates/database-auth-secret.yaml +++ b/slurm-cluster-chart/templates/database-auth-secret.yaml @@ -4,6 +4,5 @@ metadata: name: database-auth-secret annotations: helm.sh/hook: pre-install - helm.sh/resource-policy: keep data: password: {{ randAlphaNum 32 | b64enc }} diff --git a/slurm-cluster-chart/templates/munge-key-secret.yaml b/slurm-cluster-chart/templates/munge-key-secret.yaml index 65825d6..df97e19 100644 --- a/slurm-cluster-chart/templates/munge-key-secret.yaml +++ b/slurm-cluster-chart/templates/munge-key-secret.yaml @@ -4,6 +4,5 @@ metadata: name: munge-key-secret annotations: helm.sh/hook: pre-install - helm.sh/resource-policy: keep data: munge.key: {{ randAscii 128 | b64enc }} From 474450b7e68b0272a53e65bae9cb75ff8b30bb64 Mon Sep 17 00:00:00 2001 From: Will Date: Mon, 14 Aug 2023 14:53:49 +0100 Subject: [PATCH 21/23] Refactored and documented values.yaml --- .github/workflows/publish-helm-chart.yml | 46 ++++++------------- .../templates/mysql-deployment.yaml | 2 +- .../var-lib-mysql-persistentvolumeclaim.yaml | 2 +- slurm-cluster-chart/values.yaml | 19 +++++--- 4 files changed, 28 insertions(+), 41 deletions(-) diff --git a/.github/workflows/publish-helm-chart.yml b/.github/workflows/publish-helm-chart.yml index 8a6f4f7..99e4c45 100644 --- a/.github/workflows/publish-helm-chart.yml +++ b/.github/workflows/publish-helm-chart.yml @@ -1,18 +1,16 @@ -name: Release Charts - +name: Publish charts +# Run the tasks on every push on: push - jobs: - release: - # depending on default permission settings for your org (contents being read-only or read-write for workloads), you will have to add permissions - # see: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token - permissions: - contents: write + publish_charts: + name: Build and push Helm charts runs-on: ubuntu-latest steps: - - name: Checkout - uses: actions/checkout@v3 + - name: Check out the repository + uses: actions/checkout@v2 with: + # This is important for the semver action to work correctly + # when determining the number of commits since the last tag fetch-depth: 0 submodules: true @@ -20,26 +18,10 @@ jobs: id: semver uses: stackhpc/github-actions/semver@master - - name: Configure Git - run: | - git config user.name "$GITHUB_ACTOR" - git config user.email "$GITHUB_ACTOR@users.noreply.github.com" - - - name: Install Helm - uses: azure/setup-helm@v3 - env: - GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" - - - name: "Package Chart" - run: | - mkdir -p .cr-release-packages - helm package slurm-cluster-chart --version ${{ steps.semver.outputs.version }} --destination .cr-release-packages - - - name: Run chart-releaser - uses: helm/chart-releaser-action@v1.5.0 + - name: Publish Helm charts + uses: stackhpc/github-actions/helm-publish@master with: - charts_dir: . - skip_packaging: True - env: - CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" - + token: ${{ secrets.GITHUB_TOKEN }} + version: ${{ steps.semver.outputs.version }} + app-version: ${{ steps.semver.outputs.short-sha }} + \ No newline at end of file diff --git a/slurm-cluster-chart/templates/mysql-deployment.yaml b/slurm-cluster-chart/templates/mysql-deployment.yaml index 8ffd49e..debf962 100644 --- a/slurm-cluster-chart/templates/mysql-deployment.yaml +++ b/slurm-cluster-chart/templates/mysql-deployment.yaml @@ -34,7 +34,7 @@ spec: value: "yes" - name: MYSQL_USER value: "slurm" - image: {{ .Values.sqlImage }} + image: {{ .Values.mySQL.image }} name: mysql ports: - containerPort: 3306 diff --git a/slurm-cluster-chart/templates/var-lib-mysql-persistentvolumeclaim.yaml b/slurm-cluster-chart/templates/var-lib-mysql-persistentvolumeclaim.yaml index 841bb0f..56fc7dd 100644 --- a/slurm-cluster-chart/templates/var-lib-mysql-persistentvolumeclaim.yaml +++ b/slurm-cluster-chart/templates/var-lib-mysql-persistentvolumeclaim.yaml @@ -11,4 +11,4 @@ spec: - ReadWriteOnce resources: requests: - storage: {{ .Values.databaseStorage }} + storage: {{ .Values.mySQL.storage }} diff --git a/slurm-cluster-chart/values.yaml b/slurm-cluster-chart/values.yaml index c555b98..63e3531 100644 --- a/slurm-cluster-chart/values.yaml +++ b/slurm-cluster-chart/values.yaml @@ -8,22 +8,27 @@ nfs: mountPath: /home claimName: rook-nfs-pv-claim -sqlImage: mariadb:10.10 - -databaseStorage: 100Mi - +# Values for Slurm's database container +mySQL: + #Database image to be used + image: mariadb:10.10 + #Storage requested by the var-lib-mysql volume backing the database + storage: 100Mi + +# Configmap resource names configmaps: slurmConf: slurm-conf-configmap slurmdbdConf: slurmdbd-conf-configmap sshdConfig: sshd-config-configmap -# If let undefined, assumes you have run publish-keys.sh to publish your public key prior to deployment +# Public key used for ssh access to the login node +# If let undefined, assumes you have run the provided publish-keys.sh script to publish your public key prior to deployment sshPublicKey: +# Secret resource names secrets: - databaseAuth: database-auth-secret mungeKey: munge-key-secret -#OOD username is rocky openOnDemand: + #Password for default Open OnDemand user 'rocky' password: password From 4c7f875813917e9753542d4e600591efef016e23 Mon Sep 17 00:00:00 2001 From: Will Date: Tue, 15 Aug 2023 16:03:08 +0100 Subject: [PATCH 22/23] Changed database template name --- slurm-cluster-chart/templates/mysql-deployment.yaml | 2 +- .../templates/var-lib-mysql-persistentvolumeclaim.yaml | 2 +- slurm-cluster-chart/values.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/slurm-cluster-chart/templates/mysql-deployment.yaml b/slurm-cluster-chart/templates/mysql-deployment.yaml index debf962..96dc88f 100644 --- a/slurm-cluster-chart/templates/mysql-deployment.yaml +++ b/slurm-cluster-chart/templates/mysql-deployment.yaml @@ -34,7 +34,7 @@ spec: value: "yes" - name: MYSQL_USER value: "slurm" - image: {{ .Values.mySQL.image }} + image: {{ .Values.database.image }} name: mysql ports: - containerPort: 3306 diff --git a/slurm-cluster-chart/templates/var-lib-mysql-persistentvolumeclaim.yaml b/slurm-cluster-chart/templates/var-lib-mysql-persistentvolumeclaim.yaml index 56fc7dd..a5f4503 100644 --- a/slurm-cluster-chart/templates/var-lib-mysql-persistentvolumeclaim.yaml +++ b/slurm-cluster-chart/templates/var-lib-mysql-persistentvolumeclaim.yaml @@ -11,4 +11,4 @@ spec: - ReadWriteOnce resources: requests: - storage: {{ .Values.mySQL.storage }} + storage: {{ .Values.database.storage }} diff --git a/slurm-cluster-chart/values.yaml b/slurm-cluster-chart/values.yaml index 63e3531..7c3a481 100644 --- a/slurm-cluster-chart/values.yaml +++ b/slurm-cluster-chart/values.yaml @@ -9,7 +9,7 @@ nfs: claimName: rook-nfs-pv-claim # Values for Slurm's database container -mySQL: +database: #Database image to be used image: mariadb:10.10 #Storage requested by the var-lib-mysql volume backing the database From 7c5b6c4cbb2b4f3f7055fe7f0a325f1a2252ab1a Mon Sep 17 00:00:00 2001 From: Will Date: Wed, 16 Aug 2023 12:12:30 +0100 Subject: [PATCH 23/23] Updated image --- slurm-cluster-chart/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/slurm-cluster-chart/values.yaml b/slurm-cluster-chart/values.yaml index df19aa5..3d41248 100644 --- a/slurm-cluster-chart/values.yaml +++ b/slurm-cluster-chart/values.yaml @@ -1,4 +1,4 @@ -slurmImage: ghcr.io/stackhpc/slurm-docker-cluster:7c0e2d9 #OUTDATED, DON'T USE! +slurmImage: ghcr.io/stackhpc/slurm-docker-cluster:d3daba4 login: # Deployment resource name