Skip to content

Commit

Permalink
Allowing ability to mount volumes in the provider deployment
Browse files Browse the repository at this point in the history
  • Loading branch information
grahamia authored and alexgeorgousis committed Jan 10, 2025
1 parent e3cf329 commit 9793841
Show file tree
Hide file tree
Showing 4 changed files with 20 additions and 2 deletions.
2 changes: 2 additions & 0 deletions config/manager/controller_manager_config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -21,10 +21,12 @@ spec:
replicas: 1
podTemplateSpec:
spec:
volumes: []
securityContext:
runAsNonRoot: true
containers:
- name: provider-service
volumeMounts: []
securityContext:
allowPrivilegeEscalation: false
resources:
Expand Down
4 changes: 2 additions & 2 deletions controllers/pipelines/provider_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@ func NewProviderReconciler(ec K8sExecutionContext, config config.KfpControllerCo
func (r *ProviderReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
logger := log.FromContext(ctx)
startTime := time.Now()
logger.V(2).Info("reconciliation started")
logger.Info("reconciliation started", "request", req)

var provider = &pipelinesv1.Provider{}
if err := r.EC.Client.NonCached.Get(ctx, req.NamespacedName, provider); err != nil {
Expand Down Expand Up @@ -100,7 +100,7 @@ func (r *ProviderReconciler) Reconcile(ctx context.Context, req ctrl.Request) (c
}

duration := time.Since(startTime)
logger.V(2).Info("reconciliation ended", logkeys.Duration, duration)
logger.Info("reconciliation ended", logkeys.Duration, duration)

return ctrl.Result{}, nil
}
Expand Down
3 changes: 3 additions & 0 deletions helm/kfp-operator/templates/configmap.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -28,10 +28,12 @@ data:
replicas: {{ .Values.provider.replicas }}
podTemplateSpec:
spec:
volumes: {{- if .Values.provider.volumes }}{{- toYaml .Values.provider.volumes | nindent 12 }}{{ else }} []{{ end }}
securityContext:
runAsNonRoot: true
containers:
- name: provider-service
volumeMounts: {{- if .Values.provider.volumeMounts }}{{- toYaml .Values.provider.volumeMounts | nindent 14 }}{{ else }} []{{ end }}
securityContext:
allowPrivilegeEscalation: false
resources:
Expand All @@ -43,3 +45,4 @@ data:
fieldPath: metadata.namespace
- name: OPERATORWEBHOOK
value: {{ include "kfp-operator.fullname" . }}-controller-manager.{{ .Values.namespace.name }}:{{.Values.manager.runcompletionWebhook.servicePort}}/events
{{- if .Values.provider.env }}{{- $.Values.provider.env | toYaml | nindent 14 }}{{ end }}
13 changes: 13 additions & 0 deletions local/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -41,3 +41,16 @@ statusFeedback:
providers:
- kfp
- vai

provider:
env:
- name: GOOGLE_APPLICATION_CREDENTIALS
value: /etc/gcloud/key-file.json
volumes:
- name: gcp-credentials
secret:
secretName: gcp-credentials
volumeMounts:
- name: gcp-credentials
mountPath: /etc/gcloud
readOnly: true

0 comments on commit 9793841

Please sign in to comment.