Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Adding minio with dex auth to nerc-ocp-obs cluster #616

Merged
merged 4 commits into from
Dec 6, 2024
Merged

feat: Adding minio with dex auth to nerc-ocp-obs cluster #616

merged 4 commits into from
Dec 6, 2024

Conversation

dheerajodha
Copy link
Contributor

Adding support for object stores in the nerc-ocp-obs cluster with authentication

@computate
Copy link
Member

@dheerajodha Looking good! Let's include a PVC patch like this for 20Ti storage.
https://github.com/OCP-on-NERC/nerc-ocp-config/blob/main/minio/overlays/nerc-ocp-test/persistentvolumeclaims/patch-pvc.yaml

@dheerajodha
Copy link
Contributor Author

Hey @computate, I've added the PVC patch in my latest commit, PTAL.

@dheerajodha dheerajodha marked this pull request as ready for review December 3, 2024 09:15
@computate
Copy link
Member

computate commented Dec 3, 2024
edited
Loading

Excellent @dheerajodha , one more change we should add in the obs cluster dex ConfigMap here. Can you please add these 2 additional staticClients? I have added the corresponding MINIO_IDENTITY_OPENID_CLIENT_SECRET and AI_TELEMETRY_AUTH_SECRET to vault, so that they will be added to the existing ExternalSecret.

  - id: minio
    name: MinIO
    redirectURIs:
      - https://minio-console-minio.apps.obs.nerc.mghpcc.org/oauth_callback
      - https://minio-minio.apps.obs.nerc.mghpcc.org/oauth_callback
    secretEnv: MINIO_IDENTITY_OPENID_CLIENT_SECRET
  - id: ai-telemetry
    name: AI Telemetry
    redirectURIs:
      - https://keycloak.apps.obs.nerc.mghpcc.org/realms/NERC/broker/OpenShift/endpoint
    secretEnv: AI_TELEMETRY_AUTH_SECRET

@computate
Copy link
Member

I have also added a nerc-ocp-obs/minio/minio-admin-credentials secret in vault containing the MINIO_IDENTITY_OPENID_CLIENT_SECRET, MINIO_ROOT_PASSWORD, and MINIO_ROOT_USER, which the minio deployment will read to connect to dex, and provide an admin user for minio.

@dheerajodha
Copy link
Contributor Author

Thank you @computate for the explanation, this makes sense! I've added the 2 staticClients. PTAL

@dheerajodha dheerajodha requested a review from computate December 5, 2024 12:05
@dheerajodha
fix: update minio config url
19a5073 
Fixes nerc-project/operations#848

Fixes SecretStore issue

Signed-off-by: Dheeraj<[email protected]>
computate
computate approved these changes Dec 6, 2024
View reviewed changes
Copy link
Member

@computate computate left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great work with all these fixes!

@computate computate merged commit 006e86b into OCP-on-NERC:main Dec 6, 2024
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tssala23 tssala23 tssala23 approved these changes

@computate computate computate approved these changes

@larsks larsks larsks approved these changes

@IsaiahStapleton IsaiahStapleton Awaiting requested review from IsaiahStapleton

@dystewart dystewart Awaiting requested review from dystewart

@RH-csaggin RH-csaggin Awaiting requested review from RH-csaggin

@schwesig schwesig Awaiting requested review from schwesig

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@dheerajodha @computate @larsks @tssala23