Skip to content

Commit fd9c7b2

Browse files
EamonZhangEamonZhang
committed
chore(addons): add lakefs
1 parent da5d8d6 commit fd9c7b2

35 files changed

Lines changed: 1357 additions & 1 deletion

addons/index.yaml

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -74,4 +74,7 @@ entries:
7474
description: "YugabyteDB is a high-performance distributed SQL database for powering global, internet-scale applications. "
7575
nessie:
7676
- version: "0.103"
77-
description: "Transactional Catalog for Data Lakes with Git-like semantics . "
77+
description: "Transactional Catalog for Data Lakes with Git-like semantics . "
78+
lakefs:
79+
- version: "1.52"
80+
description: "LakeFS provides version control over the data lake, and uses Git-like semantics to create and access those versions. If you know git, you’ll be right at home with lakeFS. "

addons/lakefs/1.52/chart/lakefs/Chart.yaml

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,17 @@
1+
apiVersion: v2
2+
appVersion: 1.52.0
3+
description: A Helm chart for running LakeFS on Kubernetes
4+
home: https://lakefs.io
5+
icon: https://lakefs.io/wp-content/uploads/2020/07/lake-fs-color-2.svg
6+
maintainers:
7+
- email: services@treeverse.io
8+
name: treeverse
9+
name: lakefs
10+
dependencies:
11+
- name: common
12+
repository: oci://registry.drycc.cc/charts
13+
version: ~1.1.1
14+
sources:
15+
- https://github.com/treeverse/lakeFS
16+
type: application
17+
version: 1.4.5

addons/lakefs/1.52/chart/lakefs/templates/NOTES.txt

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
Thank you for installing lakeFS!
2+
3+
1. Run the following to get a url to start setting up lakeFS:
4+
{{- if contains "NodePort" .Values.service.type }}
5+
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "lakefs.fullname" . }})
6+
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
7+
echo http://$NODE_IP:$NODE_PORT/setup
8+
{{- else if contains "LoadBalancer" .Values.service.type }}
9+
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
10+
You can watch the status of by running 'kubectl get svc -w {{ template "lakefs.fullname" . }}'
11+
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "lakefs.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
12+
echo http://$SERVICE_IP:{{ .Values.service.port }}/setup
13+
{{- else if contains "ClusterIP" .Values.service.type }}
14+
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
15+
kubectl wait --for=condition=ready pod $POD_NAME
16+
echo "Visit http://127.0.0.1:{{ .Values.deployment.port }}/setup to use your application"
17+
kubectl port-forward $POD_NAME {{ .Values.deployment.port }}:{{ .Values.deployment.port }} --namespace {{ .Release.Namespace }}
18+
{{- end }}
19+
20+
2. See the docs on how to create your first repository: https://docs.lakefs.io/quickstart/repository.html

addons/lakefs/1.52/chart/lakefs/templates/_env.tpl

Lines changed: 111 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,111 @@
1+
{{- define "lakefs.env" -}}
2+
env:
3+
{{- if and .Values.existingSecret .Values.secretKeys.databaseConnectionString }}
4+
- name: LAKEFS_DATABASE_POSTGRES_CONNECTION_STRING
5+
valueFrom:
6+
secretKeyRef:
7+
name: {{ .Values.existingSecret }}
8+
key: {{ .Values.secretKeys.databaseConnectionString }}
9+
{{- else if and .Values.secrets (.Values.secrets).databaseConnectionString }}
10+
- name: LAKEFS_DATABASE_POSTGRES_CONNECTION_STRING
11+
valueFrom:
12+
secretKeyRef:
13+
name: {{ include "lakefs.fullname" . }}
14+
key: database_connection_string
15+
{{- end }}
16+
{{- if .Values.existingSecret }}
17+
- name: LAKEFS_AUTH_ENCRYPT_SECRET_KEY
18+
valueFrom:
19+
secretKeyRef:
20+
name: {{ .Values.existingSecret }}
21+
key: {{ .Values.secretKeys.authEncryptSecretKey }}
22+
{{- else if and .Values.secrets (.Values.secrets).authEncryptSecretKey }}
23+
- name: LAKEFS_AUTH_ENCRYPT_SECRET_KEY
24+
valueFrom:
25+
secretKeyRef:
26+
name: {{ include "lakefs.fullname" . }}
27+
key: auth_encrypt_secret_key
28+
{{- else }}
29+
- name: LAKEFS_AUTH_ENCRYPT_SECRET_KEY
30+
value: 0d48e811f0b11d7f18d8c905
31+
{{- end }}
32+
{{- if (.Values.fluffy).enabled }}
33+
- name: LAKEFS_USAGE_REPORT_ENABLED
34+
value: "true"
35+
{{- if (.Values.fluffy.sso).enabled }}
36+
- name: LAKEFS_AUTH_AUTHENTICATION_API_ENDPOINT
37+
value: {{ printf "http://%s/api/v1" (include "fluffy.ssoServiceName" .) | quote }}
38+
{{- if and .Values.ingress.enabled (.Values.fluffy.sso.saml).enabled }}
39+
- name: LAKEFS_AUTH_COOKIE_AUTH_VERIFICATION_AUTH_SOURCE
40+
value: saml
41+
- name: LAKEFS_AUTH_UI_CONFIG_LOGIN_URL
42+
value: {{ printf "%s/sso/login-saml" .Values.fluffy.sso.saml.lakeFSServiceProviderIngress }}
43+
- name: LAKEFS_AUTH_UI_CONFIG_LOGOUT_URL
44+
value: {{ printf "%s/sso/logout-saml" .Values.fluffy.sso.saml.lakeFSServiceProviderIngress }}
45+
{{- end }}
46+
{{- if (.Values.fluffy.sso.oidc).enabled }}
47+
- name: LAKEFS_AUTH_UI_CONFIG_LOGIN_URL
48+
value: '/oidc/login'
49+
- name: LAKEFS_AUTH_UI_CONFIG_LOGOUT_URL
50+
value: '/oidc/logout'
51+
{{- end }}
52+
{{- if (.Values.fluffy.sso.ldap).enabled }}
53+
- name: LAKEFS_AUTH_REMOTE_AUTHENTICATOR_ENDPOINT
54+
value: {{ default (printf "http://%s/api/v1/ldap/login" (include "fluffy.ssoServiceName" .) | quote) (.Values.fluffy.sso.ldap).endpointOverride }}
55+
- name: LAKEFS_AUTH_UI_CONFIG_LOGOUT_URL
56+
value: /logout
57+
{{- end }}
58+
{{- end }}
59+
{{- if (.Values.fluffy.rbac).enabled }}
60+
- name: LAKEFS_AUTH_API_ENDPOINT
61+
value: {{ printf "http://%s/api/v1" (include "fluffy.rbacServiceName" .) | quote }}
62+
- name: LAKEFS_AUTH_UI_CONFIG_RBAC
63+
value: internal
64+
{{- end }}
65+
{{- end }}
66+
{{- if .Values.s3Fallback.enabled }}
67+
- name: LAKEFS_GATEWAYS_S3_FALLBACK_URL
68+
value: http://localhost:7001
69+
{{- end }}
70+
{{- if .Values.committedLocalCacheVolume }}
71+
- name: LAKEFS_COMMITTED_LOCAL_CACHE_DIR
72+
value: /lakefs/cache
73+
{{- end }}
74+
{{- if .Values.useDevPostgres }}
75+
{{- if and (.Values.fluffy).enabled (.Values.fluffy.rbac).enabled }}
76+
- name: LAKEFS_DATABASE_TYPE
77+
value: postgres
78+
- name: LAKEFS_DATABASE_POSTGRES_CONNECTION_STRING
79+
value: 'postgres://lakefs:lakefs@postgres-server:5432/postgres?sslmode=disable'
80+
{{- end }}
81+
{{- end }}
82+
{{- if .Values.extraEnvVars }}
83+
{{- toYaml .Values.extraEnvVars | nindent 2 }}
84+
{{- end }}
85+
{{- if .Values.extraEnvVarsSecret }}
86+
envFrom:
87+
- secretRef:
88+
name: {{ .Values.extraEnvVarsSecret }}
89+
{{- end }}
90+
{{- end }}
91+
92+
{{- define "lakefs.volumes" -}}
93+
{{- if .Values.extraVolumes }}
94+
{{ toYaml .Values.extraVolumes }}
95+
{{- end }}
96+
{{- if .Values.committedLocalCacheVolume }}
97+
- name: committed-local-cache
98+
{{- toYaml .Values.committedLocalCacheVolume | nindent 2 }}
99+
{{- end }}
100+
{{- if not .Values.lakefsConfig }}
101+
- name: {{ .Chart.Name }}-local-data
102+
{{- end}}
103+
{{- if .Values.lakefsConfig }}
104+
- name: config-volume
105+
configMap:
106+
name: {{ include "lakefs.fullname" . }}
107+
items:
108+
- key: config.yaml
109+
path: config.yaml
110+
{{- end }}
111+
{{- end }}

addons/lakefs/1.52/chart/lakefs/templates/_fluffy.tpl

Lines changed: 209 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,209 @@
1+
{{/*
2+
fluffy resource full name
3+
*/}}
4+
{{- define "fluffy.fullname" -}}
5+
{{- $name := include "lakefs.fullname" . }}
6+
{{- printf "%s-fluffy" $name | trunc 63 }}
7+
{{- end }}
8+
9+
{{/*
10+
Common labels
11+
*/}}
12+
{{- define "fluffy.labels" -}}
13+
helm.sh/chart: {{ include "lakefs.chart" . }}
14+
{{ include "fluffy.selectorLabels" . }}
15+
{{- if .Chart.AppVersion }}
16+
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
17+
{{- end }}
18+
app.kubernetes.io/managed-by: {{ .Release.Service }}
19+
{{- end }}
20+
21+
{{/*
22+
Selector labels
23+
*/}}
24+
{{- define "fluffy.selectorLabels" -}}
25+
app.kubernetes.io/name: {{ include "lakefs.name" . }}-fluffy
26+
app.kubernetes.io/instance: {{ .Release.Name }}
27+
{{- end }}
28+
29+
{{/*
30+
Create the name of the service account to use
31+
*/}}
32+
{{- define "fluffy.serviceAccountName" -}}
33+
{{- $lakeFSAcc := include "lakefs.serviceAccountName" . }}
34+
{{- default $lakeFSAcc .Values.fluffy.serviceAccountName }}
35+
{{- end }}
36+
37+
{{/*
38+
fluffy SSO service name
39+
*/}}
40+
{{- define "fluffy.ssoServiceName" -}}
41+
{{- printf "fluffy-sso" }}
42+
{{- end }}
43+
44+
{{/*
45+
fluffy Authorization service name
46+
*/}}
47+
{{- define "fluffy.rbacServiceName" -}}
48+
{{- printf "fluffy-rbac" }}
49+
{{- end }}
50+
51+
52+
{{/*
53+
Fluffy environment variables
54+
*/}}
55+
56+
{{- define "fluffy.env" -}}
57+
env:
58+
{{- if (.Values.fluffy.sso).enabled }}
59+
{{- if and .Values.ingress.enabled (.Values.fluffy.sso.saml).enabled }}
60+
- name: FLUFFY_AUTH_SAML_ENABLED
61+
value: "true"
62+
- name: FLUFFY_AUTH_LOGOUT_REDIRECT_URL
63+
value: {{ .Values.fluffy.sso.saml.lakeFSServiceProviderIngress }}
64+
- name: FLUFFY_AUTH_POST_LOGIN_REDIRECT_URL
65+
value: {{ .Values.fluffy.sso.saml.lakeFSServiceProviderIngress }}
66+
- name: FLUFFY_AUTH_SAML_SP_ROOT_URL
67+
value: {{ .Values.fluffy.sso.saml.lakeFSServiceProviderIngress }}
68+
- name: FLUFFY_AUTH_SAML_SP_X509_KEY_PATH
69+
value: '/etc/saml_certs/rsa_saml_private.key'
70+
- name: FLUFFY_AUTH_SAML_SP_X509_CERT_PATH
71+
value: '/etc/saml_certs/rsa_saml_public.pem'
72+
{{- end }}
73+
{{- if (.Values.fluffy.sso.oidc).enabled }}
74+
- name: FLUFFY_AUTH_POST_LOGIN_REDIRECT_URL
75+
value: '/'
76+
{{- if (.Values.fluffy.sso.oidc).client_secret }}
77+
- name: FLUFFY_AUTH_OIDC_CLIENT_SECRET
78+
valueFrom:
79+
secretKeyRef:
80+
name: {{ include "fluffy.fullname" . }}
81+
key: oidc_client_secret
82+
{{- end }}
83+
{{- end }}
84+
{{- if (.Values.fluffy.sso.ldap).enabled }}
85+
- name: FLUFFY_AUTH_LDAP_BIND_PASSWORD
86+
valueFrom:
87+
secretKeyRef:
88+
name: {{ include "fluffy.fullname" . }}
89+
key: ldap_bind_password
90+
{{- end }}
91+
{{- end }}
92+
{{- if .Values.existingSecret }}
93+
- name: FLUFFY_AUTH_ENCRYPT_SECRET_KEY
94+
valueFrom:
95+
secretKeyRef:
96+
name: {{ .Values.existingSecret }}
97+
key: {{ .Values.secretKeys.authEncryptSecretKey }}
98+
{{- else if and .Values.secrets (.Values.secrets).authEncryptSecretKey }}
99+
- name: FLUFFY_AUTH_ENCRYPT_SECRET_KEY
100+
valueFrom:
101+
secretKeyRef:
102+
name: {{ include "lakefs.fullname" . }}
103+
key: auth_encrypt_secret_key
104+
{{- else }}
105+
- name: FLUFFY_AUTH_ENCRYPT_SECRET_KEY
106+
value: asdjfhjaskdhuioaweyuiorasdsjbaskcbkj
107+
{{- end }}
108+
{{- if and (.Values.fluffy.rbac).enabled }}
109+
- name: FLUFFY_AUTH_SERVE_LISTEN_ADDRESS
110+
value: {{ printf ":%s" (include "fluffy.rbac.containerPort" .) }}
111+
{{- end }}
112+
{{- if and .Values.existingSecret .Values.secretKeys.databaseConnectionString }}
113+
- name: FLUFFY_DATABASE_POSTGRES_CONNECTION_STRING
114+
valueFrom:
115+
secretKeyRef:
116+
name: {{ .Values.existingSecret }}
117+
key: {{ .Values.secretKeys.databaseConnectionString }}
118+
{{- else if and .Values.secrets (.Values.secrets).databaseConnectionString }}
119+
- name: FLUFFY_DATABASE_POSTGRES_CONNECTION_STRING
120+
valueFrom:
121+
secretKeyRef:
122+
name: {{ include "lakefs.fullname" . }}
123+
key: database_connection_string
124+
{{- else if and .Values.useDevPostgres (.Values.fluffy.rbac).enabled }}
125+
- name: FLUFFY_DATABASE_TYPE
126+
value: postgres
127+
- name: FLUFFY_DATABASE_POSTGRES_CONNECTION_STRING
128+
value: 'postgres://lakefs:lakefs@postgres-server:5432/postgres?sslmode=disable'
129+
{{- end }}
130+
{{- if .Values.fluffy.extraEnvVars }}
131+
{{- toYaml .Values.fluffy.extraEnvVars | nindent 2 }}
132+
{{- end }}
133+
{{- if .Values.fluffy.extraEnvVarsSecret }}
134+
envFrom:
135+
- secretRef:
136+
name: {{ .Values.fluffy.extraEnvVarsSecret }}
137+
{{- end }}
138+
{{- end }}
139+
140+
{{- define "fluffy.volumes" -}}
141+
{{- if .Values.fluffy.extraVolumes }}
142+
{{ toYaml .Values.fluffy.extraVolumes }}
143+
{{- end }}
144+
{{- if not .Values.fluffy.fluffyConfig }}
145+
- name: {{ .Chart.Name }}-local-data
146+
{{- end}}
147+
{{- if (.Values.fluffy.sso.saml).enabled }}
148+
- name: secret-volume
149+
secret:
150+
secretName: saml-certificates
151+
{{- end }}
152+
{{- if .Values.fluffy.fluffyConfig }}
153+
- name: {{ include "fluffy.fullname" . }}-config
154+
configMap:
155+
name: {{ include "fluffy.fullname" . }}-config
156+
items:
157+
- key: config.yaml
158+
path: config.yaml
159+
{{- end }}
160+
{{- end }}
161+
162+
{{- define "fluffy.ingressOverrides" -}}
163+
{{- $serviceName := include "fluffy.ssoServiceName" . -}}
164+
{{- $gitVersion := .Capabilities.KubeVersion.GitVersion -}}
165+
{{- $pathsOverrides := list "/oidc/" "/api/v1/oidc/" "/saml/" "/sso/" "/api/v1/ldap/" }}
166+
{{- range $pathsOverrides }}
167+
- path: {{ . }}
168+
{{- if semverCompare ">=1.19-0" $gitVersion }}
169+
pathType: Prefix
170+
backend:
171+
service:
172+
name: {{ $serviceName }}
173+
port:
174+
number: 80
175+
{{- else }}
176+
backend:
177+
serviceName: {{ $serviceName }}
178+
servicePort: 80
179+
{{- end }}
180+
{{- end }}
181+
{{- end }}
182+
183+
{{- define "fluffy.dockerConfigJson" }}
184+
{{- $token := .Values.fluffy.image.privateRegistry.secretToken }}
185+
{{- $username := "externallakefs" }}
186+
{{- $registry := "https://index.docker.io/v1/" }}
187+
{{- printf "{\"auths\":{\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"auth\":\"%s\"}}}" $registry $username $token (printf "%s:%s" $username $token | b64enc) | b64enc }}
188+
{{- end }}
189+
190+
{{- define "fluffy.sso.serviceType" }}
191+
{{- default "ClusterIP" (.Values.fluffy.sso.service).type }}
192+
{{- end }}
193+
{{- define "fluffy.rbac.serviceType" }}
194+
{{- default "ClusterIP" (.Values.fluffy.rbac.service).type }}
195+
{{- end }}
196+
197+
{{- define "fluffy.sso.port" }}
198+
{{- default 80 (.Values.fluffy.sso.service).port }}
199+
{{- end }}
200+
{{- define "fluffy.rbac.port" }}
201+
{{- default 80 (.Values.fluffy.rbac.service).port }}
202+
{{- end }}
203+
204+
{{- define "fluffy.sso.containerPort" }}
205+
{{- default 8000 (.Values.fluffy.sso.service).containerPort }}
206+
{{- end }}
207+
{{- define "fluffy.rbac.containerPort" }}
208+
{{- default 9000 (.Values.fluffy.rbac.service).containerPort }}
209+
{{- end }}

addons/lakefs/1.52/chart/lakefs/templates/_gcp_proxy_container.tpl

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,18 @@
1+
{{- define "lakefs.gcpProxyContainer" }}
2+
{{- if .Values.lakefsConfig }}
3+
{{ $config := .Values.lakefsConfig | fromYaml }}
4+
{{- end }}
5+
{{- if .Values.gcpFallback.enabled }}
6+
- name: gcp-proxy
7+
image: eu.gcr.io/cloudsql-docker/gce-proxy:1.33.4
8+
imagePullPolicy: IfNotPresent
9+
command:
10+
- /cloud_sql_proxy
11+
- -term_timeout=10s
12+
env:
13+
{{- if .Values.gcpFallback.instance }}
14+
- name: INSTANCES
15+
value: {{ .Values.gcpFallback.instance }}
16+
{{- end }}
17+
{{- end }}
18+
{{- end }}

0 commit comments

Comments
 (0)