Merge pull request #201 from AccessibleAI/next-1

smtp secret ref

Dockerfile

@@ -1,5 +1,5 @@
 # Build the manager binary
-FROM golang:1.22.6 as builder
+FROM golang:1.23.0 as builder
 
 WORKDIR /workspace
 # Copy the Go Modules manifests

README.md

@@ -21,4 +21,49 @@ helm install cnvrg cnvrg/mlops \
  --set registry.user="<CNVRG-USERNAME>" \
  --set registry.password="<CNVRG-PASSWORD>" \
  --set controlPlane.baseConfig.agentCustomTag="<AGENT-CUSTOM-TAG>"
-```
+```
+
+## Using external secret for SMTP server
+It's an option to specify external secret for SMTP server credintials instead setting it in helm chart values or cnvrgapp CRD . 
+The parameter to reference the secret is `controlPlane.smtp.CredentialsSecretRef` and the keys in the secret should be `username` and `password`.
+
+```bash
+helm install cnvrg cnvrg/mlops \
+ --create-namespace -n cnvrg \
+ --set controlPlane.smtp.credentialsSecretRef="SECRET-NAME"
+```
+secret example
+```bash
+apiVersion: v1
+kind: Secret
+metadata:
+  name: SECRET-NAME
+  namespace: cnvrg
+type: Opaque
+data:
+  username: YWRtaW4=
+  password: c2VjcmV0
+```
+
+## Using external secret for OAuth2 client configuration
+
+It's an option to specify external secret for OAuth2 client configuration instead setting it in helm chart values or cnvrgapp CRD. The parameter to reference the secret is `sso.central.credentialsSecretRef` and the keys in the secret should be `clientId`, `clientSecret`
+
+```bash
+helm install cnvrg cnvrg/mlops \
+ --create-namespace -n cnvrg \
+ --set sso.central.credentialsSecretRef="SECRET-NAME"
+```
+
+secret example
+```bash
+apiVersion: v1
+kind: Secret
+metadata:
+  name: SECRET-NAME
+  namespace: cnvrg
+type: Opaque
+data:
+  clientId: YWRtaW4=
+  clientSecret: c2VjcmV0
+```

api/v1/app.go

@@ -122,13 +122,14 @@ type Ldap struct {
 }
 
 type SMTP struct {
-	Server            string `json:"server,omitempty"`
-	Port              int    `json:"port,omitempty"`
-	Username          string `json:"username,omitempty"`
-	Password          string `json:"password,omitempty"`
-	Domain            string `json:"domain,omitempty"`
-	OpensslVerifyMode string `json:"opensslVerifyMode,omitempty"`
-	Sender            string `json:"sender,omitempty"`
+	Server               string `json:"server,omitempty"`
+	Port                 int    `json:"port,omitempty"`
+	CredentialsSecretRef string `json:"credentialsSecretRef,omitempty"`
+	Username             string `json:"username,omitempty"`
+	Password             string `json:"password,omitempty"`
+	Domain               string `json:"domain,omitempty"`
+	OpensslVerifyMode    string `json:"opensslVerifyMode,omitempty"`
+	Sender               string `json:"sender,omitempty"`
 }
 
 type ObjectStorage struct {
@@ -407,6 +408,7 @@ type CentralSSO struct {
 	EmailDomain                      []string          `json:"emailDomain,omitempty"`
 	ClientID                         string            `json:"clientId,omitempty"`
 	ClientSecret                     string            `json:"clientSecret,omitempty"`
+	CredentialsSecretRef             string            `json:"credentialsSecretRef,omitempty"`
 	OidcIssuerURL                    string            `json:"oidcIssuerUrl,omitempty"`
 	ServiceUrl                       string            `json:"serviceUrl,omitempty"`
 	Scope                            string            `json:"scope,omitempty"`

api/v1/appdefaults.go

@@ -191,7 +191,7 @@ var minioDefaults = Minio{
 var pgDefault = Pg{
 	Enabled:        false,
 	ServiceAccount: "pg",
-	Image:          "postgresql-12-centos7:latest",
+	Image:          "postgresql-12-centos7:pg13",
 	Port:           5432,
 	StorageSize:    "80Gi",
 	SvcName:        "postgres",
@@ -270,7 +270,7 @@ var esDefault = Es{
 		ServiceAccount: "kibana",
 		SvcName:        "kibana",
 		Port:           8080,
-		Image:          "cnvrg/kibana:7.11.2",
+		Image:          "cnvrg/kibana:v7.17.25",
 		NodePort:       30601,
 		Requests: Requests{
 			Cpu:    "100m",
@@ -318,7 +318,7 @@ var promDefaults = Prom{
 	CredsRef:    "prom-creds",
 	SvcName:     "prometheus",
 	Port:        9090,
-	Image:       "prometheus:v2.37.1",
+	Image:       "prometheus:v2.55",
 	StorageSize: "50Gi",
 	Grafana: Grafana{
 		Enabled:  false,
@@ -428,7 +428,7 @@ var ssoDefault = SSO{
 		Enabled:                          false,
 		Replicas:                         1,
 		SvcName:                          "sso-central",
-		CnvrgProxyImage:                  "cnvrg-proxy:ns-watch-scope",
+		CnvrgProxyImage:                  "cap:v0.0.12",
 		OauthProxyImage:                  "oauth2-proxy:v7.4.ssov3.p6",
 		CentralUiImage:                   "centralsso:latest",
 		EmailDomain:                      []string{"*"},
@@ -450,7 +450,7 @@ var ssoDefault = SSO{
 	Proxy: CentralProxy{
 		Enabled:  false,
 		Replicas: 1,
-		Image:    "cnvrg-proxy:ns-watch-scope",
+		Image:    "cap:v0.0.12",
 		SvcName:  "cnvrg-proxy-central",
 		Requests: Requests{
 			Cpu:    "200m",

charts/cvatdbs/values.yaml

@@ -20,12 +20,12 @@ pg:
       cpu: 200m
       memory: 1Gi
 redis:
-  image: redis:7.0.5
+  image: redis:7.4.0
   confRef: cvat-redis
   resources:
     limits:
       cpu: 1000m
       memory: 2Gi
     requests:
       cpu: 100m
-      memory: 200Mi
+      memory: 200Mi

charts/mlops/crds/mlops.cnvrg.io_cnvrgapps.yaml

@@ -267,6 +267,8 @@ spec:
                     type: object
                   smtp:
                     properties:
+                      credentialsSecretRef:
+                        type: string
                       domain:
                         type: string
                       opensslVerifyMode:
@@ -768,6 +770,8 @@ spec:
                         type: string
                       cookieDomain:
                         type: string
+                      credentialsSecretRef:
+                        type: string
                       emailDomain:
                         items:
                           type: string

charts/mlops/templates/cap.yml

@@ -138,6 +138,7 @@ spec:
       port: {{.Values.controlPlane.smtp.port}}
       username: {{.Values.controlPlane.smtp.username}}
       password: {{.Values.controlPlane.smtp.password}}
+      credentialsSecretRef: {{.Values.controlPlane.smtp.credentialsSecretRef}}
       domain: {{.Values.controlPlane.smtp.domain}}
       opensslVerifyMode: {{.Values.controlPlane.smtp.opensslVerifyMode}}
       sender: {{.Values.controlPlane.smtp.sender}}
@@ -338,6 +339,7 @@ spec:
       emailDomain: {{ toJson .Values.sso.central.emailDomain }}
       clientId: {{.Values.sso.central.clientId}}
       clientSecret: {{.Values.sso.central.clientSecret}}
+      credentialsSecretRef: {{.Values.sso.central.credentialsSecretRef}}
       oidcIssuerUrl: {{.Values.sso.central.oidcIssuerUrl}}
       serviceUrl: {{.Values.sso.central.serviceUrl}}
       scope: {{.Values.sso.central.scope}}

charts/mlops/values.yaml

@@ -72,7 +72,7 @@ controlPlane:
       maxReplicas: 5
   hyper:
     enabled: true
-    image: hyper-server:latest
+    image: hyper-server:v2.0
     port: 5050
     replicas: 1
     nodePort: 30050
@@ -128,6 +128,7 @@ controlPlane:
     domain: ''
     opensslVerifyMode: ''
     sender: [email protected]
+    credentialsSecretRef: ''
   objectStorage:
     type: minio
     bucket: cnvrg-storage
@@ -148,7 +149,7 @@ dbs:
   pg:
     enabled: true
     serviceAccount: pg
-    image: postgresql-12-centos7:latest
+    image: postgresql-12-centos7:pg13
     port: 5432
     storageSize: 80Gi
     svcName: postgres
@@ -172,7 +173,7 @@ dbs:
   redis:
     enabled: true
     serviceAccount: redis
-    image: cnvrg-redis:v7.0.0
+    image: redis:7.4.0
     svcName: redis
     port: 6379
     storageSize: 10Gi
@@ -190,7 +191,7 @@ dbs:
     enabled: true
     serviceAccount: minio
     replicas: 1
-    image: minio:RELEASE.2021-05-22T02-34-39Z
+    image: minio:RELEASE.2024-09-13T20-26-02Z
     port: 9000
     storageSize: 100Gi
     svcName: minio
@@ -233,7 +234,7 @@ dbs:
       serviceAccount: kibana
       svcName: kibana
       port: 8080
-      image: cnvrg/kibana:7.11.2
+      image: cnvrg/kibana:v7.17.25
       nodePort: 30601
       requests:
         cpu: 100m
@@ -244,8 +245,8 @@ dbs:
       credsRef: kibana-creds
     elastalert:
       enabled: true
-      image: elastalert:3.0.0-beta.1
-      authProxyImage: nginx:1.20
+      image: elastalert:v5.1
+      authProxyImage: nginx:1.27.1
       credsRef: elastalert-creds
       port: 8080
       nodePort: 32030
@@ -264,12 +265,12 @@ dbs:
     enabled: true
     credsRef: prom-creds
     extraScrapeConfigs:
-    image: prometheus:v2.37.1
+    image: prometheus:v2.55
     storageClass: ""
     storageSize: 50Gi
     grafana:
       enabled: true
-      image: grafana/grafana-oss:9.5.20
+      image: grafana/grafana-oss:11.2.0
       svcName: grafana
       port: 8080
       nodePort: 30012
@@ -311,7 +312,7 @@ sso:
     enabled: false
     name: cnvrg-jwks
     image: jwks:ns-watch-scope
-    cacheImage: redis:7.0.5
+    cacheImage: redis:7.4.0
   central:
     enabled: false
     publicUrl: ''
@@ -323,6 +324,7 @@ sso:
       - "*"
     clientId: ''
     clientSecret: ''
+    credentialsSecretRef: ''
     oidcIssuerUrl: ''
     serviceUrl: ''
     scope: openid email profile
@@ -339,7 +341,7 @@ sso:
       memory: 4Gi
   proxy:
     enabled: false
-    image: cnvrg-proxy:4d10ded
+    image: cap:v0.0.12
     address: ""
     readiness: true
     requests:
@@ -363,4 +365,3 @@ mpi:
 metastorageprovisioner:
   enabled: true
   version: ''
-

charts/mpi/values.yaml

@@ -1,6 +1,6 @@
 imageHub: docker.io
-image: mpioperator/mpi-operator:v0.2.3
-kubectlDeliveryImage: mpioperator/kubectl-delivery:v0.2.3
+image: mpioperator/mpi-operator:v0.5
+kubectlDeliveryImage: mpioperator/kubectl-delivery:v0.5
 imagePullSecretRef: cnvrg-app-registry
 scc: false
 registry:

charts/nomex/values.yaml

@@ -1,3 +1,3 @@
 imageHub: docker.io/cnvrg
-image: nomex:v1.0.0
-imagePullSecretRef: cnvrg-app-registry
+image: nomex:v2.0.0
+imagePullSecretRef: cnvrg-app-registry

charts/optionals/helmfile.yaml

@@ -1,21 +1,21 @@
 releases:
   - name: istio-base
     chart: istio/base
-    version: 1.21.2
+    version: 1.23.1
     namespace: istio-system
     labels:
       stage: istio-infra
 
   - name: istiod
     chart: istio/istiod
-    version: 1.21.2
+    version: 1.23.1
     namespace: istio-system
     labels:
       stage: istio-infra
 
   - name: istio-ingress
     chart: istio/gateway
-    version: 1.21.2
+    version: 1.23.1
     namespace: istio-system
     labels:
       stage: istio-gateway

config/crd/bases/mlops.cnvrg.io_cnvrgapps.yaml

@@ -267,6 +267,8 @@ spec:
                     type: object
                   smtp:
                     properties:
+                      credentialsSecretRef:
+                        type: string
                       domain:
                         type: string
                       opensslVerifyMode:
@@ -768,6 +770,8 @@ spec:
                         type: string
                       cookieDomain:
                         type: string
+                      credentialsSecretRef:
+                        type: string
                       emailDomain:
                         items:
                           type: string

go.mod

@@ -1,8 +1,6 @@
 module github.com/AccessibleAI/cnvrg-operator
 
-go 1.22.0
-
-toolchain go1.22.2
+go 1.23.0
 
 require (
 	dario.cat/mergo v1.0.0