feat(kfp-api): add s3-credentials relation to relate with s3-integrator#956
Conversation
Add the `s3` interface (via an `s3-credentials` relation) so kfp-api can use an s3-integrator as an alternative to the in-cluster MinIO (`object-storage`) backend. Exactly one of the two relations may be related at a time; relating both blocks the charm. The s3 endpoint is parsed into the host, port and TLS flag kfp expects, and bucket creation is skipped for s3 (the integrator manages its own buckets). Integration tests are split into object-storage and s3 suites, wired up through a new `integration-s3` tox env and CI matrix entry.
🤖 Backport labels populatedLabels to this pull request were added automatically by the When the PR is merged, backport PRs according to the labels will be automatically created. To skip the backport creation, remove any unneeded labels before merging the PR. |
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> Signed-off-by: Manos Vlassis <57320708+mvlassis@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> Signed-off-by: Manos Vlassis <57320708+mvlassis@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> Signed-off-by: Manos Vlassis <57320708+mvlassis@users.noreply.github.com>
dariofaccin
left a comment
There was a problem hiding this comment.
Left some suggestions and questions.
In the integration tests we are deploying grafana-agent, checking alert rules (test_alert_rules), metrics (test_metrics_endpoint), logging (test_logging) and container security context (test_container_security_context) in both object-storage and s3 scenarios. Does it provide more coverage or is it CI time wasted?
Co-authored-by: Dario Faccin <35623244+dariofaccin@users.noreply.github.com> Signed-off-by: Manos Vlassis <57320708+mvlassis@users.noreply.github.com>
|
We discussed this question by @dariofaccin:
And the decision was to keep these tests, as it is the same pattern we use for the |
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> Signed-off-by: Manos Vlassis <57320708+mvlassis@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> Signed-off-by: Manos Vlassis <57320708+mvlassis@users.noreply.github.com>
Summary
s3-credentialsrelation using thes3interface.RelationCountGatecomponent manuallyOBJECTSTORECONFIG_*)tls-ca-chain, similar to the structure for the S3 manager in object-storage-integratorstest_charm_s3.py, which tests the relation withs3-integrator:s3-credentialstest_charm_object_storage.py, which tests the relation withminio:object-storageminio-operatortos3-integratorinintegration-object-storageRemoval
This PR removes the
minio-serviceservice created by kfp-api. The context is:kfp-launcherconfigMap that can specify the endpoint (among others) instead of using the default hardcoded value2.16.0release #870, we now always set the endpoint inkfp-launcherto override the default value, which has beenhttp://seaweedfs.kubeflow:8333as of Kubeflow pipelines 2.15.0Notes
tox.inichange is identical across the three split PRs (conflict-free); theci.yamlmatrix enablesintegration-s3only for kfp-api here, so merging the companion PRs will require a small exclude-list merge.mariadband replaced them withmysql-k8s:)Closes #964