From 79dc35b0ccf952578fafa95276ca6b6555aec31a Mon Sep 17 00:00:00 2001 From: Nir Ozery Date: Mon, 7 Jul 2025 11:57:23 -0400 Subject: [PATCH 1/3] Add license support --- charts/lakefs/Chart.yaml | 2 +- charts/lakefs/templates/_env.tpl | 23 +++++++++++++++++++++++ charts/lakefs/templates/deployment.yaml | 8 ++++++++ charts/lakefs/templates/secret.yaml | 7 +++++++ charts/lakefs/values.yaml | 5 +++++ 5 files changed, 44 insertions(+), 1 deletion(-) diff --git a/charts/lakefs/Chart.yaml b/charts/lakefs/Chart.yaml index b7f21b8..0e3650f 100644 --- a/charts/lakefs/Chart.yaml +++ b/charts/lakefs/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: lakefs description: A Helm chart for running LakeFS on Kubernetes type: application -version: 1.5.0 +version: 1.6.0 appVersion: 1.63.0 home: https://lakefs.io diff --git a/charts/lakefs/templates/_env.tpl b/charts/lakefs/templates/_env.tpl index 6292e78..4662490 100644 --- a/charts/lakefs/templates/_env.tpl +++ b/charts/lakefs/templates/_env.tpl @@ -111,6 +111,12 @@ env: {{- if .Values.extraEnvVars }} {{- toYaml .Values.extraEnvVars | nindent 2 }} {{- end }} + {{- if (.Values.enterprise).enabled }} + {{- if or (and .Values.secrets .Values.secrets.licenseContents) (and .Values.existingSecret .Values.secretKeys.licenseContentsKey) }} + - name: LAKEFS_LICENSE_PATH + value: '/etc/lakefs/license.tkn' + {{- end }} + {{- end }} {{- if .Values.extraEnvVarsSecret }} envFrom: - secretRef: @@ -137,6 +143,23 @@ envFrom: - key: config.yaml path: config.yaml {{- end }} +{{- if (.Values.enterprise).enabled }} +{{- if and .Values.existingSecret .Values.secretKeys.licenseContentsKey }} +- name: secret-volume + secret: + secretName: {{ include "lakefs.fullname" . }} + items: + - key: licenseContentsKey + path: license.tkn +{{- else if and .Values.secrets .Values.secrets.licenseContents }} +- name: secret-volume + secret: + secretName: {{ include "lakefs.fullname" . }} + items: + - key: license_contents + path: license.tkn +{{- end }} +{{- end }} {{- if (((.Values.enterprise).auth).saml).enabled }} - name: secret-volume secret: diff --git a/charts/lakefs/templates/deployment.yaml b/charts/lakefs/templates/deployment.yaml index 5fc0627..f87e310 100644 --- a/charts/lakefs/templates/deployment.yaml +++ b/charts/lakefs/templates/deployment.yaml @@ -103,6 +103,14 @@ spec: readOnly: true mountPath: /etc/saml_certs/ {{- end }} + {{- if (.Values.enterprise).enabled }} + {{- if or (and .Values.secrets .Values.secrets.licenseContents) (and .Values.existingSecret .Values.secretKeys.licenseContentsKey) }} + - name: secret-volume + mountPath: /etc/lakefs/license.tkn + subPath: "license.tkn" + readOnly: true + {{- end }} + {{- end }} {{- include "lakefs.env" . | nindent 10 }} {{- include "lakefs.s3proxyContainer" . | nindent 8}} {{- include "lakefs.gcpProxyContainer" . | nindent 8}} diff --git a/charts/lakefs/templates/secret.yaml b/charts/lakefs/templates/secret.yaml index a7ad0f5..cb9f632 100644 --- a/charts/lakefs/templates/secret.yaml +++ b/charts/lakefs/templates/secret.yaml @@ -13,6 +13,13 @@ data: {{- if (.Values.secrets).authEncryptSecretKey }} auth_encrypt_secret_key: {{ .Values.secrets.authEncryptSecretKey | default "" | b64enc }} {{- end }} + +{{- if (.Values.enterprise).enabled }} +{{- if .Values.secrets.licenseContents }} + license_contents: {{ .Values.secrets.licenseContents | default "" | b64enc }} +{{- end }} +{{- end }} + {{- if (.Values.enterprise).enabled }} {{- if (((.Values.enterprise).auth).ldap).enabled }} {{- if (((.Values.enterprise).auth).ldap).bindPassword }} diff --git a/charts/lakefs/values.yaml b/charts/lakefs/values.yaml index ce71c12..d50195e 100644 --- a/charts/lakefs/values.yaml +++ b/charts/lakefs/values.yaml @@ -121,6 +121,8 @@ secretKeys: authEncryptSecretKey: auth_encrypt_secret_key # Use the following to fetch PostgreSQL connection string from an existing secret: databaseConnectionString: null + # Use to fetch license token from an existing secret: + licenseContentsKey: null # Use the following to fetch LDAP bind password from an existing secret: ldapBindPassword: null # Use the following to fetch OIDC client secret from an existing secret: @@ -150,3 +152,6 @@ enterprise: # certificates for AD FS IDP (e.g Azure AD) samlRsaPublicCert: null samlRsaPrivateKey: null + +secrets: + licenseContents: null From acc1b38d8a116bc3645ebf8ca71670f5c10cf30b Mon Sep 17 00:00:00 2001 From: Nir Ozery Date: Wed, 16 Jul 2025 10:30:47 -0400 Subject: [PATCH 2/3] CR Fixes --- charts/lakefs/templates/_env.tpl | 20 +++++++++----------- charts/lakefs/templates/deployment.yaml | 4 ++-- charts/lakefs/templates/secret.yaml | 3 +-- 3 files changed, 12 insertions(+), 15 deletions(-) diff --git a/charts/lakefs/templates/_env.tpl b/charts/lakefs/templates/_env.tpl index 4662490..e5d9831 100644 --- a/charts/lakefs/templates/_env.tpl +++ b/charts/lakefs/templates/_env.tpl @@ -30,6 +30,10 @@ env: value: asdjfhjaskdhuioaweyuiorasdsjbaskcbkj {{- end }} {{- if (.Values.enterprise).enabled}} + {{- if or (and .Values.secrets .Values.secrets.licenseContents) (and .Values.existingSecret .Values.secretKeys.licenseContentsKey) }} + - name: LAKEFS_LICENSE_PATH + value: '/etc/lakefs/license.tkn' + {{- end }} - name: LAKEFS_USAGE_REPORT_ENABLED value: "true" - name: LAKEFS_FEATURES_LOCAL_RBAC @@ -111,12 +115,6 @@ env: {{- if .Values.extraEnvVars }} {{- toYaml .Values.extraEnvVars | nindent 2 }} {{- end }} - {{- if (.Values.enterprise).enabled }} - {{- if or (and .Values.secrets .Values.secrets.licenseContents) (and .Values.existingSecret .Values.secretKeys.licenseContentsKey) }} - - name: LAKEFS_LICENSE_PATH - value: '/etc/lakefs/license.tkn' - {{- end }} - {{- end }} {{- if .Values.extraEnvVarsSecret }} envFrom: - secretRef: @@ -145,14 +143,14 @@ envFrom: {{- end }} {{- if (.Values.enterprise).enabled }} {{- if and .Values.existingSecret .Values.secretKeys.licenseContentsKey }} -- name: secret-volume +- name: secret-volume-license-token secret: - secretName: {{ include "lakefs.fullname" . }} + secretName: secretName: {{ .Values.existingSecret }} items: - - key: licenseContentsKey + - key: {{ .Values.secretKeys.licenseContentsKey }} path: license.tkn {{- else if and .Values.secrets .Values.secrets.licenseContents }} -- name: secret-volume +- name: secret-volume-license-token secret: secretName: {{ include "lakefs.fullname" . }} items: @@ -161,7 +159,7 @@ envFrom: {{- end }} {{- end }} {{- if (((.Values.enterprise).auth).saml).enabled }} -- name: secret-volume +- name: secret-volume-license-token secret: secretName: saml-certificates {{- end }} diff --git a/charts/lakefs/templates/deployment.yaml b/charts/lakefs/templates/deployment.yaml index f87e310..ab2dd47 100644 --- a/charts/lakefs/templates/deployment.yaml +++ b/charts/lakefs/templates/deployment.yaml @@ -99,13 +99,13 @@ spec: mountPath: "/lakefs/data" {{- end }} {{- if (((.Values.enterprise).auth).saml).enabled }} - - name: secret-volume + - name: secret-volume-license-token readOnly: true mountPath: /etc/saml_certs/ {{- end }} {{- if (.Values.enterprise).enabled }} {{- if or (and .Values.secrets .Values.secrets.licenseContents) (and .Values.existingSecret .Values.secretKeys.licenseContentsKey) }} - - name: secret-volume + - name: secret-volume-license-token mountPath: /etc/lakefs/license.tkn subPath: "license.tkn" readOnly: true diff --git a/charts/lakefs/templates/secret.yaml b/charts/lakefs/templates/secret.yaml index cb9f632..896ce54 100644 --- a/charts/lakefs/templates/secret.yaml +++ b/charts/lakefs/templates/secret.yaml @@ -15,12 +15,11 @@ data: {{- end }} {{- if (.Values.enterprise).enabled }} + {{- if .Values.secrets.licenseContents }} license_contents: {{ .Values.secrets.licenseContents | default "" | b64enc }} {{- end }} -{{- end }} -{{- if (.Values.enterprise).enabled }} {{- if (((.Values.enterprise).auth).ldap).enabled }} {{- if (((.Values.enterprise).auth).ldap).bindPassword }} # LDAP bind password secret, used for LDAP authentication From 061213b7f11fb51a39114ae7a1dfcf59a93dae10 Mon Sep 17 00:00:00 2001 From: Nir Ozery Date: Thu, 17 Jul 2025 09:13:30 -0400 Subject: [PATCH 3/3] CR Fixes --- charts/lakefs/templates/_env.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/lakefs/templates/_env.tpl b/charts/lakefs/templates/_env.tpl index e5d9831..1e01df6 100644 --- a/charts/lakefs/templates/_env.tpl +++ b/charts/lakefs/templates/_env.tpl @@ -145,7 +145,7 @@ envFrom: {{- if and .Values.existingSecret .Values.secretKeys.licenseContentsKey }} - name: secret-volume-license-token secret: - secretName: secretName: {{ .Values.existingSecret }} + secretName: {{ .Values.existingSecret }} items: - key: {{ .Values.secretKeys.licenseContentsKey }} path: license.tkn