Florentino Sainz
12/13/2023, 12:12 PMlakefs/templates/fluffy-deployment.yaml: error converting YAML to JSON: yaml: line 85: did not find expected '-' indicator (sadly I can't see the fluffy-deployment.yaml :disappointed: )
Florentino Sainz
12/13/2023, 12:24 PMfluffy:
enabled: {enterprise_enabled}
fullname: {fluffy_fullname}
image:
repository: treeverse/fluffy
tag: '0.2.0'
pullPolicy: IfNotPresent
privateRegistry:
enabled: true
secretName: {unique_service_name}dockercfg
fluffyConfig: |
logging:
format: "json"
level: "INFO"
installation:
fixed_id: fluffy-authenticator
auth:
post_login_redirect_url: /
logout_redirect_url: <https://lakefs.services.x.com/oidc/logout>
oidc:
enabled: true
url: <https://x.okta.com>
client_id: {okta_clientid}
callback_base_url: <https://lakefs.services.x.com>
is_default_login: true
logout_client_id_query_parameter: client_id
logout_endpoint_query_parameters:
- returnTo
- <https://lakefs.services.x.com/oidc/login>
secrets:
create: false
sso:
enabled: true
oidc:
enabled: true
client_secret: dummyValueEnableSecretLogic
rbac:
enabled: true
Isan Rivkin
12/13/2023, 12:57 PM{}
is not common in value files.
I used your config and got an identical error, then I changed the following values and it rendered with no errors.
1. enabled: true
2. secretName: changed-secret
The command I executed to test:
helm template -f values.yaml lakefs lakefs/lakefs > final-dump.yaml
Contents of values.yaml
fluffy:
enabled: true
fullname: {fluffy_fullname}
image:
repository: treeverse/fluffy
tag: '0.2.0'
pullPolicy: IfNotPresent
privateRegistry:
enabled: true
secretName: changed-secret
fluffyConfig: |
logging:
format: "json"
level: "INFO"
installation:
fixed_id: fluffy-authenticator
auth:
post_login_redirect_url: /
logout_redirect_url: <https://lakefs.services.x.com/oidc/logout>
oidc:
enabled: true
url: <https://x.okta.com>
client_id: {okta_clientid}
callback_base_url: <https://lakefs.services.x.com>
is_default_login: true
logout_client_id_query_parameter: client_id
logout_endpoint_query_parameters:
- returnTo
- <https://lakefs.services.x.com/oidc/login>
secrets:
create: false
sso:
enabled: true
oidc:
enabled: true
client_secret: dummyValueEnableSecretLogic
rbac:
enabled: true
Florentino Sainz
12/13/2023, 1:12 PMIsan Rivkin
12/13/2023, 1:14 PMFlorentino Sainz
12/13/2023, 1:18 PMnodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.topologySpreadConstraints }}
topologySpreadConstraints:
{{- toYaml . | nindent 8 }}
{{- end }}
https://github.com/treeverse/charts/blob/master/charts/lakefs/templates/fluffy-deployment.yamlFlorentino Sainz
12/13/2023, 1:19 PMFlorentino Sainz
12/13/2023, 1:20 PMFlorentino Sainz
12/13/2023, 1:21 PMFlorentino Sainz
12/13/2023, 1:22 PMexistingSecret: lakefs-auth-encrypt-secret
fullnameOverride: lakefs
serviceAccount:
create: false
name: "lakefs"
replicaCount: 3
resources:
requests:
cpu: 1800m
memory: 15Gi
committedLocalCacheVolume:
hostPath:
path: /data/
topologySpreadConstraints:
- maxSkew: 1
topologyKey: <http://topology.kubernetes.io/zone|topology.kubernetes.io/zone>
whenUnsatisfiable: DoNotSchedule
labelSelector:
matchLabels:
app: lakefs
matchLabelKeys:
- pod-template-hash
lakefsConfig: |
database:
type: dynamodb
dynamodb:
table_name: ${Token[TOKEN.2193]}
aws_region: eu-west-1
committed:
local_cache:
size_bytes: 10737418240
blockstore:
type: s3
default_namespace_prefix: s3://${Token[TOKEN.1466]}/lakefs/
s3:
region: eu-west-1
disable_pre_signed_ui: true
pre_signed_expiry: 1h
web_identity:
session_duration: 1h
session_expiry_window: 50m
gateways:
s3:
region: eu-west-1
auth:
oidc:
friendly_name_claim_name: name
default_initial_groups: []
ui_config:
login_url: /oidc/login
logout_url: /oidc/logout
login_cookie_names:
- internal_auth_session
- oidc_auth_session
fluffy:
enabled: true
fullname: lakefs-fluffy
image:
repository: treeverse/fluffy
tag: '0.2.0'
pullPolicy: IfNotPresent
privateRegistry:
enabled: true
secretName: lakefsdockercfg
fluffyConfig: |
logging:
format: "json"
level: "INFO"
installation:
fixed_id: fluffy-authenticator
auth:
post_login_redirect_url: /
logout_redirect_url: <https://lakefs.services.whatmocked.com/oidc/logout>
oidc:
enabled: true
url: <https://whatsys.okta.com>
client_id: 0oa1udg0csr840fhc0h8
callback_base_url: <https://lakefs.services.whatmocked.com>
is_default_login: true
logout_client_id_query_parameter: client_id
logout_endpoint_query_parameters:
- returnTo
- <https://lakefs.services.whatmocked.com/oidc/login>
secrets:
create: false
sso:
enabled: true
oidc:
enabled: true
client_secret: dummyValueEnableSecretLogic
rbac:
enabled: true
helm template -f values.yaml lakefs lakefs/lakefs > final-dump.yamlIsan Rivkin
12/13/2023, 1:24 PMFlorentino Sainz
12/13/2023, 1:25 PMFlorentino Sainz
12/13/2023, 1:29 PMIsan Rivkin
12/13/2023, 1:30 PMIsan Rivkin
12/13/2023, 1:33 PM1.0.6
can you please try? πIsan Rivkin
12/13/2023, 1:33 PMhelm repo update
Florentino Sainz
12/13/2023, 1:33 PMIsan Rivkin
12/13/2023, 1:34 PMIsan Rivkin
12/13/2023, 1:34 PMFlorentino Sainz
12/13/2023, 1:39 PMIsan Rivkin
12/13/2023, 1:40 PMFlorentino Sainz
12/13/2023, 1:41 PMFlorentino Sainz
12/13/2023, 1:48 PMFlorentino Sainz
12/13/2023, 1:49 PMIsan Rivkin
12/13/2023, 2:27 PMIsan Rivkin
12/13/2023, 2:36 PM1.0.7
and thank you! πFlorentino Sainz
12/13/2023, 2:53 PMIsan Rivkin
12/13/2023, 2:56 PMIsan Rivkin
12/13/2023, 3:05 PM/_health
you should see alive! <installation id>
Isan Rivkin
12/13/2023, 3:37 PM# Source: lakefs/templates/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: lakefs
labels:
helm.sh/chart: lakefs-1.0.7
app: lakefs
app.kubernetes.io/name: lakefs
app.kubernetes.io/instance: lakefs
app.kubernetes.io/version: "1.3.1"
app.kubernetes.io/managed-by: Helm
annotations:
nginx.ingress.kubernetes.io/configuration-snippet: |
if ($http_x_forwarded_proto = 'http') {
return 301 https://$host$request_uri;
}
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/server-snippet: |
location ~* "^/(metrics|_pprof)" {
deny all;
return 403;
}
spec:
ingressClassName: internal-alb
rules:
- host: "lakefs.services.acme.com"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: lakefs
port:
number: 80
- path: /oidc/
pathType: Prefix
backend:
service:
name: fluffy-sso
port:
number: 80
- path: /api/v1/oidc/
pathType: Prefix
backend:
service:
name: fluffy-sso
port:
number: 80
- path: /saml/
pathType: Prefix
backend:
service:
name: fluffy-sso
port:
number: 80
- path: /sso/
pathType: Prefix
backend:
service:
name: fluffy-sso
port:
number: 80
- path: /api/v1/ldap/
pathType: Prefix
backend:
service:
name: fluffy-sso
port:
number: 80
Isan Rivkin
12/13/2023, 3:43 PMingress:
enabled: true
ingressClassName: alb
annotations:
<http://nginx.ingress.kubernetes.io/configuration-snippet|nginx.ingress.kubernetes.io/configuration-snippet>: |
if ($http_x_forwarded_proto = 'http') {
return 301 https://$host$request_uri;
}
<http://nginx.ingress.kubernetes.io/force-ssl-redirect|nginx.ingress.kubernetes.io/force-ssl-redirect>: "true"
<http://nginx.ingress.kubernetes.io/server-snippet|nginx.ingress.kubernetes.io/server-snippet>: |
location ~* "^/(metrics|_pprof)" {
deny all;
return 403;
}
hosts:
- host: <http://lakefs.services.acme.com|lakefs.services.acme.com>
paths:
- /
Isan Rivkin
12/13/2023, 3:51 PMingress:
enabled: false
annotations: {}
# <http://kubernetes.io/ingress.class|kubernetes.io/ingress.class>: nginx
# <http://kubernetes.io/tls-acme|kubernetes.io/tls-acme>: "true"
ingressClassName: ""
defaultBackend: {}
hosts:
- host: chart-example.local
paths: []
# redirect to a different service based on path prefix for advanced use cases only
# pathsOverrides:
# - path: /auth/login
# serviceName: <lakefs-root>
# servicePort: 80
Isan Rivkin
12/13/2023, 3:54 PMfluffy:
replicaCount: 3