Last active
October 17, 2024 13:09
-
-
Save ruivieira/604cd51d6facc1a7f8ca5161cbea9799 to your computer and use it in GitHub Desktop.
MariaDB / TrustyAI service with TLS
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: datasciencecluster.opendatahub.io/v1 | |
| kind: DataScienceCluster | |
| metadata: | |
| name: default-dsc | |
| labels: | |
| app.kubernetes.io/created-by: opendatahub-operator | |
| app.kubernetes.io/instance: default | |
| app.kubernetes.io/managed-by: kustomize | |
| app.kubernetes.io/name: datasciencecluster | |
| app.kubernetes.io/part-of: opendatahub-operator | |
| spec: | |
| components: | |
| codeflare: | |
| managementState: Removed | |
| kserve: | |
| serving: | |
| ingressGateway: | |
| certificate: | |
| type: OpenshiftDefaultIngress | |
| managementState: Managed | |
| name: knative-serving | |
| managementState: Removed | |
| defaultDeploymentMode: Serverless | |
| modelregistry: | |
| registriesNamespace: odh-model-registries | |
| managementState: Removed | |
| trustyai: | |
| devFlags: | |
| manifests: | |
| - contextDir: config | |
| sourcePath: "" | |
| uri: "" # Add branch to test here | |
| managementState: Managed | |
| ray: | |
| managementState: Removed | |
| kueue: | |
| managementState: Removed | |
| workbenches: | |
| managementState: Removed | |
| dashboard: | |
| managementState: Managed | |
| modelmeshserving: | |
| managementState: Managed | |
| datasciencepipelines: | |
| managementState: Removed | |
| trainingoperator: | |
| managementState: Removed |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # To deploy on the `test` namespace | |
| apiVersion: v1 | |
| kind: Secret | |
| metadata: | |
| name: tls | |
| namespace: test | |
| type: kubernetes.io/tls | |
| data: | |
| tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURERENDQWZTZ0F3SUJBZ0lVVUpIU2NEOW9YUzlKeGZVelppM0N1SmcyZEYwd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0ZqRVVNQklHQTFVRUF3d0xUWGxOWVhKcFlVUkNRMEV3SGhjTk1qUXhNREUzTVRJMU5qTXdXaGNOTWpVeApNREUzTVRJMU5qTXdXakFTTVJBd0RnWURWUVFEREFkdFlYSnBZV1JpTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGCkFBT0NBUThBTUlJQkNnS0NBUUVBcklnYldqM3lDcUxUSE1TSFpvMEdDMmxUc1RheWJwd0ZLUGVablpMSW80NEcKQy83aWlUY2tpbHpRYkdsZEF4dVArSDdZaXlqVWt3Y2oxd2tZSGxYbGZVV2sxWVFiaDM5cGE0RDRjemNmTEFGbQpLbldZTkRLWU1ZckdaWU1zditFMVpURWpHUDVSc3h2eEk3YjRFUUFXNnFQcU9ESGplWkE5czhhRnVtdmVrbDJYCmU3R21DYy9WWFZDK3VMZFJjdnVqYlJNamxhVm1KaWFBcm1oYm5OTWVhbFYyTmY0UXprZlRWRTNGOGhXK2FoMFoKeXNQRkN6MWttZDB4WlZGTUlSNWJGZ1pQUGpmcEo5aFZwT1N2MzMwb0FtU1NiTlpqZkhrMjlIZERNOUZQWStHNQo2bGdSZHU1b1VxakhITUU1SWo3RXZjTG5XUGpWeURSMGZkaDhMM2ozcXdJREFRQUJvMVl3VkRBU0JnTlZIUkVFCkN6QUpnZ2R0WVhKcFlXUmlNQjBHQTFVZERnUVdCQlNjYUQ4SHAwVXM2cjFCTXltd3ZvUnoyRkgrTWpBZkJnTlYKSFNNRUdEQVdnQlJQeGpKN0hNd0owRDNZK0NDTWM1SFdsUUdPWWpBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQQpYTEp0QU9XOFpqcTJJZEtwY2xydlBhc3l4NUlTOHhnTWovUGtRYWc5Ylp5SHp4b0JVNVF5SjZVckk5VUI0Tm4yClhVd1NDYnp0NnkyQWY3VEtFaXhtdjJlalhqbWZUYTFFbG5mam5VWExIUm9oUHR2RGRNMUFZMk9ETzl3Rkk1elkKUUtTb3dEUmZ3ZXRzNTgzQlVxejJkWmxDRW80amVhR3V6Z3Z5K2ZySXhMZGdYdFM2MzRUMDB4N2VSQzlkWGdDTwpucG9PYVZJVVNsYWdXTExBU1ljOTE1OS9JbGxnZTRLU1h3SmVvL3FxZ08vampUWVpPRW5sbUhWeDBaRUd4TGt4CnY5eSt5U2V6UmtJM1llZWhIQklNaUdHa1pZelRXWDdNQWRRQmVBVG0zRXBWamdqelZWWFRZeEJLTWM2bHJxTTIKZEtGTkgycm5NZklHam9uS1g4UmxoZz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K | |
| tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQ3NpQnRhUGZJS290TWMKeElkbWpRWUxhVk94TnJKdW5BVW85NW1ka3NpampnWUwvdUtKTnlTS1hOQnNhVjBERzQvNGZ0aUxLTlNUQnlQWApDUmdlVmVWOVJhVFZoQnVIZjJscmdQaHpOeDhzQVdZcWRaZzBNcGd4aXNabGd5eS80VFZsTVNNWS9sR3pHL0VqCnR2Z1JBQmJxbytvNE1lTjVrRDJ6eG9XNmE5NlNYWmQ3c2FZSno5VmRVTDY0dDFGeSs2TnRFeU9WcFdZbUpvQ3UKYUZ1YzB4NXFWWFkxL2hET1I5TlVUY1h5RmI1cUhSbkt3OFVMUFdTWjNURmxVVXdoSGxzV0JrOCtOK2tuMkZXawo1Sy9mZlNnQ1pKSnMxbU44ZVRiMGQwTXowVTlqNGJucVdCRjI3bWhTcU1jY3dUa2lQc1M5d3VkWStOWElOSFI5CjJId3ZlUGVyQWdNQkFBRUNnZ0VBQmlMMUxobUQ4V0xuTlYrOEhTYW83MkQ0ckJYdzlNUXgzc29udVpZTjh0dEwKVmNQa0ZOTlVSbU9VdWpacEs0SWdkY3MxTW9YcVFheUFWdGFvOS9OQUxWdDd5R2hoZmtsRzI1OER0ejFmcTNZRgpSejlWZ1kzSElnUDRtSVc0NHI1RTR1dURmeEVVb05VK2wzR2JreWM0cVhIWkU5U2FiYWwydUYwNFJuQXR3M0RuCnhaSGZaVStsVTVVUkZIbEk5SExYWTUxSDA3NzdmNGd0L0doVlNDUW9uNmJOMm9zSk5SWGZHNG55UFJJZzlJd1UKM21wYnlEMytmMEt0ckh1MDFrM25MYTZuem4yZXF4YTdsY2E1TDBoMUdBSksxKzV3a092ekdwWjY5SkhwTEMySApDQjVaOFEvZ2tLYnFkaW5hZGczSWFZeWRmM0pqazBJc2FNelVSbEJCQVFLQmdRRGd1M2YyR2JuR0F4eFJpY2pCCkpwY2xmbVNxalR3QVFEbWJOcXRiMUhBMmhnN0dNRmtUdnZ6a1RoWGoxWXpLUG1IZlgvMVU0cnpaLzFzTUF2b1IKVXRWSXlqYi84M2xyc25tMURCdkk3TUNWYm00dHBZZ2JmN2JLbnZ0TDhmZVhDNXYvbEx6cnpvdGg0R3NJZFFyawpjbUd0a1h6cHhqTHZyUTBPNU9sWG92VGpnUUtCZ1FERWlWb3k4QlRrUnJrRmN6UFF5MThnM0h5c2laWDF0aFBUCnVMZ1hWOFNzMDhGcVd2MXNvTER3YUN6czMxS1doc1dCaDAzd2VnUWpxNThsbGdheGhrVDBlREp0WGlMYUVudmcKV1VYR3hONlRvQUF2S09pSGlTcjVFY1M0Tm5HR2VaVC9jK0FjS3VDMGRaZkp2UmZsVmVRUmJQVHZaakpuRkFyOQpLRmFXd0JOQkt3S0JnR2c3NjNjVkZZcFhGUUpvc3RtTGlaMVZVMkdib2xISGVEQ2FtYjQ4K1ZNQXVNZUowemNLClpZZUxCRElwY1dTNHJIS0x0aGR5RnYvUnBhd2JrVnNKblcxbWhUNFA4cWhXSG9jdnQ0OW82Q1luRXlsTzFxTlMKaURqUXBtUGlOZUV6L0VYOStlWXhaWXFmS1dYQnk2eUx0T3hwUjVPeVh4dTFteEhtY0tnNkovV0JBb0dBWFp3SwpRVDdHeEovRzJvaXZnbUNMYzh4dytZRWkwd0NoV3ZPZGcwakRuWW5Ta3dTNXRqYW5jQ28rVTZoZTN1RmNTMENWCjU5ZEdCM05qL3ZRQlJpYnN5d0JCRElTTTF3OTh2elBtSHpGL3poS2tZOUg1UnkwWE1jQzcwUDNsZnFhRVNGUDUKeDVESXJFdGlPNjE4SnppTXc1d0E0ZEhzYWRwTERaOWI5cnVQc0RjQ2dZRUEyWDVZQjVxYVZhaEc4c0duUnpQSwo4TXducWlTdys4Vy9QNi90V3QwalRhWG1ySzFweE11bnBIN1BaZi85VHZSWkplYjFRcXVEQ24vVjN0TW42SUdkCnNkU2dqNk1OTEFmZ2oyS0E0Uy8yS1AxTHdJVEp6WWlCamU1MndybmFBYlEvUmFMOUZ4ZU80bWwzbXR2eEpaY1YKM3J3S2ViclhnWUFGVWovRTl0ajI0Zmc9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K | |
| ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUREVENDQWZXZ0F3SUJBZ0lVTmFUSHhhaWk1SlFVcE8zTHdobEl1dVRWR1lrd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0ZqRVVNQklHQTFVRUF3d0xUWGxOWVhKcFlVUkNRMEV3SGhjTk1qUXhNREUzTVRJMU5qTXdXaGNOTWpVeApNREUzTVRJMU5qTXdXakFXTVJRd0VnWURWUVFEREF0TmVVMWhjbWxoUkVKRFFUQ0NBU0l3RFFZSktvWklodmNOCkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFKV2dwaXhmcWU2NHdMRyswNDBSNVpxM0ZNd1l3OVExL2ZvMXl6bm4KK0E2d1V2SFlESnB3ZkVUSm9KcEw0ODhVeFNOc0JyN1NpbmxtM0o4cTBKSWg3QXppVHVJM01PaEZzYml2aUo2MApEcFFROXV5c01lazI5QURMNjYySlp5c0k4c1U5REViclprcVo4UFQrcDlldWttU2paV1ZiZEtGaHUzdUI3SVdJCnBac2o4bmxqV2VhckJqZGtpdStGWDRtZWpTUkVPT2ZDUDgwMjZWcGVMYldtc2k1ZHhtYmxCZTBkOS9mc1FEMFQKWE84bUtvMmo4YUZsT1pFTnFhcUdMekoycjdlc3o5TEtvMWJnVnVMZjJCSklsWlpoeVNnS3Z5K2huMDFvbDY0QwpKYVBxQTF4R1h5d3RPYThGTFNGek9taC9CUDVBZW1kYm9sZ0NnbFlLcGxYYitrRUNBd0VBQWFOVE1GRXdIUVlEClZSME9CQllFRkUvR01uc2N6QW5RUGRqNElJeHprZGFWQVk1aU1COEdBMVVkSXdRWU1CYUFGRS9HTW5zY3pBblEKUGRqNElJeHprZGFWQVk1aU1BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQgpBQVJjZEkzZHk5K1N1VDIxRTNneURYZTdjVUVSeGZyd3BSL0I4cFhCeWlPZ3U5Wk8rK3M4NVVOWlZuM3RvVFZUCmszS0xWL2VmalN1QjQ3QncrRHJwUWJCVUxYK1FKUkEvTVJDYkIrMWRmSXFSMzcwczN2UzFvUldxRkQzL0pYU2cKcDRLUXI4ZEtXOWxFaUF2VlNrbjFOSURGWG45OEVxK3AyWDBxbTE1VHBTaUgxTXU2S21VajZEUEJXbzdmNnBRTgp4WjR2MjljTExlMzJQRzY1Vm11ell3THR4RWRHbEl6aUI2K2d1QmpUNGgzRHp4VCthOVZOL2YrT0JkcG9Vbyt2CjRBRlUwendMM2s3YnJoNGJhb1F4MlZEMTlUZ0p4WTBVUGtGUUJ0YXI0WkZnMlBPbTdCWFBodWFicUhTcVlncmEKdytIUE5oR2ZNWGVXTnVtZ1ZHdVhDcEk9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # To deploy on the `test` namespace | |
| apiVersion: v1 | |
| kind: Secret | |
| metadata: | |
| name: db-credentials | |
| type: Opaque | |
| stringData: | |
| databaseKind: mariadb | |
| databaseUsername: trustyaiUsername | |
| databasePassword: trustyaiPassword | |
| databaseService: mariadb | |
| databasePort: '3306' | |
| databaseName: trustyai_db | |
| databaseGeneration: update |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # To deploy on the `test` namespace | |
| kind: MariaDB | |
| apiVersion: k8s.mariadb.com/v1alpha1 | |
| metadata: | |
| name: mariadb | |
| spec: | |
| connection: | |
| secretName: mariadb-conn | |
| secretTemplate: | |
| key: dsn | |
| database: trustyai_db | |
| galera: | |
| enabled: true | |
| metrics: | |
| enabled: true | |
| passwordSecretKeyRef: | |
| generate: true | |
| key: password | |
| name: mariadb-metrics | |
| myCnf: | | |
| [mariadb] | |
| bind-address=* | |
| default_storage_engine=InnoDB | |
| binlog_format=row | |
| innodb_autoinc_lock_mode=2 | |
| innodb_buffer_pool_size=1024M | |
| max_allowed_packet=256M | |
| # TLS Configuration | |
| ssl_cert = /certs/tls.crt | |
| ssl_key = /certs/tls.key | |
| ssl_ca = /certs/ca.crt | |
| passwordSecretKeyRef: | |
| generate: false | |
| key: databasePassword | |
| name: db-credentials | |
| primaryConnection: | |
| secretName: mariadb-conn-primary | |
| secretTemplate: | |
| key: dsn | |
| primaryService: | |
| type: ClusterIP | |
| replicas: 3 | |
| rootPasswordSecretKeyRef: | |
| generate: true | |
| key: password | |
| name: mariadb-root | |
| secondaryConnection: | |
| secretName: mariadb-conn-secondary | |
| secretTemplate: | |
| key: dsn | |
| secondaryService: | |
| type: ClusterIP | |
| service: | |
| type: ClusterIP | |
| storage: | |
| size: 1Gi | |
| updateStrategy: | |
| type: ReplicasFirstPrimaryLast | |
| username: trustyaiUsername | |
| volumes: | |
| - name: tls | |
| secret: | |
| secretName: tls | |
| # Define the volume mounts | |
| volumeMounts: | |
| - name: tls | |
| mountPath: /certs |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # To deploy on the `test` namespace | |
| apiVersion: v1 | |
| kind: Secret | |
| metadata: | |
| name: trustyai-service-db-ca | |
| namespace: test | |
| data: | |
| ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUREVENDQWZXZ0F3SUJBZ0lVTmFUSHhhaWk1SlFVcE8zTHdobEl1dVRWR1lrd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0ZqRVVNQklHQTFVRUF3d0xUWGxOWVhKcFlVUkNRMEV3SGhjTk1qUXhNREUzTVRJMU5qTXdXaGNOTWpVeApNREUzTVRJMU5qTXdXakFXTVJRd0VnWURWUVFEREF0TmVVMWhjbWxoUkVKRFFUQ0NBU0l3RFFZSktvWklodmNOCkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFKV2dwaXhmcWU2NHdMRyswNDBSNVpxM0ZNd1l3OVExL2ZvMXl6bm4KK0E2d1V2SFlESnB3ZkVUSm9KcEw0ODhVeFNOc0JyN1NpbmxtM0o4cTBKSWg3QXppVHVJM01PaEZzYml2aUo2MApEcFFROXV5c01lazI5QURMNjYySlp5c0k4c1U5REViclprcVo4UFQrcDlldWttU2paV1ZiZEtGaHUzdUI3SVdJCnBac2o4bmxqV2VhckJqZGtpdStGWDRtZWpTUkVPT2ZDUDgwMjZWcGVMYldtc2k1ZHhtYmxCZTBkOS9mc1FEMFQKWE84bUtvMmo4YUZsT1pFTnFhcUdMekoycjdlc3o5TEtvMWJnVnVMZjJCSklsWlpoeVNnS3Z5K2huMDFvbDY0QwpKYVBxQTF4R1h5d3RPYThGTFNGek9taC9CUDVBZW1kYm9sZ0NnbFlLcGxYYitrRUNBd0VBQWFOVE1GRXdIUVlEClZSME9CQllFRkUvR01uc2N6QW5RUGRqNElJeHprZGFWQVk1aU1COEdBMVVkSXdRWU1CYUFGRS9HTW5zY3pBblEKUGRqNElJeHprZGFWQVk1aU1BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQgpBQVJjZEkzZHk5K1N1VDIxRTNneURYZTdjVUVSeGZyd3BSL0I4cFhCeWlPZ3U5Wk8rK3M4NVVOWlZuM3RvVFZUCmszS0xWL2VmalN1QjQ3QncrRHJwUWJCVUxYK1FKUkEvTVJDYkIrMWRmSXFSMzcwczN2UzFvUldxRkQzL0pYU2cKcDRLUXI4ZEtXOWxFaUF2VlNrbjFOSURGWG45OEVxK3AyWDBxbTE1VHBTaUgxTXU2S21VajZEUEJXbzdmNnBRTgp4WjR2MjljTExlMzJQRzY1Vm11ell3THR4RWRHbEl6aUI2K2d1QmpUNGgzRHp4VCthOVZOL2YrT0JkcG9Vbyt2CjRBRlUwendMM2s3YnJoNGJhb1F4MlZEMTlUZ0p4WTBVUGtGUUJ0YXI0WkZnMlBPbTdCWFBodWFicUhTcVlncmEKdytIUE5oR2ZNWGVXTnVtZ1ZHdVhDcEk9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # To deploy on the test namespace | |
| apiVersion: trustyai.opendatahub.io/v1alpha1 | |
| kind: TrustyAIService | |
| metadata: | |
| name: trustyai-service | |
| namespace: test | |
| spec: | |
| metrics: | |
| schedule: 5s | |
| storage: | |
| databaseConfigurations: db-credentials | |
| format: DATABASE | |
| size: 1Gi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment