From 7249b3ef780536bc31ec90c40e6b091813161cd7 Mon Sep 17 00:00:00 2001 From: Junhao Liao Date: Wed, 1 Apr 2026 18:38:11 -0400 Subject: [PATCH 1/7] feat(helm)!: Replace `hostPath`-based `aws_config_directory` with chart-managed Secret (resolves #2162). --- tools/deployment/package-helm/templates/_helpers.tpl | 9 ++++----- .../templates/compression-scheduler-deployment.yaml | 4 ++-- .../templates/compression-worker-deployment.yaml | 4 ++-- tools/deployment/package-helm/templates/configmap.yaml | 4 ++-- .../templates/garbage-collector-deployment.yaml | 4 ++-- .../package-helm/templates/query-worker-deployment.yaml | 4 ++-- .../package-helm/templates/webui-deployment.yaml | 4 ++-- tools/deployment/package-helm/values.yaml | 9 +++++++-- 8 files changed, 23 insertions(+), 19 deletions(-) diff --git a/tools/deployment/package-helm/templates/_helpers.tpl b/tools/deployment/package-helm/templates/_helpers.tpl index db2d5a80d9..2f471e8ba9 100644 --- a/tools/deployment/package-helm/templates/_helpers.tpl +++ b/tools/deployment/package-helm/templates/_helpers.tpl @@ -353,21 +353,20 @@ Creates a volumeMount for the AWS config directory. */}} {{- define "clp.awsConfigVolumeMount" -}} name: "aws-config" -mountPath: {{ .Values.clpConfig.aws_config_directory | quote }} +mountPath: "/opt/clp/.aws" readOnly: true {{- end }} {{/* -Creates a volume for the AWS config directory. +Creates a volume for the AWS config directory backed by the chart-managed Secret. @param {object} . Root template context @return {string} YAML-formatted volume definition */}} {{- define "clp.awsConfigVolume" -}} name: "aws-config" -hostPath: - path: {{ .Values.clpConfig.aws_config_directory | quote }} - type: "Directory" +secret: + secretName: {{ include "clp.fullname" . }}-aws-config {{- end }} {{/* diff --git a/tools/deployment/package-helm/templates/compression-scheduler-deployment.yaml b/tools/deployment/package-helm/templates/compression-scheduler-deployment.yaml index c77cb5e121..bdd08e7061 100644 --- a/tools/deployment/package-helm/templates/compression-scheduler-deployment.yaml +++ b/tools/deployment/package-helm/templates/compression-scheduler-deployment.yaml @@ -73,7 +73,7 @@ spec: mountPath: "/etc/clp-config.yaml" subPath: "clp-config.yaml" readOnly: true - {{- if .Values.clpConfig.aws_config_directory }} + {{- if .Values.clpConfig.aws_config }} - {{- include "clp.awsConfigVolumeMount" . | nindent 14 }} {{- end }} {{- if eq .Values.clpConfig.logs_input.type "fs" }} @@ -93,7 +93,7 @@ spec: - name: "config" configMap: name: {{ include "clp.fullname" . }}-config - {{- if .Values.clpConfig.aws_config_directory }} + {{- if .Values.clpConfig.aws_config }} - {{- include "clp.awsConfigVolume" . | nindent 10 }} {{- end }} {{- if eq .Values.clpConfig.logs_input.type "fs" }} diff --git a/tools/deployment/package-helm/templates/compression-worker-deployment.yaml b/tools/deployment/package-helm/templates/compression-worker-deployment.yaml index fe57ddc4c1..d1094f1c4c 100644 --- a/tools/deployment/package-helm/templates/compression-worker-deployment.yaml +++ b/tools/deployment/package-helm/templates/compression-worker-deployment.yaml @@ -73,7 +73,7 @@ spec: ) | quote }} mountPath: "/var/data/staged-archives" {{- end }} - {{- if .Values.clpConfig.aws_config_directory }} + {{- if .Values.clpConfig.aws_config }} - {{- include "clp.awsConfigVolumeMount" . | nindent 14 }} {{- end }} {{- if eq .Values.clpConfig.logs_input.type "fs" }} @@ -116,7 +116,7 @@ spec: ) | quote }} emptyDir: {} {{- end }} - {{- if .Values.clpConfig.aws_config_directory }} + {{- if .Values.clpConfig.aws_config }} - {{- include "clp.awsConfigVolume" . | nindent 10 }} {{- end }} {{- if eq .Values.clpConfig.logs_input.type "fs" }} diff --git a/tools/deployment/package-helm/templates/configmap.yaml b/tools/deployment/package-helm/templates/configmap.yaml index 700b23f7a1..5d0e3a8a1c 100644 --- a/tools/deployment/package-helm/templates/configmap.yaml +++ b/tools/deployment/package-helm/templates/configmap.yaml @@ -204,8 +204,8 @@ data: target_uncompressed_size: {{ .target_uncompressed_size | int }} {{- end }}{{/* with .Values.clpConfig.stream_output */}} tmp_directory: "/var/tmp" - {{- if .Values.clpConfig.aws_config_directory }} - aws_config_directory: {{ .Values.clpConfig.aws_config_directory | quote }} + {{- if .Values.clpConfig.aws_config }} + aws_config_directory: "/opt/clp/.aws" {{- end }} webui: host: "localhost" diff --git a/tools/deployment/package-helm/templates/garbage-collector-deployment.yaml b/tools/deployment/package-helm/templates/garbage-collector-deployment.yaml index 1b202b154a..5b76697adb 100644 --- a/tools/deployment/package-helm/templates/garbage-collector-deployment.yaml +++ b/tools/deployment/package-helm/templates/garbage-collector-deployment.yaml @@ -71,7 +71,7 @@ spec: ) | quote }} mountPath: "/var/data/archives" {{- end }} - {{- if .Values.clpConfig.aws_config_directory }} + {{- if .Values.clpConfig.aws_config }} - {{- include "clp.awsConfigVolumeMount" . | nindent 14 }} {{- end }} {{- if eq .Values.clpConfig.stream_output.storage.type "fs" }} @@ -102,7 +102,7 @@ spec: "name" "archives" ) | nindent 10 }} {{- end }} - {{- if .Values.clpConfig.aws_config_directory }} + {{- if .Values.clpConfig.aws_config }} - {{- include "clp.awsConfigVolume" . | nindent 10 }} {{- end }} {{- if eq .Values.clpConfig.stream_output.storage.type "fs" }} diff --git a/tools/deployment/package-helm/templates/query-worker-deployment.yaml b/tools/deployment/package-helm/templates/query-worker-deployment.yaml index 6e6a67b1f7..7c8c59f36f 100644 --- a/tools/deployment/package-helm/templates/query-worker-deployment.yaml +++ b/tools/deployment/package-helm/templates/query-worker-deployment.yaml @@ -63,7 +63,7 @@ spec: ) | quote }} mountPath: "/var/data/archives" {{- end }} - {{- if .Values.clpConfig.aws_config_directory }} + {{- if .Values.clpConfig.aws_config }} - {{- include "clp.awsConfigVolumeMount" . | nindent 14 }} {{- end }} {{- if eq .Values.clpConfig.stream_output.storage.type "fs" }} @@ -105,7 +105,7 @@ spec: "name" "archives" ) | nindent 10 }} {{- end }} - {{- if .Values.clpConfig.aws_config_directory }} + {{- if .Values.clpConfig.aws_config }} - {{- include "clp.awsConfigVolume" . | nindent 10 }} {{- end }} {{- if eq .Values.clpConfig.stream_output.storage.type "fs" }} diff --git a/tools/deployment/package-helm/templates/webui-deployment.yaml b/tools/deployment/package-helm/templates/webui-deployment.yaml index a1c596c4ba..2d8023d072 100644 --- a/tools/deployment/package-helm/templates/webui-deployment.yaml +++ b/tools/deployment/package-helm/templates/webui-deployment.yaml @@ -76,7 +76,7 @@ spec: mountPath: "/opt/clp/var/www/webui/server/dist/settings.json" subPath: "webui-server-settings.json" readOnly: true - {{- if .Values.clpConfig.aws_config_directory }} + {{- if .Values.clpConfig.aws_config }} - {{- include "clp.awsConfigVolumeMount" . | nindent 14 }} {{- end }} {{- if eq .Values.clpConfig.logs_input.type "fs" }} @@ -107,7 +107,7 @@ spec: - name: "server-settings" configMap: name: {{ include "clp.fullname" . }}-config - {{- if .Values.clpConfig.aws_config_directory }} + {{- if .Values.clpConfig.aws_config }} - {{- include "clp.awsConfigVolume" . | nindent 10 }} {{- end }} {{- if eq .Values.clpConfig.logs_input.type "fs" }} diff --git a/tools/deployment/package-helm/values.yaml b/tools/deployment/package-helm/values.yaml index dea8b79462..040cfaf7d8 100644 --- a/tools/deployment/package-helm/values.yaml +++ b/tools/deployment/package-helm/values.yaml @@ -256,8 +256,13 @@ clpConfig: archive: 60 search_result: 30 - # Location of the AWS tools' config files (e.g., `~/.aws`). Set to null to disable. - aws_config_directory: null + # AWS config content (e.g., `~/.aws/config`). Provide file contents via `--set-file` to create a + # chart-managed Secret that is mounted into pods. Set to null to disable. + # Usage: + # helm install \ + # --set-file clpConfig.aws_config.credentials=$HOME/.aws/credentials \ + # --set-file clpConfig.aws_config.config=$HOME/.aws/config + aws_config: null credentials: database: From de74347a1779d9dd5f85e4885fcd0cf8dbeec5da Mon Sep 17 00:00:00 2001 From: Junhao Liao Date: Wed, 1 Apr 2026 18:39:17 -0400 Subject: [PATCH 2/7] chore(helm): Bump chart version to 0.3.0-dev.1 and app version to 0.11.1-dev --- tools/deployment/package-helm/Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/deployment/package-helm/Chart.yaml b/tools/deployment/package-helm/Chart.yaml index 22a3d1afab..8226a91bcc 100644 --- a/tools/deployment/package-helm/Chart.yaml +++ b/tools/deployment/package-helm/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: "v2" name: "clp" -version: "0.2.1-dev.5" +version: "0.3.0-dev.1" description: "A Helm chart for CLP's (Compressed Log Processor) package deployment" type: "application" -appVersion: "0.10.1-dev" +appVersion: "0.11.1-dev" home: "https://github.com/y-scope/clp" icon: "https://github.com/y-scope/clp/raw/main/docs/src/clp-logo.png" sources: ["https://github.com/y-scope/clp"] From 48424d47ee9a3cec2abc3f7ff520b74ba674aa18 Mon Sep 17 00:00:00 2001 From: Junhao Liao Date: Wed, 1 Apr 2026 18:51:37 -0400 Subject: [PATCH 3/7] add missing template --- .../package-helm/templates/aws-config-secret.yaml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 tools/deployment/package-helm/templates/aws-config-secret.yaml diff --git a/tools/deployment/package-helm/templates/aws-config-secret.yaml b/tools/deployment/package-helm/templates/aws-config-secret.yaml new file mode 100644 index 0000000000..92f9280848 --- /dev/null +++ b/tools/deployment/package-helm/templates/aws-config-secret.yaml @@ -0,0 +1,15 @@ +{{- if .Values.clpConfig.aws_config }} +apiVersion: "v1" +kind: "Secret" +metadata: + name: {{ include "clp.fullname" . }}-aws-config + labels: + {{- include "clp.labels" . | nindent 4 }} +stringData: + {{- with .Values.clpConfig.aws_config.credentials }} + credentials: {{ . | quote }} + {{- end }} + {{- with .Values.clpConfig.aws_config.config }} + config: {{ . | quote }} + {{- end }} +{{- end }} From edb90fcc232ad5fb620ae6410543e8893e34fc4f Mon Sep 17 00:00:00 2001 From: Junhao Liao Date: Mon, 4 May 2026 15:48:57 -0400 Subject: [PATCH 4/7] refactor(helm): Extract aws_config mount path into a shared helper template; update docs - Add `clp.awsConfigMountPath` helper to define the AWS config mount path in a single place, eliminating the need for sync comments between _helpers.tpl and configmap.yaml. - Update `clp.awsConfigVolumeMount` and configmap.yaml to use the new helper instead of a hardcoded string. - Add a note in clp-config.md that Helm users should provide AWS config via --set-file rather than setting aws_config_directory manually. --- .../guides-using-object-storage/aws-s3/clp-config.md | 5 +++++ tools/deployment/package-helm/templates/_helpers.tpl | 9 ++++++++- tools/deployment/package-helm/templates/configmap.yaml | 2 +- 3 files changed, 14 insertions(+), 2 deletions(-) diff --git a/docs/src/user-docs/guides-using-object-storage/aws-s3/clp-config.md b/docs/src/user-docs/guides-using-object-storage/aws-s3/clp-config.md index b9da0a252a..4b7bd7f560 100644 --- a/docs/src/user-docs/guides-using-object-storage/aws-s3/clp-config.md +++ b/docs/src/user-docs/guides-using-object-storage/aws-s3/clp-config.md @@ -160,6 +160,11 @@ If profiles are not used for AWS authentication, `aws_config_directory` should b to `null`. ::: +:::{note} +For Helm deployments, users should provide AWS config file contents via `--set-file` rather than +setting `aws_config_directory` manually. See the Helm chart's `values.yaml` for details. +::: + ### env_vars Settings for this type are shown below. diff --git a/tools/deployment/package-helm/templates/_helpers.tpl b/tools/deployment/package-helm/templates/_helpers.tpl index 9f437de2f0..5af46f3cfc 100644 --- a/tools/deployment/package-helm/templates/_helpers.tpl +++ b/tools/deployment/package-helm/templates/_helpers.tpl @@ -345,6 +345,13 @@ hostPath: type: "Directory" {{- end }} +{{/* +The mount path for the AWS config directory inside containers. + +@return {string} Path string +*/}} +{{- define "clp.awsConfigMountPath" -}}/opt/clp/.aws{{- end }} + {{/* Creates a volumeMount for the AWS config directory. @@ -353,7 +360,7 @@ Creates a volumeMount for the AWS config directory. */}} {{- define "clp.awsConfigVolumeMount" -}} name: "aws-config" -mountPath: "/opt/clp/.aws" +mountPath: {{ include "clp.awsConfigMountPath" . | quote }} readOnly: true {{- end }} diff --git a/tools/deployment/package-helm/templates/configmap.yaml b/tools/deployment/package-helm/templates/configmap.yaml index 91b2acbb46..ff147f7d55 100644 --- a/tools/deployment/package-helm/templates/configmap.yaml +++ b/tools/deployment/package-helm/templates/configmap.yaml @@ -206,7 +206,7 @@ data: {{- end }}{{/* with .Values.clpConfig.stream_output */}} tmp_directory: "/var/tmp" {{- if .Values.clpConfig.aws_config }} - aws_config_directory: "/opt/clp/.aws" + aws_config_directory: {{ include "clp.awsConfigMountPath" . | quote }} {{- end }} webui: host: "localhost" From 48d0ce43a7d758a3bf974ba272b5f82426378329 Mon Sep 17 00:00:00 2001 From: Junhao Liao Date: Mon, 4 May 2026 16:11:32 -0400 Subject: [PATCH 5/7] docs(aws-s3): Use tab-set for aws_config_directory instructions in profile section Replace the Helm deployment note with a Docker Compose / Kubernetes (Helm) tab-set, matching the pattern used in clp-json.md. This gives each deployment method its own clear instructions instead of burying Helm details in a note. --- .../aws-s3/clp-config.md | 30 +++++++++++++++---- 1 file changed, 24 insertions(+), 6 deletions(-) diff --git a/docs/src/user-docs/guides-using-object-storage/aws-s3/clp-config.md b/docs/src/user-docs/guides-using-object-storage/aws-s3/clp-config.md index 4b7bd7f560..2eeeb0c1de 100644 --- a/docs/src/user-docs/guides-using-object-storage/aws-s3/clp-config.md +++ b/docs/src/user-docs/guides-using-object-storage/aws-s3/clp-config.md @@ -149,20 +149,38 @@ aws_authentication: `` should be the name of an existing [AWS CLI profile](index.md#named-profiles). In addition, the *top-level* config `aws_config_directory` must be set to the directory containing -the profile configurations (typically `~/.aws`): +the profile configurations: + +::::{tab-set} +:::{tab-item} Docker Compose +:sync: docker + +Typically `~/.aws`: ```yaml aws_config_directory: "" ``` -:::{note} -If profiles are not used for AWS authentication, `aws_config_directory` should be commented or set -to `null`. ::: +:::{tab-item} Kubernetes (Helm) +:sync: kind + +`aws_config_directory` is set automatically by the chart. Provide your AWS config file contents via +`--set-file`: + +```bash +helm install \ + --set-file clpConfig.aws_config.credentials=$HOME/.aws/credentials \ + --set-file clpConfig.aws_config.config=$HOME/.aws/config +``` + +::: +:::: + :::{note} -For Helm deployments, users should provide AWS config file contents via `--set-file` rather than -setting `aws_config_directory` manually. See the Helm chart's `values.yaml` for details. +If profiles are not used for AWS authentication, `aws_config_directory` should be commented or set +to `null`. ::: ### env_vars From 043d50bc52dc9f3598761aeb13bffc7b9fb1faf6 Mon Sep 17 00:00:00 2001 From: Junhao Liao Date: Mon, 4 May 2026 16:25:51 -0400 Subject: [PATCH 6/7] docs(clp-config): Update aws_config_directory instructions and add Helm chart installation details --- .../aws-s3/clp-config.md | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/docs/src/user-docs/guides-using-object-storage/aws-s3/clp-config.md b/docs/src/user-docs/guides-using-object-storage/aws-s3/clp-config.md index 2eeeb0c1de..268c2c7ed8 100644 --- a/docs/src/user-docs/guides-using-object-storage/aws-s3/clp-config.md +++ b/docs/src/user-docs/guides-using-object-storage/aws-s3/clp-config.md @@ -161,27 +161,28 @@ Typically `~/.aws`: aws_config_directory: "" ``` +```{note} +If profiles are not used for AWS authentication, `aws_config_directory` should be commented or set +to `null`. +``` + ::: :::{tab-item} Kubernetes (Helm) :sync: kind -`aws_config_directory` is set automatically by the chart. Provide your AWS config file contents via -`--set-file`: +Provide your AWS config file contents via `--set-file`: ```bash -helm install \ +helm install clp/clp \ --set-file clpConfig.aws_config.credentials=$HOME/.aws/credentials \ --set-file clpConfig.aws_config.config=$HOME/.aws/config ``` -::: -:::: +See [Installing the Helm chart][k8s-install-helm-chart] for details. -:::{note} -If profiles are not used for AWS authentication, `aws_config_directory` should be commented or set -to `null`. ::: +:::: ### env_vars @@ -221,4 +222,5 @@ Credentials are resolved in priority order. Common sources include: [aws-region-codes]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.RegionsAndAvailabilityZones.html#Concepts.RegionsAndAvailabilityZones.Availability [boto3-credentials]: https://docs.aws.amazon.com/boto3/latest/guide/credentials.html#configuring-credentials +[k8s-install-helm-chart]: ../../guides-k8s-deployment.md#installing-the-helm-chart [rust-sdk-credentials]: https://docs.aws.amazon.com/sdk-for-rust/latest/dg/credproviders.html From 3bd0af3e00503fa4bb9bff33593574389a58e296 Mon Sep 17 00:00:00 2001 From: Junhao Liao Date: Thu, 14 May 2026 08:38:55 -0400 Subject: [PATCH 7/7] chore(helm): Bump chart version to 0.3.2-dev.6. --- tools/deployment/package-helm/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/deployment/package-helm/Chart.yaml b/tools/deployment/package-helm/Chart.yaml index efd7f51af1..a161236299 100644 --- a/tools/deployment/package-helm/Chart.yaml +++ b/tools/deployment/package-helm/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: "v2" name: "clp" -version: "0.3.2-dev.5" +version: "0.3.2-dev.6" description: "A Helm chart for CLP's (Compressed Log Processor) package deployment" type: "application" appVersion: "0.12.1-dev"