use secret for minio credentials, add demo entry

Author: adwk67

demos/demos-v2.yaml

@@ -226,3 +226,19 @@ demos:
       cpu: "3"
       memory: 5098Mi
       pvc: 16Gi
+  jupyterhub-keycloak:
+    description: Demo showing jupyterhub notebooks secured with keycloak
+    documentation: TODO
+    stackableStack: jupyterhub-keycloak
+    labels:
+      - jupyterhub
+      - keycloak
+      - spark
+      - S3
+    manifests:
+      - plainYaml: demos/jupyterhub-keycloak/load-gas-data.yaml
+    supportedNamespaces: []
+    resourceRequests:
+      cpu: 6400m
+      memory: 12622Mi
+      pvc: 20Gi

stacks/jupyterhub-keycloak/Dockerfile

@@ -0,0 +1,27 @@
+# kind load docker-image spark:3.5.2-python311 -n stackable-data-platform
+
+FROM spark:3.5.2-scala2.12-java17-ubuntu
+
+USER root
+
+RUN set -ex; \
+    apt-get update; \
+    # Install dependencies for Python 3.11
+    apt-get install -y \
+    software-properties-common \
+    && add-apt-repository ppa:deadsnakes/ppa \
+    && apt-get update && apt-get install -y \
+    python3.11 \
+    python3.11-venv \
+    python3.11-dev \
+    && rm -rf /var/lib/apt/lists/*; \
+    # Install pip manually for Python 3.11
+    curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py && \
+    python3.11 get-pip.py && \
+    rm get-pip.py
+
+# Make Python 3.11 the default Python version
+RUN update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.11 1 \
+    && update-alternatives --install /usr/bin/pip pip /usr/local/bin/pip3 1
+
+USER spark

stacks/jupyterhub-keycloak/README.md

@@ -4,6 +4,8 @@ Deploy the scripts:
 
 ```shell
 stackablectl stack install jupyterhub-keycloak --release dev -s stacks/stacks-v2.yaml
-
 kubectl apply -f ./demos/jupyterhub-keycloak/load-gas-data.yaml
+
+# or (with test data)
+stackablectl demo install jupyterhub-keycloak --release dev -s stacks/stacks-v2.yaml -d demos/demos-v2.yaml
 ```

stacks/jupyterhub-keycloak/jupyterhub.yaml

@@ -14,10 +14,10 @@ options:
       GenericOAuthenticator:
         client_id: jupyterhub
         client_secret: jupyterhubjupyterhub
-        oauth_callback_url: http://172.19.0.3:31095/hub/oauth_callback
-        authorize_url: https://172.19.0.3:31093/realms/demo/protocol/openid-connect/auth
-        token_url: https://172.19.0.3:31093/realms/demo/protocol/openid-connect/token
-        userdata_url: https://172.19.0.3:31093/realms/demo/protocol/openid-connect/userinfo
+        oauth_callback_url: http://172.19.0.4:31095/hub/oauth_callback
+        authorize_url: https://172.19.0.4:31093/realms/demo/protocol/openid-connect/auth
+        token_url: https://172.19.0.4:31093/realms/demo/protocol/openid-connect/token
+        userdata_url: https://172.19.0.4:31093/realms/demo/protocol/openid-connect/userinfo
         username_claim: preferred_username
         scope:
           - openid
@@ -139,9 +139,14 @@ options:
                 resources:
                   requests:
                     storage: "1"
+        - name: minio-s3-credentials
+          secret:
+            secretName: minio-s3-credentials
       extraVolumeMounts:
         - name: tls-ca-cert
           mountPath: /stackable/secrets/tls-ca-cert
+        - name: minio-s3-credentials
+          mountPath: /minio-s3-credentials
     profileList:
       - display_name: "Default"
         description: "Default profile"

stacks/jupyterhub-keycloak/process-s3.ipynb

@@ -13,6 +13,23 @@
     "! pyspark --version"
    ]
   },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "id": "bd941fee",
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "import os\n",
+    "\n",
+    "# get minio credentials\n",
+    "with open(\"/minio-s3-credentials/accessKey\", \"r\") as f:\n",
+    "    minio_user = f.read().strip()\n",
+    "\n",
+    "with open(\"/minio-s3-credentials/secretKey\", \"r\") as f:\n",
+    "    minio_pwd = f.read().strip()"
+   ]
+  },
   {
    "cell_type": "code",
    "execution_count": null,
@@ -67,8 +84,8 @@
     "    #.config(\"spark.executorEnv.LD_PRELOAD\", \"/opt/bitnami/common/lib/libnss_wrapper.so\")\n",
     "    .config(\"spark.hadoop.fs.s3a.endpoint\", \"http://minio:9000/\")\n",
     "    .config(\"spark.hadoop.fs.s3a.path.style.access\", \"true\")\n",
-    "    .config(\"spark.hadoop.fs.s3a.access.key\", \"admin\")\n",
-    "    .config(\"spark.hadoop.fs.s3a.secret.key\", \"adminadmin\")\n",
+    "    .config(\"spark.hadoop.fs.s3a.access.key\", minio_user)\n",
+    "    .config(\"spark.hadoop.fs.s3a.secret.key\", minio_pwd)\n",
     "    .config(\"spark.hadoop.fs.s3a.aws.credentials.provider\", \"org.apache.hadoop.fs.s3a.SimpleAWSCredentialsProvider\")\n",
     "    .config(\"spark.jars.packages\", \"org.apache.hadoop:hadoop-client-api:3.3.4,org.apache.hadoop:hadoop-client-runtime:3.3.4,org.apache.hadoop:hadoop-aws:3.3.4,org.apache.hadoop:hadoop-common:3.3.4,com.amazonaws:aws-java-sdk-bundle:1.12.162\")\n",
     "    .config(\"spark.submit.deployMode\", \"client\")\n",
@@ -110,7 +127,7 @@
    "metadata": {},
    "outputs": [],
    "source": [
-    "df = spark.read.csv(\"s3a://demo/gas-sensor/raw/\")\n",
+    "df = spark.read.csv(\"s3a://demo/gas-sensor/raw/\", header = True)\n",
     "df.show()"
    ]
   },

stacks/jupyterhub-keycloak/s3-connection.yaml

@@ -0,0 +1,31 @@
+---
+apiVersion: s3.stackable.tech/v1alpha1
+kind: S3Connection
+metadata:
+  name: minio
+spec:
+  host: minio
+  port: 9000
+  accessStyle: Path
+  credentials:
+    secretClass: minio-s3-credentials
+---
+apiVersion: secrets.stackable.tech/v1alpha1
+kind: SecretClass
+metadata:
+  name: minio-s3-credentials
+spec:
+  backend:
+    k8sSearch:
+      searchNamespace:
+        pod: {}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: minio-s3-credentials
+  labels:
+    secrets.stackable.tech/class: minio-s3-credentials
+stringData:
+  accessKey: admin
+  secretKey: {{ minioAdminPassword }}

stacks/stacks-v2.yaml

@@ -666,13 +666,13 @@ stacks:
       memory: 9010Mi
       pvc: 24Gi
     manifests:
+      - helmChart: stacks/_templates/minio.yaml
       - plainYaml: stacks/jupyterhub-keycloak/keycloak-serviceaccount.yaml
       - plainYaml: stacks/jupyterhub-keycloak/keycloak-realm-config.yaml
       - plainYaml: stacks/jupyterhub-keycloak/keycloak.yaml
       - helmChart: stacks/jupyterhub-keycloak/jupyterhub.yaml
       - plainYaml: stacks/jupyterhub-keycloak/serviceaccount.yaml
-      - helmChart: stacks/_templates/minio.yaml
-      - plainYaml: stacks/trino-superset-s3/s3-connection.yaml
+      - plainYaml: stacks/jupyterhub-keycloak/s3-connection.yaml
     parameters:
       - name: keycloakAdminPassword
         description: Password of the Keycloak admin user