Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix issue 1778 update1 #1826

Merged
merged 1 commit into from
Feb 21, 2024
Merged

fix issue 1778 update1 #1826

merged 1 commit into from
Feb 21, 2024

Conversation

sosan
Copy link
Contributor

@sosan sosan commented Feb 14, 2024

in case /run/secrets/MARIADB_PASSWORD and secrets: MARIADB_PASSWORD are in uppercase, reformat the value of MARIADB_PASSWORD to mariadb-password. Also, reformat the secretconfig of the secrets. also getSecretPathsLegacy returns secretSubPath.

What type of PR is this?

/kind cleanup

What this PR does / why we need it:

updated fix to contemplate mays in secrets:

version: "3.9"
services:
  database:
    image: mariadb:11
    deploy:
      replicas: 1
    environment:
      MARIADB_ROOT_PASSWORD_FILE: /run/secrets/MARIADB_PASSWORD
    secrets:
      - MARIADB_PASSWORD
secrets:
  MARIADB_PASSWORD:
    file: "./mariadb-password.txt"

Which issue(s) this PR fixes:

Fixes #1778

Special notes for your reviewer:

@sosan
in case /run/secrets/MARIADB_PASSWORD and secrets: MARIADB_PASSWORD a…
eda13cf 
…re in uppercase, reformat the value of MARIADB_PASSWORD to mariadb-password. Also, reformat the secretconfig of the secrets. getSecretPathsLegacy returns secretSubPath.

Signed-off-by: jose luis <2064537+sosan@users.noreply.github.com>
@k8s-ci-robot k8s-ci-robot added kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Feb 14, 2024
@k8s-ci-robot k8s-ci-robot added the size/M Denotes a PR that changes 30-99 lines, ignoring generated files. label Feb 14, 2024
@cdrage cdrage merged commit c0f7e91 into kubernetes:main Feb 21, 2024
9 of 10 checks passed
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: cdrage, sosan

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Feb 21, 2024
@BrewTestBot BrewTestBot mentioned this pull request Apr 26, 2024
Merged
@ghost
Copy link

ghost commented May 7, 2024
edited by ghost
Loading

This caused a regression in our Compose file:

services:
  a:
    image: alpine:3.19
    command: ["cat", "/etc/hello_world.yaml"]
    secrets:
      - source: hello-world
        target: /etc/hello_world.yaml
secrets:
  hello-world:
    file: config/hello_world.yaml

Now, I am unable to cat /etc/hello_world.yaml.

@ghost
Copy link

ghost commented May 7, 2024
edited by ghost
Loading

I would implement this solution differently, without touching any environments:

  1. If target is specified, only ever transform the source field.
  2. If target is not specified, fill it in as /run/secrets/{source_before_transform}.

The output of the original Compose by @sosan should be:

    spec:
      containers:
        - env:
            - name: MARIADB_ROOT_PASSWORD_FILE
              value: /run/secrets/MARIADB_PASSWORD
          image: mariadb:11
          name: database
          volumeMounts:
            - mountPath: /run/secrets
              name: mariadb-password
              subPath: MARIADB_PASSWORD
      restartPolicy: Always
      volumes:
        - name: mariadb-password
          secret:
            items:
              - key: mariadb-password
                path: MARIADB_PASSWORD
            secretName: mariadb-password

@cdrage
Copy link
Member

cdrage commented May 7, 2024

I would implement this solution differently, without touching any environments:

  1. If target is specified, only ever transform the source field.

  2. If target is not specified, fill it in as /run/secrets/{source_before_transform}.

The output of the original Compose by @sosan should be:

    spec:

      containers:

        - env:

            - name: MARIADB_ROOT_PASSWORD_FILE

              value: /run/secrets/MARIADB_PASSWORD

          image: mariadb:11

          name: database

          volumeMounts:

            - mountPath: /run/secrets

              name: mariadb-password

              subPath: MARIADB_PASSWORD

      restartPolicy: Always

      volumes:

        - name: mariadb-password

          secret:

            items:

              - key: mariadb-password

                path: MARIADB_PASSWORD

            secretName: mariadb-password

Hi! Could you open an issue so we make sure that we track this?

@ghost ghost mentioned this pull request May 24, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cdrage cdrage cdrage approved these changes

@AhmedGrati AhmedGrati Awaiting requested review from AhmedGrati

@ngtuna ngtuna Awaiting requested review from ngtuna

Assignees
No one assigned
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[BUG] Kompose does not mount secrets like compose
3 participants
@sosan @k8s-ci-robot @cdrage