Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Secretstore for openshift-logging in test cluster #366

Merged
merged 1 commit into from
Feb 6, 2024
Merged

Add Secretstore for openshift-logging in test cluster #366

merged 1 commit into from
Feb 6, 2024

Conversation

bnshr
Copy link
Contributor

@bnshr bnshr commented Feb 6, 2024
edited
Loading

This add the secretstore for test cluster required for openshift-logging

@computate
Copy link
Member

@bnshr Looks like we should also update the nerc-ocp-config/cluster-scope/overlays/nerc-ocp-test/secretstores/kustomization.yaml as well.

@bnshr bnshr force-pushed the secretstore-test-cluster branch from 369ab49 to e79d670 Compare February 6, 2024 15:44
@bnshr
Copy link
Contributor Author

bnshr commented Feb 6, 2024

Done!

@schwesig schwesig added the enhancement New feature or request label Feb 6, 2024
@schwesig schwesig mentioned this pull request Feb 6, 2024
Closed
2 tasks
schwesig
schwesig approved these changes Feb 6, 2024
View reviewed changes
Copy link
Contributor

@schwesig schwesig left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thumbs up

@schwesig schwesig merged commit d60b09d into OCP-on-NERC:main Feb 6, 2024
2 checks passed
@computate
Copy link
Member

@larsks could you please grant vault access to this SecretStore in the openshift-logging namespace in the test cluster?

@larsks
Copy link
Member

larsks commented Feb 6, 2024

@computate I can (and I have), but now we have a second problem: the test cluster doesn't have valid certificates, which will prevent it from accessing the vault.

I've opened nerc-project/operations#424 on this topic.

@larsks
Copy link
Member

larsks commented Feb 12, 2024

@computate External secrets on the test cluster are now syncing correctly...

NAMESPACE               NAME                                               STORE               REFRESH INTERVAL   STATUS              READY
curator-system          postgres-config                                    nerc-secret-store   1h                 SecretSyncedError   False
group-sync-operator     github-group-sync                                  nerc-secret-store   1h                 SecretSynced        True
koku-metrics-operator   postgres-config                                    nerc-secret-store   1h                 SecretSynced        True
openshift-config        github-client-secret                               nerc-secret-store   1m                 SecretSynced        True
openshift-logging       openshift-logging-lokistack-gateway-bearer-token   nerc-secret-store   15s                SecretSynced        True
openshift-storage       rook-ceph-external-cluster-details                 nerc-secret-store   1h                 SecretSynced        True

...well, except for the one in curator-system, but that's a config error in that namespace.

@computate
Copy link
Member

Thanks very much @larsks .

larsks added a commit to OCP-on-NERC/vault-config that referenced this pull request Feb 13, 2024
@larsks
Temporarily use a self-signed cert for nerc-ocp-test
3668a77 
Install a temporary certificate to resolve the issued noted in [PR 366].
This permits Vault to authenticate the API certificate presented by
nerc-ocp-test.

This is a temporary measure pending a more robust solution for issuing
internally trusted certificates.

[PR 366]: OCP-on-NERC/nerc-ocp-config#366
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@schwesig schwesig schwesig approved these changes

@computate computate computate approved these changes

@larsks larsks Awaiting requested review from larsks

Assignees

@bnshr bnshr

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@bnshr @computate @larsks @schwesig