Skip to content
This repository has been archived by the owner on Feb 8, 2024. It is now read-only.

CORTX-30141: Remove CORTX secrets custom template file #232

Merged
merged 4 commits into from
May 7, 2022
Merged

CORTX-30141: Remove CORTX secrets custom template file #232

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
ba5f63a
CORTX-30141: Remove CORTX secrets custom template file
keithpine May 4, 2022
5a3805a
Merge branch 'integration' into CORTX-30141_remove-secret-template
keithpine May 4, 2022
b71da34
Merge branch 'integration' into CORTX-30141_remove-secret-template
keithpine May 6, 2022
a0a85fa
Merge branch 'integration' into CORTX-30141_remove-secret-template
osowski May 6, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 0 additions & 7 deletions k8_cortx_cloud/cortx-cloud-helm-pkg/cortx-configmap/other/secret-template.yaml
View file
Open in desktop

This file was deleted.

30 changes: 11 additions & 19 deletions k8_cortx_cloud/deploy-cortx-cloud.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -792,39 +792,31 @@ function deployCortxSecrets()
printf "########################################################\n"
printf "# Deploy CORTX Secrets \n"
printf "########################################################\n"
# Parse secret from the solution file and create all secret yaml files
# Parse secret from the solution file and create all secret files
# in the "auto-gen-secret" folder
secret_auto_gen_path="${cfgmap_path}/auto-gen-secret-${namespace}"
local secret_auto_gen_path="${cfgmap_path}/auto-gen-secret-${namespace}"
mkdir -p "${secret_auto_gen_path}"
cortx_secret_name=$(getSolutionValue "solution.secrets.name")
cortx_secret_ext=$(getSolutionValue "solution.secrets.external_secret")
cortx_secret_name=$(getSolutionValue "solution.secrets.name") # This is a global variable
if [[ -n "${cortx_secret_name}" ]]; then
# Process secrets from solution.yaml
secrets=()
for field in "${cortx_secret_fields[@]}"; do
fcontent=$(getSolutionValue "solution.secrets.content.${field}")
if [[ -z ${fcontent} ]]; then
# No data for this field. Generate a password.
pw=$(pwgen)
fcontent=${pw}
fcontent=$(pwgen)
printf "Generated secret for %s\n" "${field}"
fi
secrets+=( " ${field}: ${fcontent}" )
printf "%s" "${fcontent}" > "${secret_auto_gen_path}/${field}"
done
secrets_block=$( printf "%s\n" "${secrets[@]}" )

new_secret_gen_file="${secret_auto_gen_path}/${cortx_secret_name}.yaml"
cp "${cfgmap_path}/other/secret-template.yaml" "${new_secret_gen_file}"
./parse_scripts/subst.sh "${new_secret_gen_file}" "secret.name" "${cortx_secret_name}"
./parse_scripts/subst.sh "${new_secret_gen_file}" "secret.content" "${secrets_block}"
kubectl_create_secret_cmd="kubectl create -f ${new_secret_gen_file} --namespace=${namespace}"
if ! ${kubectl_create_secret_cmd}; then

if ! kubectl create secret generic "${cortx_secret_name}" \
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

kubectl apply is preferred here as it will not fail if the existing secret name already exists, but it will fail if kubectl create is used and a secret with the same name already exists. It is a valid and expected use case to update the secret with apply as needed.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
if ! kubectl create secret generic "${cortx_secret_name}" \
if ! kubectl apply secret generic "${cortx_secret_name}" \

Copy link
Contributor Author

@keithpine keithpine May 6, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It doesn't look like this command exists:

❯ k apply secret generic -f /tmp/foobar.yaml
error: Unexpected args: [secret generic]
See 'kubectl apply -h' for help and examples

If we want to use apply, then I can just close this PR and move the bespoke template file to another location. I was mostly just attempting to get rid of it.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah! Good catch! I was jumping ahead too quickly. For now we can pivot to what you have here. It won't matter much in the near future, so I'm good with what you have above.

--from-file="${secret_auto_gen_path}" \
--namespace="${namespace}"; then
printf "Exit early. Failed to create Secret '%s'\n" "${cortx_secret_name}"
exit 1
fi

elif [[ -n "${cortx_secret_ext}" ]]; then
cortx_secret_name="${cortx_secret_ext}"
else
cortx_secret_name="$(getSolutionValue "solution.secrets.external_secret")"
printf "Installing CORTX with existing Secret %s.\n" "${cortx_secret_name}"
fi

Expand Down