Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cmd/containerboot: don't attempt to write kube Secret in non-kube environments #14358

Merged
merged 1 commit into from
Dec 11, 2024
Merged

cmd/containerboot: don't attempt to write kube Secret in non-kube environments #14358

merged 1 commit into from
Dec 11, 2024

Conversation

irbekrm
Copy link
Contributor

@irbekrm irbekrm commented Dec 11, 2024
edited
Loading

A follow-up to #14357, fixes a second place where the https_endpoint field was written to the kube Secret without a check + adds some tests that would have caught this.

I've tested that non-kube containers work with TS_SERVE_CONFIG with this change, i.e

docker run -it -e TS_AUTHKEY=<key> -v $(pwd)/serve-config.json:/serve-config.json -e TS_SERVE_CONFIG=/serve-config.json --privileged=true <image>

Updates #14354

@irbekrm irbekrm requested a review from tomhjp December 11, 2024 10:18
tomhjp
tomhjp approved these changes Dec 11, 2024
View reviewed changes
Copy link
Member

@tomhjp tomhjp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. My only remaining comment is very much optional/as a follow-up

@irbekrm irbekrm merged commit 0cc071f into main Dec 11, 2024
48 checks passed
@irbekrm irbekrm deleted the irbekrm/kube_nil branch December 11, 2024 10:56
irbekrm added a commit that referenced this pull request Dec 11, 2024
@irbekrm
cmd/containerboot: don't attempt to write kube Secret in non-kube env…
6034eb5 
…ironments (#14358)

Updates #14354

Signed-off-by: Irbe Krumina <[email protected]>
@irbekrm irbekrm mentioned this pull request Dec 11, 2024
Merged
irbekrm added a commit that referenced this pull request Dec 11, 2024
@irbekrm
cmd/containerboot: don't attempt to write kube Secret in non-kube env…
09b7a1a 
…ironments (#14358)

Updates #14354

Signed-off-by: Irbe Krumina <[email protected]>
(cherry picked from commit 0cc071f)
irbekrm added a commit that referenced this pull request Dec 11, 2024
@irbekrm
cmd/containerboot: fix nil pointer exception (cherry-pick of #14357, #…
6e0f168 
…14358) (#14359)

* cmd/containerboot: guard kubeClient against nil dereference (#14357)

A method on kc was called unconditionally, even if was not initialized,
leading to a nil pointer dereference when TS_SERVE_CONFIG was set
outside Kubernetes.

Add a guard symmetric with other uses of the kubeClient.

Signed-off-by: Bjorn Neergaard <[email protected]>
(cherry picked from commit 8b1d011)

* cmd/containerboot: don't attempt to write kube Secret in non-kube environments (#14358)

Signed-off-by: Irbe Krumina <[email protected]>
(cherry picked from commit 0cc071f)

* cmd/containerboot: don't attempt to patch a Secret field without permissions (#14365)

Signed-off-by: Irbe Krumina <[email protected]>
(cherry picked from commit 6e552f6)

Updates #14354
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tomhjp tomhjp tomhjp approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@irbekrm @tomhjp