-
-
Notifications
You must be signed in to change notification settings - Fork 99
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Create a secret for the license, rather than using (only) a flag (for the operator) #67
Comments
/add label: help wanted |
/assign: me Ill raise an issue on arkade to switch to this too |
Thanks Alistair |
Hi @Waterdrips did you have a chance to start this yet? |
Spent the weekend fighting my RPis and net booting. Ill start working on this this evening if thats ok. |
Sounds good. Hope you won 😁 |
@viveksyngh do you want to take a look? |
/derek assign me |
@alexellis I was thinking if we can create a secret with the licence and then using secret name as input to the the controller. Which will be read by the controller to the read the secret and also set a watch for that, so in case if this get's updated controller will reconcile all objects. |
Part 1a is just changing the helm chart to use a secret name/reference instead of a literal value, but keeping backwards compatibility. Part 1b is changing the arkade app to create the new secret and instruct the helm chart to use it. See how we do that for arkade and openfaas - https://github.com/alexellis/arkade/blob/master/cmd/apps/openfaas_app.go#L126 Part 2 is more along the lines of what you're saying. We may need one master secret per namespace with the license in it, or one new license secret per client. |
Create a secret for the inlets-pro license, rather than using (only) a flag
Expected Behaviour
The license should be read from a file as not to leak the value in
kubectl get deploy inlets-operator
Current Behaviour
The license is shown in the deployment and via helm install when it's passed as a flag.
Possible Solution
Using a secret, like we do for the API access token would make sense.
A change in the arkade app for the inlets-operator would also be required.
This is where the license is being read as an arg:
https://github.com/inlets/inlets-operator/blob/master/main.go#L79
Here is an example of reading a file (name passed via flag):
https://github.com/inlets/inlets-operator/blob/master/main.go#L74
And here is the helm chart to update:
https://github.com/inlets/inlets-operator/blob/master/chart/inlets-operator/templates/deployment.yaml#L36
Add an
if
statement and attach a volume in the same way as we do for a secret when the file is given instead of a literal value.The text was updated successfully, but these errors were encountered: