chore: support inject envFrom by secret #8115
Conversation
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #8115 +/- ##
==========================================
+ Coverage 62.49% 63.24% +0.74%
==========================================
Files 333 333
Lines 40569 41228 +659
==========================================
+ Hits 25354 26074 +720
+ Misses 12946 12883 -63
- Partials 2269 2271 +2
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
sophon-zt
requested review from
michelle-0808 and
shanshanying
as code owners
| @@ -41,8 +41,11 @@ import ( | |||
| viper "github.com/apecloud/kubeblocks/pkg/viperx" | |||
| ) | |||
|
|
|||
| func createConfigObjects(cli client.Client, ctx context.Context, objs []client.Object) error { | |||
| func createConfigObjects(cli client.Client, ctx context.Context, objs []client.Object, secretObjs []client.Object) error { | |||
| @@ -366,10 +366,13 @@ func (p *updatePipeline) UpdateConfigVersion(revision string) *updatePipeline { | |||
| func (p *updatePipeline) Sync() *updatePipeline { | |||
| return p.Wrap(func() error { | |||
| if p.ConfigConstraintObj != nil && !p.isDone() { | |||
| if err := SyncEnvConfigmap(*p.configSpec, p.newCM, &p.ConfigConstraintObj.Spec, p.Client, p.Context); err != nil { | |||
| if err := SyncEnvConfigmap(*p.configSpec, p.newCM, &p.ConfigConstraintObj.Spec, p.Client, p.Context, p.ctx.Cluster, p.ctx.SynthesizedComponent); err != nil { | |||
There was a problem hiding this comment.
SyncEnvConfigmap() is handling the ConfigMap resource, so should a new function (like SyncEnvSecret()) be added for the Secret resource?
There was a problem hiding this comment.
AsSecret is only applicable to configuration templates that allow injectEnvTo. AsSecret is not supported for non-envFrom configuration templates. The reason is that the related modifications are too large. This may be used to support it in future.
For the configuration template of injectEnvTo, the rendered configmap/secret won't be used, so the configmap/secret of InjectEnvTo does not need to be created. Here ignore the secret for compatibility considerations, the previous ComponentTemplateSpec.VolumeName is a required field, addon may mount the volume to the container, and removing it directly may cause problems.
| return err | ||
| } | ||
| } | ||
| if p.configSpec.InjectEnvEnabled() && p.configSpec.ToSecret() { | ||
| return nil | ||
| } | ||
| switch { |
There was a problem hiding this comment.
Should add a case for the secret resource?
|
/approve for test |
sophon-zt
deleted the
support/support-generate-secret-for-config-template
branch
There are two issues left to be dealt with in this sshd related PR:
This pr can mount the sshd key to the container's volume as a secret.
refer to sshd demo: https://github.com/apecloud/kubeblocks-addons/pull/1017/files