Open davinkevin opened 4 years ago
Hey @davinkevin ; just did a quick investigation of what this would entail. My understanding is that we would need to add the "x-kubernetes-object-ref-kind": "Secret"
OpenAPI annotation to our CRDs' validation schemas, and then on the client side, your kustomization.yaml
would need to refer to our CRDs via the crds
field. Is this correct?
I think you're right but I'm not 100% sure. If you need someone to test something, let me know !
Up ?
Can I help on something on this ?
@davinkevin Thank you for the follow up. As @kibbles-n-bytes described above, a workaround for you would be adding "x-kubernetes-object-ref-kind": "Secret"
OpenAPI annotation to the CRDs' validation schemas that your kustomization.yaml
refers to via the crds
field.
We are considering to support the feature and will update when we have more information.
When I try to use crds
fields, I have the following error:
loading CRDs [kcc.crds.yaml]: unable to parse open API definition from 'kcc.crds.yaml': error unmarshaling JSON: while decoding JSON: json: cannot unmarshal string into Go value of type common.OpenAPIDefinition
Hey 👋
@davinkevin You can use a name reference transformer configuration like the following :
# sql-user-password-as-kustomize-secret.yaml
nameReference:
- kind: Secret
version: v1
fieldSpecs:
- path: spec/password/valueFrom/secretKeyRef/name
kind: SQLUser
# kustomization.yaml
...
configurations:
- sql-user-password-as-kustomize-secret.yaml
...
Thanks @Neonox31 ❤️
By the way, the best solution should be to update the KCC crds to support this annotation? Any news about this @kibbles-n-bytes ?
Hi, is there any progress in this issue? Would be nice if the config-connector can understand generated secrets!
Hello all,
I followed the evolution of https://github.com/GoogleCloudPlatform/k8s-config-connector/issues/27, but I found a limitation.
When using
kubectl apply -k
with a secret generator, it doesn't modify the name of thesecretRef
to include the hash of the file. This totally prevent from usingkubectl apply -k
with KCC when using secrets values.For example:
dp.yaml:
sql.yaml
Kustomization.yaml:
If I generate it through
kubectl apply -k . -o yaml
(or withkustomize build .
), I have the following result:We see the
name: sl-demo-app-6ft88t2625
has been injected into the deployment but not in the SQLUser.Thanks for your help