Open gustaff-weldon opened 1 year ago
Thank you for all the detail and the example repository. The fix for the issue of pull secrets not being created in the correct namespaces for dependent projects would be to modify this configuration to:
dependencies:
sub-project:
path: ../sub-project
namespace: sub-project
This will instruct DevSpace to configure its client to use the correct namespace when running the dependency (and all the steps within).
As you've pointed out, you'd like to pin each sub-project to different namespaces whether they are dependencies or not. This has led to workarounds in the example repository such as setting the namespace for deployments and modifying DEVSPACE_FLAGS
Thanks @lizardruss the workaround works, but means projects no longer are self-contained. In our scenario, a dozen of projects that eg. depend on a shared postgresql, have to know its namespace name, and we need to make sure those are kept in sync and no typos occur between devspace.yamls.
I appreciate the workaround, but if there could be a way to define namespace for pull secrets on a project level (even if that would be on pullSecrets.namespace
, that would work better in our scenario.
What happened?
I have a main API gateway project, with multiple services it depends on, and my devspace setup reflects that ie. gateway devspace depends on other service's
devspace
s.All of my projects deploy to their own namespaces and pull secret is the same for all of them. (I think this might be a crucial info)
If I
devspace deploy
from the main project, secrets are ONLY created for the main project namespace. They are not created for the dependency namespaces.I believe
ensure_secrets
does not take namespace of the subproject into account and always uses the top project namespace, so only firstensure_secrets
call creates a secret and rest of calls just check for a secret (in wrong, main namespace) and skip creating it.More info
When I run devspace deploy from gateway (main project with deps), I see output related to secrets for subprojects eg.
What is interesting:
The above looks like a bug, as
graphql-gateway
is the namespace of the main project not thecontracts
.If I go to single dependency folder and do
devspace deploy
there, secrets are created:What did you expect to happen instead? I expected the pull secrets to be created for main project and its dependencies, each of the pull secret in the proper project namespace.
How can we reproduce the bug? (as minimally and precisely as possible)
Use the reproduction repo: https://github.com/gustaff-weldon/devspace-dependency-pull-secrets
To reproduce issue you need to configure the docker registry that needs auth in both devspace files and update image url
I also configured docker config in
~/.docker/config.json
similar to:Now, try deploying main project:
You will get output similar to:
Check the secrets for the main project:
And the sub-project:
Now, if you deploy the subproject on its own:
You will see the
devspace-pull-secrets
secret was created:Local Environment: