Open alexellis opened 4 years ago
/add label: help wanted
/assign: me
Ill raise an issue on arkade to switch to this too
Thanks Alistair
Hi @Waterdrips did you have a chance to start this yet?
Spent the weekend fighting my RPis and net booting.
Ill start working on this this evening if thats ok.
Sounds good. Hope you won 😁
@viveksyngh do you want to take a look?
/derek assign me
@alexellis I was thinking if we can create a secret with the licence and then using secret name as input to the the controller. Which will be read by the controller to the read the secret and also set a watch for that, so in case if this get's updated controller will reconcile all objects.
Part 1a is just changing the helm chart to use a secret name/reference instead of a literal value, but keeping backwards compatibility. Part 1b is changing the arkade app to create the new secret and instruct the helm chart to use it.
See how we do that for arkade and openfaas - https://github.com/alexellis/arkade/blob/master/cmd/apps/openfaas_app.go#L126
Part 2 is more along the lines of what you're saying. We may need one master secret per namespace with the license in it, or one new license secret per client.
Create a secret for the inlets-pro license, rather than using (only) a flag
Expected Behaviour
The license should be read from a file as not to leak the value in
kubectl get deploy inlets-operator
Current Behaviour
The license is shown in the deployment and via helm install when it's passed as a flag.
Possible Solution
Using a secret, like we do for the API access token would make sense.
A change in the arkade app for the inlets-operator would also be required.
This is where the license is being read as an arg:
https://github.com/inlets/inlets-operator/blob/master/main.go#L79
Here is an example of reading a file (name passed via flag):
https://github.com/inlets/inlets-operator/blob/master/main.go#L74
And here is the helm chart to update:
https://github.com/inlets/inlets-operator/blob/master/chart/inlets-operator/templates/deployment.yaml#L36
Add an
if
statement and attach a volume in the same way as we do for a secret when the file is given instead of a literal value.