Open maZahaca opened 3 years ago
Because there isn't one. AFAICT, there are two keys, EXTRAVOLUMES and EXTRAVOLUMEMOUNTS to mount a flat file that stores the permissions. But, this doesn't seem to work and not sure if it's logging the failed key/value action somewhere.
In pkg/apis/planetscale/v2/vitessshard_types.go it reads like extravolumes and extravolumemounts can appear at the same indentation as datavolumeclaimtemplate.
In theory, this should work?
extraVolumes:
- name: acl-config
configMapKeyRef:
name: acl-json
key: acl.json
extraVolumeMounts:
- name: acl-config
mountPath: /conf
None of the pods end up having a /conf directory with the configmap in it. the configMap's name is acl-json with key acl.json.
Maybe I am missing it because I am new to Kubernetes.
I finally figured this out because the answer was in the vitess slack channel. You should probably subscribe to it if you want to speed up figuring this system out.
This works for a configMap with a single key:
extraVolumes:
- name: acl-config
configMap:
name: "acl"
extraVolumeMounts:
- name: acl-config
mountPath: /conf
There are options for selecting specific keys that are documented on the Kubernettes side. I spent enough time on it, already.
Here's an example using secrets. The indents might be wrong.
extraVolumes:
- name: acl-config
secret:
items:
- path: acl.json
key: acl.json
secretName: vitess-configs
extraVolumeMounts:
- name: acl-config
mountPath: /conf
The next part is to add the options to the vttablet section of the deployment.yaml file so vttablet reads the file.
Vitess topic described in here: https://vitess.io/docs/user-guides/configuration-advanced/authorization/
I was unable to find a description for vitess-operator to do that.