replace commands/envcommand by DataSource in SecretGenerator #703
Conversation
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: Liujingfang1 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
approved
Liujingfang1
requested review from
liggitt
and removed request for
justinsb and
droot
docs/kustomization.yaml
Outdated
| tls.crt: "cat secret/tls.cert" | ||
| tls.key: "cat secret/tls.key" | ||
| files: | ||
| - tls.crt=./catsecret/tls.cert |
There was a problem hiding this comment.
is the leading ./ required?
docs/kustomization.yaml
Outdated
| # you can only specify one envCommand per secret. | ||
| envCommand: printf \"DB_USERNAME=admin\nDB_PASSWORD=somepw\" | ||
| env: ./env.txt |
There was a problem hiding this comment.
same question, is leading ./ required? if not, consider dropping it?
There was a problem hiding this comment.
Not required. Will drop it.
examples/combineConfigs.md
Outdated
| tls.key: "cat tls.key" | ||
| literals: | ||
| tls.crt=./tls.cert | ||
| tls.key=./tls.key |
There was a problem hiding this comment.
is this example correct? it looks like it would create secret keys with the contents ./tls.cert, etc, which probably isn't what someone would want
There was a problem hiding this comment.
My bad, will change those literals to better examples. Those should be files instead of literals.
pkg/types/kustomization.go
Outdated
| // TimeoutSeconds specifies the timeout for commands. | ||
| TimeoutSeconds *int64 `json:"timeoutSeconds,omitempty" yaml:"timeoutSeconds,omitempty"` | ||
| // DataSources for secret. | ||
| DataSources `json:",inline,omitempty" yaml:",inline,omitempty"` | ||
| } | ||
|
|
||
| // CommandSources contains some generic sources for secrets. |
There was a problem hiding this comment.
drop unused CommandSources?
Liujingfang1
force-pushed
the
changeSecretG
branch
2 times, most recently
from
f7d47de
to
6ad62f1
Compare
Liujingfang1
force-pushed
the
changeSecretG
branch
from
6ad62f1
to
2fa4a34
Compare
| const ( | ||
| defaultCommandTimeout = 5 * time.Second | ||
| ) | ||
|
|
||
| // SecretFactory makes Secrets. | ||
| type SecretFactory struct { | ||
| fSys fs.FileSystem |
There was a problem hiding this comment.
fSys no longer needed.
It was there just to set a current working directory for the process.
There was a problem hiding this comment.
You are correct. fSys is not needed. I removed it from both SecretGenerator and ConfigMapGenerator.
k8s-ci-robot
added
size/XL
|
/lgtm Grepped through the docs, seems like everything that matters is captured here. Lets do this rather than #692 :) |
k8s-ci-robot
added
the
lgtm
|
Is there a recommended way to generate secrets now? |
|
@sethpollack The secret data can be put into files by custom commands. Then those files can be added to SecretGenerator. |
The change is a different approach for fixing #692. It changes
SecretGeneratorworks the same way asConfigMapGenerator, loading data from files or literals.