Comments (6)
silenceper
commented on July 21, 2024
/assign @silenceper
from clusternet.
dixudx
commented on July 21, 2024
apiVersion: apps.clusternet.io/v1alpha1
kind: HelmChart
metadata:
name: example
namespace: default
spec:
repo: https://private-repo.com/test
username: xxx
password: xxx
chart: example
version: 0.0.1
targetNamespace: abc@silenceper This is not secure. The credentials here are visible to anyone with get/list roles of HelmChart.
Maybe using a secret reference is a better choice.
from clusternet.
silenceper
commented on July 21, 2024
I agree.
maybe can chagne to this:
apiVersion: apps.clusternet.io/v1alpha1
kind: HelmChart
metadata:
name: example
namespace: default
spec:
repo: https://private-repo.com/test
chartPullSecret:
name: my-private-repo-auth
namespace: kube-system
chart: example
version: 0.0.1
targetNamespace: abc
apiVersion: v1
data:
username: xxx
password: xxxx
kind: Secret
metadata:
name: my-private-repo-auth
namespace: kube-system
type: clusternet.io/helm-chart-credentials
from clusternet.
dixudx
commented on July 21, 2024
Another thing you need to take into consideration is how to pass down those credentials when the sync mode is Pull.
from clusternet.
silenceper
commented on July 21, 2024
Another thing you need to take into consideration is how to pass down those credentials when the sync mode is
Pull.
My idea is to add get secret permission for serviceAccount when CRR approve.
The namespace of this secret can be configured in the hub like --helm-repo-secret-namespace, and all secrets involving the helm chart repo are placed under this namespace.
apiVersion: apps.clusternet.io/v1alpha1
kind: HelmChart
metadata:
name: example
namespace: default
spec:
repo: https://private-repo.com/test
authSecretName: my-private-repo-auth # Under the `--helm-repo-secret-namespace` namespace
chart: example
version: 0.0.1
targetNamespace: abc
from clusternet.
dixudx
commented on July 21, 2024
As discussed, we could refer ImagePullSecrets in kubelet.
from clusternet.
Related Issues (20)
- Add post-join actions after child cluster joins in parent cluster successfully. HOT 2
- controller-manager will panic when the length of bindingClusters and replicas in subscription are not equal
- helm deploy failed HOT 4
- Replace ApplyResourceWithRetry with ApplyResource HOT 2
- Optimized performance of clusternet in large-scale CR scenarios.
- add metrics and pprof server for controller-manager
- Support Scheduling Priority and Preemption HOT 4
- for dividing scheduling, manifest changes should not directly trigger the updates of base objects HOT 1
- does clusternet support Multi-Cluster Controller HOT 5
- The default priority of localization for dynamic scheduling is 1000(the highest), which is not flexible HOT 2
- when we watch wrapper resource, sometimes we can not receive event
- shadow api can not access pv which dynamicly created by pvc HOT 9
- Installation issues: How to add other sub-clusters to the parent cluster HOT 6
- Add a None value to ClusterSyncMode HOT 10
- Missing the example to set a valid chartPullSecret HOT 1
- Sub cluster initiated multiple controllers for processing the same resource
- Report the use of components with vulnerabilities in clusternet HOT 1
- Clusternet Helm Chart: Unnecessary RBAC permissions
- Add the AgentVersion field in ManagedClusterStatus HOT 2
- Failed to create cluster HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from clusternet.