getporter / kubernetes-plugins Goto Github PK
View Code? Open in Web Editor NEWKubernetes plug in for Porter, enables management of credentials as Kubernetes secrets
Home Page: https://getporter.org/plugins/kubernetes/
License: Apache License 2.0
Kubernetes plug in for Porter, enables management of credentials as Kubernetes secrets
Home Page: https://getporter.org/plugins/kubernetes/
License: Apache License 2.0
When I run make test
locally it always fails with
STEP: tearing down the test environment
STEP: bootstrapping test environment
1.65058046721266e+09 DEBUG controller-runtime.test-env using existing cluster
1.650580467212675e+09 DEBUG controller-runtime.test-env automatically acquiring client configuration
Failure [0.008 seconds]
[BeforeSuite] BeforeSuite
/Users/carolynvs/src/kubernetes-plugins/tests/integration/operator/ginkgo/suite_test.go:42
Unexpected error:
<*errors.errorString | 0x14000118930>: {
s: "unable to grab random port for serving webhooks on: lstat /Users/carolynvs/Library/Caches/kubebuilder-envtest/./port-63025: no such file or directory",
}
unable to grab random port for serving webhooks on: lstat /Users/carolynvs/Library/Caches/kubebuilder-envtest/./port-63025: no such file or directory
occurred
/Users/carolynvs/src/kubernetes-plugins/tests/integration/operator/ginkgo/suite_test.go:51
It's always some % of the parallel tests that fail for me. When they do fail, I can see from the log that they all tried to use the same random port number. I'm not sure if that's the problem, or perhaps we need to call envtest differently to run in parallel safely?
When I force it to run just once, with -p -nodes 1
, then the tests pass. On the CI server, it has only one vCPU so I think it's not actually running in parallel. On my machine there are definitely 4 available cores.
@sgettys @bdegeeter Can you verify that this works on your machine (with multiple cores)?
Currently every secret resolved by the plugin must be stored in its own k8s secret. It would be great to support having multiple resolvable secret values in a single k8s secret.
The k8s plugin should parse the source secret value, and cut it after the first "period". If there is a substring after a period in the source value, then it should be used as the kubernetes secret key. If there isn't a period in the secret name, then the key defaults to "value".
# porter credential set
credentials:
- name: password
source:
secret: secretname.secretkey
The above credential set would result in Porter calling Resolve, passing in a secret key of "secret", and a secret value of "secretname.secretkey". The plugin should look for a k8s secret named "secretname" and return the value of the key "secretkey" defined on that k8s secret.
Porter would like to be able to call SecretProtocol.Create more than once, for example when performing a migration that fails half way through and is repeated. Right now that doesn't work because the implementation for Create uses the Create function. If we instead either looked up the record and did an Update if it already exists, or use Apply, then it would be safe to call multiple times.
Now that the secrets protocol requires support for Create, (and there are upcoming changes to the plugin protocol/framework in getporter/porter#2026), we need to update the k8s plugin to work with the latest version of Porter.
The readme tells you to create a secret with a key named credential but we think it's been changed to value (so that it's more generic for both credentials and parameter sets).
v2 of the setup-go github action does this for us, so we should just update to the newest version of that action.
Originally posted by @carolynvs in #88 (comment)
secret key is not compliant with the kubernetes standard, a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')
Kubernetes has a maximum secret size defined https://github.com/kubernetes/kubernetes/blob/976a940f4a4e84fe814583848f97b9aafcdb083f/pkg/apis/core/types.go#L5207
should we try to compress or segment the value so they can work with the limit?
In #88, the version command was broken. Right now it prints out the following for both a local dev build and a release
$ ./bin/plugins/kubernetes/kubernetes version
kubernetes () by Porter Authors
Cnab-go is on go 1.17 now and that is a hard compilation failure when we are on older versions. In order to upgrade to the most recently patched version of cnab-go, we need to upgrade go.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.