getporter / kubernetes-plugins Goto Github PK

When I run make test locally it always fails with

STEP: tearing down the test environment


STEP: bootstrapping test environment
1.65058046721266e+09	DEBUG	controller-runtime.test-env	using existing cluster
1.650580467212675e+09	DEBUG	controller-runtime.test-env	automatically acquiring client configuration


Failure [0.008 seconds]
[BeforeSuite] BeforeSuite
/Users/carolynvs/src/kubernetes-plugins/tests/integration/operator/ginkgo/suite_test.go:42

  Unexpected error:
      <*errors.errorString | 0x14000118930>: {
          s: "unable to grab random port for serving webhooks on: lstat /Users/carolynvs/Library/Caches/kubebuilder-envtest/./port-63025: no such file or directory",
      }
      unable to grab random port for serving webhooks on: lstat /Users/carolynvs/Library/Caches/kubebuilder-envtest/./port-63025: no such file or directory
  occurred

  /Users/carolynvs/src/kubernetes-plugins/tests/integration/operator/ginkgo/suite_test.go:51

It's always some % of the parallel tests that fail for me. When they do fail, I can see from the log that they all tried to use the same random port number. I'm not sure if that's the problem, or perhaps we need to call envtest differently to run in parallel safely?

When I force it to run just once, with -p -nodes 1, then the tests pass. On the CI server, it has only one vCPU so I think it's not actually running in parallel. On my machine there are definitely 4 available cores.

@sgettys @bdegeeter Can you verify that this works on your machine (with multiple cores)?

Currently every secret resolved by the plugin must be stored in its own k8s secret. It would be great to support having multiple resolvable secret values in a single k8s secret.

The k8s plugin should parse the source secret value, and cut it after the first "period". If there is a substring after a period in the source value, then it should be used as the kubernetes secret key. If there isn't a period in the secret name, then the key defaults to "value".

# porter credential set
credentials:
  - name: password
    source:
      secret: secretname.secretkey

The above credential set would result in Porter calling Resolve, passing in a secret key of "secret", and a secret value of "secretname.secretkey". The plugin should look for a k8s secret named "secretname" and return the value of the key "secretkey" defined on that k8s secret.

Porter would like to be able to call SecretProtocol.Create more than once, for example when performing a migration that fails half way through and is repeated. Right now that doesn't work because the implementation for Create uses the Create function. If we instead either looked up the record and did an Update if it already exists, or use Apply, then it would be safe to call multiple times.

Now that the secrets protocol requires support for Create, (and there are upcoming changes to the plugin protocol/framework in getporter/porter#2026), we need to update the k8s plugin to work with the latest version of Porter.

• Add Create method to the secrets plugin.
• Fix build to work with latest version of Porter
• Update documentation on the README and on https://release-v1.porter.sh/plugins/kubernetes/

The readme tells you to create a secret with a key named credential but we think it's been changed to value (so that it's more generic for both credentials and parameter sets).

v2 of the setup-go github action does this for us, so we should just update to the newest version of that action.

Originally posted by @carolynvs in #88 (comment)

secret key is not compliant with the kubernetes standard, a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')

Kubernetes has a maximum secret size defined https://github.com/kubernetes/kubernetes/blob/976a940f4a4e84fe814583848f97b9aafcdb083f/pkg/apis/core/types.go#L5207
should we try to compress or segment the value so they can work with the limit?

In #88, the version command was broken. Right now it prints out the following for both a local dev build and a release

$ ./bin/plugins/kubernetes/kubernetes version
kubernetes  () by Porter Authors

Cnab-go is on go 1.17 now and that is a hard compilation failure when we are on older versions. In order to upgrade to the most recently patched version of cnab-go, we need to upgrade go.