-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[relationships] add edge mount relationship between Hashicorp vault and k8's secrets #10819
base: master
Are you sure you want to change the base?
Conversation
Signed-off-by: Deepak <[email protected]>
add patch strategy and selectors Signed-off-by: Deepak <[email protected]>
Signed-off-by: Deepak <[email protected]>
🥇 |
corrected kind of Secret Signed-off-by: Deepak <[email protected]>
server/meshmodel/k8svault-controller/relationships/edge_relationship.json
Outdated
Show resolved
Hide resolved
server/meshmodel/k8svault-controller/relationships/edge_relationship.json
Outdated
Show resolved
Hide resolved
server/meshmodel/k8svault-controller/relationships/edge_relationship.json
Outdated
Show resolved
Hide resolved
"model": "k8svault-controller", | ||
"patch": { | ||
"patchStrategy": "replace", | ||
"mutatedRef": [ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This field is for the Inventory relationship.
"apiVersion": "vault.infra.doodle.com/v1beta1", | ||
"kind": "Edge", | ||
"metadata": { | ||
"description": "" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please add description.
server/meshmodel/k8svault-controller/relationships/edge_relationship.json
Outdated
Show resolved
Hide resolved
}, | ||
"metadata": {} | ||
}, | ||
"subType": "Mount", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you please ensure that you are specifying the relationship for subType -> Mount? Currently, I don't see any components being mounted.
{ | ||
"kind": "VaultBinding", | ||
"model": "k8svault-controller", | ||
"patch": { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These fields won't work for Mount
relationship.
server/meshmodel/k8svault-controller/relationships/edge_relationship.json
Outdated
Show resolved
Hide resolved
@deepak4566, could you please provide a working proof of this PR? A screen recording would be preferred. |
If you're considering setting up a Mount relationship, I found this resource helpful: https://www.hashicorp.com/blog/injecting-vault-secrets-into-kubernetes-pods-via-a-sidecar. |
Signed-off-by: Deepak <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this supposed to have a third component implicated? Which of the three components is to sit atop the edge?
Will you contrast this against the existing PVC mount relationship?
A description of the relationship is still missing.
A screenshot showing this Relationship in-action is needed. |
Have you tested this relationship? Does it mutate the implicated components as expected? Are you able to deploy Vault and bind the Secret successfully with this relationship? @deepak4566, please demo this at tomorrow's Meshery Dev meeting. Add the agenda, if you would. |
i think at present this relationship doesnt work , before this relationship between secrets i think there is need of some other relationships like mount service account jwt token to vault and role , and many more . |
Notes for Reviewers
This PR fixes #
Signed commits