Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[relationships] add edge mount relationship between Hashicorp vault and k8's secrets #10819

Draft
wants to merge 11 commits into
base: master
Choose a base branch
from
Draft

[relationships] add edge mount relationship between Hashicorp vault and k8's secrets #10819

wants to merge 11 commits into from

Conversation

deepak4566
Copy link
Member

@deepak4566 deepak4566 commented Apr 30, 2024
edited

Notes for Reviewers

This PR fixes #

Signed commits

  • Yes, I signed my commits.

@github-actions github-actions bot added component/server area/models Models, Components, Relationships related changes labels Apr 30, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Apr 30, 2024
edited

@deepak4566
Update edge_relationship.json
a73fe13 
add patch strategy and selectors 

Signed-off-by: Deepak <[email protected]>
@leecalcote leecalcote requested review from MUzairS15 and removed request for pandeyshubham03 May 1, 2024 23:04
@leecalcote
Copy link
Member

🥇

RipulHandoo
RipulHandoo suggested changes May 7, 2024
View reviewed changes
server/meshmodel/k8svault-controller/relationships/edge_relationship.json Outdated Show resolved Hide resolved
server/meshmodel/k8svault-controller/relationships/edge_relationship.json Outdated Show resolved Hide resolved
server/meshmodel/k8svault-controller/relationships/edge_relationship.json Outdated Show resolved Hide resolved
server/meshmodel/k8svault-controller/relationships/edge_relationship.json Outdated
"model": "k8svault-controller",
"patch": {
"patchStrategy": "replace",
"mutatedRef": [
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This field is for the Inventory relationship.

server/meshmodel/k8svault-controller/relationships/edge_relationship.json Outdated
"apiVersion": "vault.infra.doodle.com/v1beta1",
"kind": "Edge",
"metadata": {
"description": ""
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add description.

server/meshmodel/k8svault-controller/relationships/edge_relationship.json Outdated Show resolved Hide resolved
server/meshmodel/k8svault-controller/relationships/edge_relationship.json Outdated
},
"metadata": {}
},
"subType": "Mount",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you please ensure that you are specifying the relationship for subType -> Mount? Currently, I don't see any components being mounted.

server/meshmodel/k8svault-controller/relationships/edge_relationship.json Outdated
{
"kind": "VaultBinding",
"model": "k8svault-controller",
"patch": {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These fields won't work for Mount relationship.

server/meshmodel/k8svault-controller/relationships/edge_relationship.json Outdated Show resolved Hide resolved
@RipulHandoo
Copy link
Contributor

@deepak4566, could you please provide a working proof of this PR? A screen recording would be preferred.

@RipulHandoo
Copy link
Contributor

If you're considering setting up a Mount relationship, I found this resource helpful: https://www.hashicorp.com/blog/injecting-vault-secrets-into-kubernetes-pods-via-a-sidecar.
It offers guidance on injecting Vault secrets into Kubernetes pods via a sidecar. Just a heads-up, this is just one reference among many available. Feel free to explore other documentation and resources as well.

leecalcote
leecalcote requested changes May 14, 2024
View reviewed changes
Copy link
Member

@leecalcote leecalcote left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this supposed to have a third component implicated? Which of the three components is to sit atop the edge?

Will you contrast this against the existing PVC mount relationship?

A description of the relationship is still missing.

@leecalcote
Copy link
Member

A screenshot showing this Relationship in-action is needed.

@leecalcote
Copy link
Member

Have you tested this relationship? Does it mutate the implicated components as expected? Are you able to deploy Vault and bind the Secret successfully with this relationship?

@deepak4566, please demo this at tomorrow's Meshery Dev meeting. Add the agenda, if you would.

@deepak4566
Copy link
Member Author

Have you tested this relationship? Does it mutate the implicated components as expected? Are you able to deploy Vault and bind the Secret successfully with this relationship?

@deepak4566, please demo this at tomorrow's Meshery Dev meeting. Add the agenda, if you would.

i think at present this relationship doesnt work , before this relationship between secrets i think there is need of some other relationships like mount service account jwt token to vault and role , and many more .

@deepak4566 deepak4566 marked this pull request as draft May 15, 2024 11:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@leecalcote leecalcote leecalcote requested changes

@RipulHandoo RipulHandoo RipulHandoo requested changes

@MUzairS15 MUzairS15 Awaiting requested review from MUzairS15

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
area/models Models, Components, Relationships related changes component/server
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@deepak4566 @leecalcote @RipulHandoo