default to quay based observability resources #279
Conversation
Would the credentials to be able to get the quay image need to be set somehow in kas installer? |
|
@miguelsorianod No, the KFM creates the image pull secret in the Observability namespace to pull that image. |
How/Where does the KFM get the content for the image pull secret? |
|
it's the same dockerconfig.json that also gets added to the FSO namespace, KFM gets it from the service secret in Vault. We have added permissions to the resources repo to the robot account used in there. |
And KAS Installer gets it from the service secret in Vault? |
The pull secret is created by the installer in |
Then my original question still applies, would the credentials, which we now know are set by kas installer, be able to get the quay image from the quay repository that contains the observability config? |
|
A few additional notes for when bf2fc6cc711aee1a0c2a/kas-fleet-manager#1647 is merged:
|
e2e-test-config.sh
Outdated
| @@ -75,7 +75,6 @@ fi | |||
| cat <<EOF | |||
| { | |||
| "LAUNCH_KEY": "${USER}", | |||
| "GITHUB_TOKEN": "${OBSERVABILITY_CONFIG_ACCESS_TOKEN}", | |||
There was a problem hiding this comment.
Do we know what GITHUB_TOKEN is used for? Are we sure it is only used for the part around observability config retrieval?
There was a problem hiding this comment.
If I understand this part of the installer code correctly, it was only printing the configuration summary. There are no other references to GITHUB_TOKEN inside the KAS Installer.
There was a problem hiding this comment.
I am not sure of that. It is true that it prints to stdout but in kas-installer the output of the scripts is reused for other elements sometimes.
See https://github.com/bf2fc6cc711aee1a0c2a/kas-installer/blob/main/README.md#running-e2e-test-suite-experimental where it seems the output of that script is used as some kind of configuration
pb82
force-pushed
the
observability-operator-v4.2.0-prep
branch
from
081df37 to
3e493cc
Compare
pb82
changed the title
|
The changes look good to me. However, we will need to continue the remaining cleanup of kas-installer and the pipelines with @MikeEdgar , as we still see some remaining elements to be cleant. |
With the coming version of KFM, the observability configuration changes and the observability resources are now obtained from quay instead of Github.
OBSERVABILITY_CONFIG_ACCESS_TOKENis no longer used. Github based resources are still supported, but the access token has to be provided as part of a new config file.Instead, I would suggest to just update the KAS Installer to the new quay location.
NOTE: this can only be merged, once bf2fc6cc711aee1a0c2a/kas-fleet-manager#1647 has landed. The KFM Git ref also needs to be updated one available.