Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ISSUE] RESTAPI_PUSHER_SECRET does not allow you to reference a differently-named k8s Secret #2281

Open
Tracked by #1
jessesimpson36 opened this issue Aug 30, 2024 · 5 comments
Open
Tracked by #1

[ISSUE] RESTAPI_PUSHER_SECRET does not allow you to reference a differently-named k8s Secret #2281

jessesimpson36 opened this issue Aug 30, 2024 · 5 comments
Labels
good first issue Good for newcomers kind/issue Unidentified issue, it could be a bug, misconfig, or anything in between platform/aws Issues related to AWS platform/gcp Issues related to GCP
Milestone
8.7 Release Cycle

Comments

@jessesimpson36
Copy link
Contributor

Describe the issue:

In #644

we wanted to define a configuration that would use existingSecret for all components. one set of secretKeyRef's in the webmodeler restapi appears to not have a configurable secret name.

camunda-platform-helm/charts/camunda-platform-latest/templates/web-modeler/deployment-restapi.yaml

Lines 54 to 68 in e9ffb23

- name: RESTAPI_PUSHER_APP_ID
valueFrom:
configMapKeyRef:
name: {{ include "webModeler.fullname" . }}-configuration
key: pusher-app-id
- name: RESTAPI_PUSHER_KEY
valueFrom:
configMapKeyRef:
name: {{ include "webModeler.fullname" . }}-configuration
key: pusher-app-key
- name: RESTAPI_PUSHER_SECRET
valueFrom:
secretKeyRef:
name: {{ include "webModeler.fullname" . }}
key: pusher-app-secret

A workaround to this would be to set

webModeler:
  restapi:
    env:
      - name: RESTAPI_PUSHER_SECRET
        valueFrom:
          secretKeyRef:
            name: name-of-different-secret
            key: pusher-app-secret

Actual behavior:

RESTAPI_PUSHER_SECRET uses RELEASE-web-modeler for the secret name regardless of whether all existingSecrets are defined explicitly.

Expected behavior:

I expect that I can reference a Secret for any references of secretKeyRef.

How to reproduce:

Logs:

Environment:

Please note: Without the following info, it's hard to resolve the issue and probably it will be closed.

  • Platform:
  • Helm CLI version:
  • Chart version:
  • Values file:
@jessesimpson36 jessesimpson36 added the kind/issue Unidentified issue, it could be a bug, misconfig, or anything in between label Aug 30, 2024
@github-actions github-actions bot added platform/aws Issues related to AWS platform/gcp Issues related to GCP labels Aug 30, 2024
@jessesimpson36
Copy link
Contributor Author

This is related to
#1898 and #2277 and overall product-hub ticket https://github.com/camunda/product-hub/issues/2312

@daniel-ewing
Copy link

Hi @jessesimpson36, have you tested this with CHC 10.3.2? It did not work for me:

image

image

@jessesimpson36
Copy link
Contributor Author

You are referencing the kubectl describe information, which doesn't properly display duplicate environment variables. I would suggest testing the functionality, or exec'ing into the pod to see what environment variable you actually have referenced.

But I admit I have not yet tested this workaround.

@jessesimpson36
Copy link
Contributor Author

I created a secret with

kubectl  create secret generic --from-literal pusher-app-secret=jesseishacker name-of-different-secret

and exec'd into the restapi pod and confirmed the env var is set properly.

~ $ env | grep PUSHER
RESTAPI_PUSHER_SECRET=jesseishacker

I have now tested the workaround.

@daniel-ewing
Copy link

Confirmed the alternate solution in 10.3.2 using:

webModeler:
  restapi:
    env:
      - name: RESTAPI_PUSHER_SECRET
        valueFrom:
          secretKeyRef:
            name: name-of-different-secret
            key: pusher-app-secret

@aabouzaid aabouzaid added the good first issue Good for newcomers label Sep 9, 2024
@aabouzaid aabouzaid mentioned this issue Oct 12, 2024
Open
@aabouzaid aabouzaid added this to the 8.7 Release Cycle milestone Oct 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
good first issue Good for newcomers kind/issue Unidentified issue, it could be a bug, misconfig, or anything in between platform/aws Issues related to AWS platform/gcp Issues related to GCP
Projects
None yet
Milestone
8.7 Release Cycle
Development

No branches or pull requests
3 participants
@aabouzaid @jessesimpson36 @daniel-ewing