Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Secret name #1

Open
tomasz2101 opened this issue Jul 30, 2019 · 8 comments
Open

Secret name #1

tomasz2101 opened this issue Jul 30, 2019 · 8 comments

Comments

@tomasz2101
Copy link

Hi,
i want to understand why are you trying to use lastpass id in secret name?
With deployment that will try to use that secret you will need to first create that secret and later assign it to deployment.
@niqdev
Copy link
Member

niqdev commented Jul 30, 2019
edited
Loading

Hi, thanks for your interest in this project!

Well, I got what you mean, but the problem as you can see here, is that the secret name is not unique in lastpass.

Do you have any suggestion/recommendation?

Also, correct me if I'm wrong, but wouldn't kubernetes internal reconcile loop continue to try to "recreate" a deployment for example, until the secret will become available? Am I wrong?

@tomasz2101
Copy link
Author

You have a point if you will let user create multi secrets with same name and group.

Maybe it would be a nice option to let user choose in lastpass resource if name should be generated based on lastpass id.

From developer point of view I shouldn't be forced to look into lastpass database to get full name of secret? I'm not sure if this is valid statment but it seems like lots of steps to get secret. Also that would require lastpass cli on your local machine to be able to see that id.

K8s will wait with pod for secret.

@tomasz2101
Copy link
Author

btw very nice code and good job 👏

@niqdev
Copy link
Member

niqdev commented Jul 31, 2019

You made a good point regarding the secret name/id. I'll keep the issue open for future reference and think about it... let me know if you have better ideas.
Thanks!

@tomasz2101
Copy link
Author

I've slightly modified your code to remove id from name but i was thinking if there should be an extra option like syncPolicy in LastPass resource to controll this name.

Also in kustomize you have something like secretGenerator which will add hash after secret name. It will look like name-secrets-c7622f8d2h. Hash is changed if secret was updated.
If hash will be changed pod should be restarted.

I haven't tested yet what will happen if secret will be updated. Should pod be restarted?

@niqdev
Copy link
Member

niqdev commented Jul 31, 2019
edited
Loading

So, regarding the name, you must find a way to enforce that the secret will be unique since the API returns an array, which I'm not sure is possible from the UI or order them in a deterministic way and pick always the first for example.

I'm not familiar with kustomize unfortunately, can't help much on that.

Regarding the restart I don't think it the logic should be embedded in the operator, cos in my case I'm using ArgoCD which provides directly Automated Sync Policy. I will try to link in the readme an example with argo

@tomasz2101
Copy link
Author

ArgoCD will not restart pod if secret was changed. Im using it and it doesnt have that option.

@niqdev
Copy link
Member

niqdev commented Aug 13, 2019

Thanks for the feedback, can you show me an example of how did you declared your resource?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@niqdev @tomasz2101