Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Transmit kubernetes tokens using juju secrets #2

Merged
merged 9 commits into from
Nov 15, 2024
Merged

Transmit kubernetes tokens using juju secrets #2

merged 9 commits into from
Nov 15, 2024

Conversation

addyess
Copy link
Member

@addyess addyess commented Nov 6, 2024
edited
Loading

Overview

  • Introduce a new schema for kube-control which provides auth tokens through juju secrets
  • Charm upgrades will handle migrations to juju secrets in any order of unit upgrades
  • Introduce sharing the ca-certificate of the k8s endpoint via this relation

Details

  • leverages juju secrets to set ca-certificates and auth tokens
  • Requirer charms must be rebuilt to take advantage of the new v1 schema
    • this was intentional to make the library more backwards compatible
    • new libraries SUPPORT v1, but the charm must instruct the library to use it
    • new requirers talking to old providers will still function
  • Provider charms after rebuild will natively take advantage of v1 schema when provider requests it

@addyess addyess force-pushed the KU-1998/use-secrets branch 4 times, most recently from 727de2a to 9430331 Compare November 6, 2024 22:36
@addyess addyess changed the title Transmit kubernetes kubectl tokens using juju secrets Transmit kubernetes tokens using juju secrets Nov 6, 2024
@addyess addyess force-pushed the KU-1998/use-secrets branch 5 times, most recently from 4e60b64 to ea36063 Compare November 7, 2024 19:25
@addyess addyess force-pushed the KU-1998/use-secrets branch from ea36063 to 1a431be Compare November 7, 2024 19:31
@addyess addyess force-pushed the KU-1998/use-secrets branch from f5f5971 to 16bbb0a Compare November 7, 2024 22:04
This was referenced Nov 12, 2024
Merged
Merged
@addyess addyess mentioned this pull request Nov 13, 2024
Merged
@addyess addyess requested a review from mateoflorido November 15, 2024 15:37
mateoflorido
mateoflorido approved these changes Nov 15, 2024
View reviewed changes
Copy link
Member

@mateoflorido mateoflorido left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! I have a couple of comments and suggestions, feel free to disregard if they’re not relevant

ops/ops/interface_kube_control/model.py Outdated Show resolved Hide resolved
ops/ops/interface_kube_control/provides.py
ca_certificate str: The CA certificate in PEM format.
"""
content = {"ca-certificate": ca_certificate}
secret = self.refresh_secret_content(
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice, thanks for setting it as a secret

ops/ops/interface_kube_control/provides.py
Comment on lines +190 to +192
tokens.client_token = ""
tokens.kubelet_token = ""
tokens.proxy_token = ""
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we set this to "", it will still be parsed into the dict and json representation. If that's okay, we can leave it as is. However, if we want to omit these values, we should set them to None instead

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll document here why they must be filled with something

@addyess addyess force-pushed the KU-1998/use-secrets branch from b42267f to 91ccb3c Compare November 15, 2024 22:05
mateoflorido
mateoflorido approved these changes Nov 15, 2024
View reviewed changes
Copy link
Member

@mateoflorido mateoflorido left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Thanks for adding a revoking mechanism.

@addyess addyess merged commit edc07bc into main Nov 15, 2024
5 checks passed
@addyess addyess deleted the KU-1998/use-secrets branch November 15, 2024 22:15
This was referenced Dec 19, 2024
Open
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mateoflorido mateoflorido mateoflorido approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@addyess @mateoflorido