Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

do not attempt to mount a cluster secret if none were provided. #265

Merged
merged 1 commit into from
Jun 12, 2024
Merged

do not attempt to mount a cluster secret if none were provided. #265

merged 1 commit into from
Jun 12, 2024

Conversation

jmazzitelli
Copy link
Contributor

part of: kiali/kiali#7187

@jmazzitelli jmazzitelli added the requires operator PR Requires changes to the operator label Jun 11, 2024
@jmazzitelli jmazzitelli self-assigned this Jun 11, 2024
@jmazzitelli
Copy link
Contributor Author

@jmazzitelli jmazzitelli mentioned this pull request Jun 11, 2024
Closed
@jmazzitelli
Copy link
Contributor Author

jmazzitelli commented Jun 11, 2024
edited
Loading

Test Procedures to see the inaccessible clusters will not get a secret mounted on the deployment:

  1. Build the helm charts: make build-helm-charts
  2. Create a /tmp/values.yaml file that has two clusters defined - one accessible, one that is not:
clustering:
  clusters:
  - name: accessible-cluster
    secret_name: the-accessible-cluster-secret
  - name: not-accessible-cluster
  1. Generate the Deployment yaml from the helm template: helm template --show-only templates/deployment.yaml -f /tmp/values.yaml _output/charts/kiali-server-*-SNAPSHOT.tgz

You should not see any volume or volumeMount definitions for anything related to not-accessible-cluster, but you should see the accessible-cluster mount/mountVolume. To more easily see it, if you have yq installed you can do this:

Examine volume mounts - you should NOT see not-accessible-cluster in here but you should see accessible-cluster:

helm template --show-only templates/deployment.yaml -f /tmp/values.yaml _output/charts/kiali-server-*-SNAPSHOT.tgz | yq e '.spec.template.spec.containers[0].volumeMounts'

That results in something like:

- name: kiali-configuration
  configMap:
    name: kiali
- name: kiali-cert
  secret:
    secretName: istio.kiali-service-account
    optional: true
- name: kiali-secret
  secret:
    secretName: kiali
    optional: true
- name: kiali-cabundle
  configMap:
    name: kiali-cabundle
    optional: true
- name: accessible-cluster
  secret:
    secretName: the-accessible-cluster-secret

and similarly for volumes:

helm template --show-only templates/deployment.yaml -f /tmp/values.yaml _output/charts/kiali-server-*-SNAPSHOT.tgz | yq e '.spec.template.spec.volumes'

which results in:

- name: kiali-configuration
  configMap:
    name: kiali
- name: kiali-cert
  secret:
    secretName: istio.kiali-service-account
    optional: true
- name: kiali-secret
  secret:
    secretName: kiali
    optional: true
- name: kiali-cabundle
  configMap:
    name: kiali-cabundle
    optional: true
- name: accessible-cluster
  secret:
    secretName: the-accessible-cluster-secret

@jmazzitelli jmazzitelli requested a review from nrfox June 11, 2024 19:03
@jmazzitelli jmazzitelli merged commit 68f5b92 into kiali:master Jun 12, 2024
1 check passed
@jmazzitelli jmazzitelli deleted the 7187-support-inaccessible-cluster branch June 12, 2024 17:43
jmazzitelli added a commit to jmazzitelli/helm-charts that referenced this pull request Jun 20, 2024
@jmazzitelli
do not attempt to mount a cluster secret if none were provided. (kial…
bfb096e 
…i#265)

part of: kiali/kiali#7187
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nrfox nrfox nrfox approved these changes

Assignees

@jmazzitelli jmazzitelli

Labels
requires operator PR Requires changes to the operator
Projects
Kiali Sprint 25-04 | Kiali v2.7
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jmazzitelli @nrfox