Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Init ucp secret at server start #4674

Merged
merged 4 commits into from
Nov 19, 2022
Merged

Init ucp secret at server start #4674

merged 4 commits into from
Nov 19, 2022

Conversation

bjoginapally
Copy link
Contributor

@bjoginapally bjoginapally commented Nov 17, 2022
edited
Loading

Description

This change initializes ucp secret client on startup

Issue reference

Fixes: #3595

Checklist

Please make sure you've completed the relevant tasks for this PR, out of the following list:

  • Code compiles correctly
  • Adds necessary unit tests for change
  • Adds necessary E2E tests for change
  • Unit tests passing
  • Extended the documentation / Created issue for it

@bjoginapally bjoginapally requested a review from a team as a code owner November 17, 2022 00:46
youngbupark
youngbupark reviewed Nov 17, 2022
View reviewed changes
cmd/ucpd/ucp-self-hosted-dev.yaml
@@ -24,6 +24,11 @@ storageProvider:
etcd:
inmemory: true

secretProvider:
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add kuberentes secret for helm chart.

https://github.com/project-radius/radius/blob/main/deploy/Chart/charts/ucp/ucp-config.yaml

And then ensure that ucp service account has secret resource permission.

https://github.com/project-radius/radius/blob/main/deploy/Chart/charts/ucp/templates/serviceaccount.yaml

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for catching this. I have added the config I missed. For the permissions, I added secrets permissions to ucp.dev only, as those will be serving ucp secret

ytimocin
ytimocin reviewed Nov 17, 2022
View reviewed changes
pkg/ucp/frontend/api/server.go Show resolved Hide resolved
pkg/ucp/secret/client.go Outdated Show resolved Hide resolved
pkg/ucp/server/server.go Outdated Show resolved Hide resolved
rynowak
rynowak reviewed Nov 18, 2022
View reviewed changes
deploy/Chart/charts/ucp/templates/serviceaccount.yaml Outdated
@@ -40,6 +40,7 @@ rules:
- ucp.dev
resources:
- resources
- secrets
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This isn't right. Kubernetes secrets are part of the "core" group. We should already have permission to access secrets.

Copy link
Contributor Author

@bjoginapally bjoginapally Nov 18, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

oh thanks clarifying. I will change this back

@bjoginapally bjoginapally requested a review from rynowak November 18, 2022 23:30
@bjoginapally bjoginapally merged commit 3f6df02 into main Nov 19, 2022
@bjoginapally bjoginapally deleted the bjoginapally/ucpsecret branch November 19, 2022 00:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ytimocin ytimocin ytimocin approved these changes

@youngbupark youngbupark Awaiting requested review from youngbupark

@rynowak rynowak Awaiting requested review from rynowak

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add Credential controllers
4 participants
@bjoginapally @rynowak @ytimocin @youngbupark