Cluster-api: Bootstrap controllers should set `Spec.Type` when creating and reading Secrets

Created on 25 Feb 2020  路  4Comments  路  Source: kubernetes-sigs/cluster-api

Bootstrap controllers create a Secret in v1alpha3 https://github.com/kubernetes-sigs/cluster-api/blob/eea0aa1c4197d92ab4de3c4c631229ae6877b3bd/bootstrap/kubeadm/controllers/kubeadmconfig_controller.go#L692.

Secrets have a Type field https://godoc.org/k8s.io/api/core/v1#Secret which can be optionally set.

  • Create new secret type, e.g. bootstrap.cluster.x-k8s.io/data, add it to api/v1alpha3 in Cluster API.
  • Change the bootstrap controller create the secret using this type.
  • Update the v1alpha2-to-v1alpha3.md document and ask provider to only read bootstrap data secrets that have this type set.

As a follow-up:

  • Make sure that controllers (like CAPA) that read this secret, make sure to only read this type (tbd what this looks like).

/kind documentation
/milestone v0.3.0
/priority important-soon
/help

help wanted kindocumentation lifecyclactive prioritimportant-soon
Source
picture vincepri

All 4 comments

@vincepri:
This request has been marked as needing help from a contributor.

Please ensure the request meets the requirements listed here.

If this request no longer meets these requirements, the label can be removed
by commenting with the /remove-help command.

In response to this:

Bootstrap controllers create a Secret in v1alpha3 https://github.com/kubernetes-sigs/cluster-api/blob/eea0aa1c4197d92ab4de3c4c631229ae6877b3bd/bootstrap/kubeadm/controllers/kubeadmconfig_controller.go#L692.

Secrets have a Type field https://godoc.org/k8s.io/api/core/v1#Secret which can be optionally set.

  • Create new secret type, e.g. bootstrap.cluster.x-k8s.io/data, add it to api/v1alpha3 in Cluster API.
  • Change the bootstrap controller create the secret using this type.

As a follow-up:

  • Make sure that controllers (like CAPA) that read this secret, make sure to only read this type (tbd what this looks like).

/kind documentation
/milestone v0.3.0
/priority important-soon
/help

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

k8s-ci-robot picture k8s-ci-robot on 25 Feb 2020

I can work on this if no one has objections 馃檪
/assign

wfernandes picture wfernandes on 25 Feb 2020
👍1

/lifecycle active

wfernandes picture wfernandes on 26 Feb 2020

re: auth. an impresionator can potentially match the SecretType as well, so from my POV this seems to serve the ownership distinction purpose.

neolit123 picture neolit123 on 26 Feb 2020
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

rsmitty picture rsmitty  路  5Comments
wfernandes picture wfernandes  路  5Comments
jsturtevant picture jsturtevant  路  5Comments
chuckha picture chuckha  路  4Comments
vincepri picture vincepri  路  5Comments