-
Notifications
You must be signed in to change notification settings - Fork 7
Conversation
/azp run |
Azure Pipelines successfully started running 1 pipeline(s). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks great @MChorfa ! A few comments to tend to, but otherwise looking good.
Hi @vdice, cafile: "path/to/cafile"
certfile: "path/to/certfile"
keyfile: "path/to/keyfile"
username: "username"
password: "password" I tried to define them via credentials block into the porter file, but, at build it doesn't seem to pick it up. mixins:
- helm:
repositories:
stable:
url: "https://kubernetes-charts.storage.googleapis.com"
username: "$${HELM_USERNAME}"
password: "$${HELM_PASSWORD}"
name: helm-mysql
version: 0.1.0
tag: getporter/helm-mysql:v0.1.0
credentials:
- name: kubeconfig
path: /root/.kube/config
- name: helm_username
env: "HELM_USERNAME"
- name: helm_password
env: "HELM_PASSWORD" I tried also with : |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Tested this branch and works great! Had a few more comments...
Ah, right. Interpolation of creds (via e.g. |
Apologies for my yaml indentation, my formatting tool is not working well
@MChorfa brainstorming on the username/password issue. For a workaround, we could go the route of adding files for both, just like the potential files for CA.cert/key, etc. Assuming the files of mixins:
- helm:
repositories:
brigadecore:
url: "https://brigadecore.github.io/charts"
username: '"$(cat /repo-username)"'
password: '"$(cat /repo-password)"' The Dockerfile then shows:
Do you have a private Helm chart repo you can test this approach with? It's still not ideal, but could be a good way to document for the time being and still get your additions/support for these fields in now. Then, we can decide on follow-up work for better UX, etc. |
I can't reply to your comment directly ? |
No i don't have a private helm repo... will setup one like chartmuseum next. |
Does this mean that we have to embed the creds file into the invocation image? |
Indeed, it would :( The invocation image would need to be private. Not the best solution. I'll keep brainstorming... |
The ideal way is to have |
Agreed. So, it sounds like we have a few potential follow-ups:
|
Yes, I completely agree with your strategy. |
Good idea. Perhaps we check if any of the fields have |
@MChorfa Actually, I think we'll move forward with creating issues for build-time credential injection/interpolation, so perhaps we can hold off on the user warning/error if we'll have support in the near future. I'll update with a link to the ticket(s) once created. |
Hi @vdice, So this PR will be merged? In the meantime, I am planning to start the implementation to support the same logic in [ install.go, upgrade.go, uninstall.go ] actions, etc. WDYT? |
Yes, let's proceed with merging this PR... lemme re-run CI and take a final look. As for the second question, Do we think adding support for the same logic in the standard actions will be useful after we have build-time support for credentials? |
/azp run |
Azure Pipelines successfully started running 1 pipeline(s). |
I was thinking about the transitive charts? |
@MChorfa Oh, perhaps for a bundle that itself stood up a chart repository and then further along needed to log into it? Anyways, if you get a chance, can you file an issue for what you envision the follow-up looking like? Thank you! |
HI @vdice, |
#60 (comment)