You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2022/10/21 08:48:33 UTC

[GitHub] [pulsar-helm-chart] MarkusNeuron opened a new issue, #327: Kubernetes compliant token secret names as volume mounts

MarkusNeuron opened a new issue, #327:
URL: https://github.com/apache/pulsar-helm-chart/issues/327

   **Is your feature request related to a problem? Please describe.**
   At the moment the charts render the token secret volume directly derived from .Values.auth.superUsers.x for the [broker](https://github.com/apache/pulsar-helm-chart/blob/816d88c942e5f1d13e1f11d67708dd16aa02c388/charts/pulsar/templates/broker-statefulset.yaml#L280), the [proxy-](https://github.com/apache/pulsar-helm-chart/blob/816d88c942e5f1d13e1f11d67708dd16aa02c388/charts/pulsar/templates/proxy-statefulset.yaml#L264) and the [toolset-](https://github.com/apache/pulsar-helm-chart/blob/816d88c942e5f1d13e1f11d67708dd16aa02c388/charts/pulsar/templates/toolset-statefulset.yaml#L109)stateful sets.
   
   Because the superUsers configuration represents a token subscription that is issued by an IDP there is no control over the syntax of this value. e.g. "sub": "NR_CO_PROD_ADM_M2M-T"
   
   For values not compliant to Kubernetes metadata.name syntax value will break the deployment.
   
   **Describe the solution you'd like**
   To add more robustness I propose to introduce a simple transformation to lowercase + kebabcase like:
   
   ```helm
   secretName: "{{ .Release.Name }}-token-{{ .Values.auth.superUsers.broker | lower | kebabcase }}"
   ``` 
   
   This will cover most of the edge cases.
   
   **Describe alternatives you've considered**
   A even more generic approach to make the configured string value metadata.name compliant. Not aware of any.
   
   **Additional context**
   Deployments fails by try to mount a volume secret named like
   
   ```yaml
     - name: client-token
       secret:
         secretName: pulsar-token-NR_CO_PROD_ADM_M2M-T
   ```


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org