Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add ability to reference Kubernetes ConfigMap / Secret values from container component #299

Closed
scottkurz opened this issue Jan 12, 2021 · 6 comments
Closed

Add ability to reference Kubernetes ConfigMap / Secret values from container component #299

scottkurz opened this issue Jan 12, 2021 · 6 comments
Labels
area/api Enhancement or issue related to the api/devfile specification future Items in consideration to be added to future spec levels lifecycle/rotten Rotten items. These items have been stale for 60 days and are now closed. lifecycle/stale Stale items. These items have not been updated for 90 days.

Comments

@scottkurz
Copy link
Contributor

scottkurz commented Jan 12, 2021
edited
Loading

Is your feature request related to a problem? Please describe.

As a devfile author, I would like to be able to reference ConfigMap & Secret values defined in the cluster, e.g. a maven repository password.

Describe the solution you'd like

The syntax doesn't fit into the existing devfile schema.

I'd like to see syntax, e.g. like:

Individual variables - Secret

components:
  - name: mycomp
    container:
        env:
        - name: MY_USER
          valueFrom:
            secretKeyRef:
              name: my-secret
              key: user
        - name: MY_PASSWORD
          valueFrom:
            secretKeyRef:
              name: my-secret
              key: password

RELATED VARIANTS

(Starting at JSONPath: components[n].container)

Individual variables - ConfigMap

env:
- name: APP_NAME
  valueFrom:
    configMapKeyRef:
      name: my-app-name
      key: app-name

All variables - Secret

  envFrom:
  - secretRef:
      name: my-secret

All variables - ConfigMap

  envFrom:
  - configMapRef:
      name: my-configmap

Describe alternatives you've considered

  • Building passwords into container images creates a level of exposure.

  • I guess in theory this function could be pushed onto the specific tools' UI but that seems more cumbersome. Plus it misses the opportunity to capture this as an important descriptive property of the devfile.

  • Another approach would be to provide a syntax for "consuming" a secret/configmap value as a "global attribute" (as discussed in: parse plugin component and add component, command and events to the main devfile obj #240). Then for each container env it would simply "consume" the global attr value. I think my suggestion promotes this use case as more of a "first class" scenario so is preferable.

Additional context

I don't understand well enough to appreciate whether this would make sense for another component type besides 'container.... like 'kubernetes'-type or others?
@amisevsk
Copy link
Contributor

amisevsk commented Jan 21, 2021
edited
Loading

I missed this issue when creating #310 but we're talking about similar features (I think).

@scottkurz
Copy link
Contributor Author

scottkurz commented Jan 21, 2021
edited
Loading

Might be good to support envFrom syntax too:

  envFrom:
  - secretRef:
      name: mysecret

UPDATE: added to original proposal.

@scottkurz scottkurz changed the title Add ability to reference Kubernetes Secret values Add ability to reference Kubernetes ConfigMap / Secret values Jan 25, 2021
@scottkurz scottkurz changed the title Add ability to reference Kubernetes ConfigMap / Secret values Add ability to reference Kubernetes ConfigMap / Secret values from container component Jan 26, 2021
@elsony elsony added the area/api Enhancement or issue related to the api/devfile specification label Jan 28, 2021
@scottkurz
Copy link
Contributor Author

@elsony do you think we could put this in the 2.2 milestone list?

@elsony elsony added this to the 2.2 milestone Mar 31, 2021
@elsony
Copy link
Contributor

elsony commented Apr 8, 2022
edited
Loading

Community call discussion 3/28:

  1. Not part of the devfile 2.2 spec. There are some concerns on including this as part of the devfile will make the devfile only work in certain environments. See https://github.com/devfile/devworkspace-operator/blob/main/docs/additional-configuration.md#automatically-mounting-volumes-configmaps-and-secrets for details on how devWorkspace approach this problem.

@elsony elsony removed this from the 2.2 milestone Apr 8, 2022
@elsony elsony added the future Items in consideration to be added to future spec levels label Apr 8, 2022
@l0rd
Copy link
Contributor

l0rd commented Feb 18, 2023

c.f. #1033

@github-actions GitHub Actions
Copy link

This issue is stale because it has been open for 90 days with no activity. Remove stale label or comment or this will be closed in 60 days.

@github-actions github-actions bot added the lifecycle/stale Stale items. These items have not been updated for 90 days. label Jul 20, 2024
@github-actions github-actions bot added the lifecycle/rotten Rotten items. These items have been stale for 60 days and are now closed. label Sep 18, 2024
@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Sep 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/api Enhancement or issue related to the api/devfile specification future Items in consideration to be added to future spec levels lifecycle/rotten Rotten items. These items have been stale for 60 days and are now closed. lifecycle/stale Stale items. These items have not been updated for 90 days.
Projects
Devfile Project
Status: Done ✅
Milestone
No milestone
Development

No branches or pull requests
4 participants
@l0rd @scottkurz @elsony @amisevsk