Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: CE-1078 persist secret content changes between rollouts #698

Open
wants to merge 16 commits into
base: release/lions-mane-jellyfish
Choose a base branch
from
Open

fix: CE-1078 persist secret content changes between rollouts #698

wants to merge 16 commits into from
+27 −3

Conversation

jon-funk
Copy link

@jon-funk jon-funk commented Oct 8, 2024
edited by github-actions bot
Loading

Description

Allows developers to change the service-specific secret values for testing, and have those values persist between helm installs / re-deploys. Secrets are cleaned up on PR close still.

Fixes # (issue)

How Has This Been Tested?

Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration

  • Tested PR close trigger, verified secrets are cleaned up with other workloads on close
  • Verified that secrets now have the helm.sh/resource-policy: keep annotation, and persist between deploys

Checklist

  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes

Further comments

Thanks for the PR!

Deployments, as required, will be available below:

Please create PRs in draft mode. Mark as ready to enable:

After merge, new images are deployed in:

Thanks for the PR!

Deployments, as required, will be available below:

Please create PRs in draft mode. Mark as ready to enable:

After merge, new images are deployed in:

@jon-funk jon-funk added bug Something isn't working invalid This doesn't seem right labels Oct 8, 2024
@jon-funk jon-funk marked this pull request as ready for review October 8, 2024 20:05
@jon-funk jon-funk changed the base branch from main to release/lions-mane-jellyfish October 8, 2024 20:14
@jon-funk
Copy link
Author

jon-funk commented Oct 8, 2024

Closing to test cleanup

@jon-funk jon-funk closed this Oct 8, 2024
@jon-funk jon-funk reopened this Oct 11, 2024
@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Oct 11, 2024

Please retry analysis of this Pull-Request directly on SonarCloud

mishraomp
mishraomp reviewed Oct 11, 2024
View reviewed changes
charts/app/templates/_helpers.tpl
@@ -43,5 +43,6 @@ Selector labels
{{- define "selectorLabels" -}}
app.kubernetes.io/name: {{ include "fullname" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app: {{ .Release.Name }}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do we need this new label?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's so that this label variant of the cleanup action can be re-used here

nr-compliance-enforcement/.github/workflows/pr-close.yml

Line 23 in 762d121

cleanup-labeled:

As the helm pr-close here https://github.com/bcgov/quickstart-openshift-helpers/blob/main/.github/workflows/.pr-close.yml#L161 does not allow flag passthrough. Specificaly in this case global.secrets.persist=false as the dev team would like secret workloads to persist in their dev environments.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

changes to their secret workloads to persist between deployments*

Copy link
Collaborator

@mishraomp mishraomp Oct 11, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lets discuss this, as clean up with label will make helm to stick around with secret objects, @DerekRoberts and I can look at the helper function to add in necessary flags as needed or we can add you as a collaborator on those repos :)

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am sorry.
I misunderstood the change, I see now, that you are cleaning up with helm then with label to make sure the persisted secret is deleted with labels, as helm wont delete them during uninstall

I will keep that into our helper as a backlog item, so we don't do twice cleanups :)

@jon-funk
Copy link
Author

Closing to test cleanup

@jon-funk jon-funk closed this Oct 11, 2024
@jon-funk jon-funk reopened this Oct 11, 2024
@jon-funk jon-funk removed the invalid This doesn't seem right label Oct 11, 2024
@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Oct 11, 2024

Quality Gate Passed Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mishraomp mishraomp mishraomp left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jon-funk @mishraomp