Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create Helm chart for Secret Storage Backend and support default secret provider #653

Merged
merged 5 commits into from
Mar 3, 2022
Merged

Create Helm chart for Secret Storage Backend and support default secret provider #653

merged 5 commits into from
Mar 3, 2022

Conversation

pkosiec
Copy link
Member

@pkosiec pkosiec commented Mar 2, 2022
edited
Loading

Description

Changes proposed in this pull request:

  • Support default provider for secret store backend
  • Create Helm chart for Secret Storage Backend
    • Store additional environments in secret
  • Use the latest Teller (instead of my fork)

Notes

As agreed, the Helm chart has been placed inside deploy/kubernetes/charts. The consequence is that it will be equally versioned as our other Helm charts.
This chart is not installed by default and will be installed with Capact Action (PR coming soon).

Testing

  1. Check out this branch.
  2. Run any Kubernetes cluster (it doesn't to be Capact, but ensure the capact-system namespace exists). You can run such with capact env create kind, and then execute kubectl create ns capact-system.

Dotenv

Install the Helm chart:

helm install dotenv -n capact-system ./deploy/kubernetes/charts/secret-storage-backend --set=global.containerRegistry.path="ghcr.io/capactio/pr" --set=global.containerRegistry.overrideTag="PR-653" --set=supportedProviders={dotenv} --wait

Do the port forwarding:

kubectl -n capact-system port-forward svc/dotenv-secret-storage-backend 50051:50051

Run both scenarios of the smoke test (with and without the request context):

GRPC_SECRET_STORAGE_BACKEND_ADDR=":50051" go test ./pkg/hub/api/grpc/storage_backend -v -count 1

AWS

Create AWS security credentials with SecretsManagerReadWrite policy and export the environment variables:

export AWS_ACCESS_KEY_ID="{accessKey}"
export AWS_SECRET_ACCESS_KEY="{secretKey}"

Create file:

cat > /tmp/aws-values.yaml << ENDOFFILE
global:
  containerRegistry:
    path: ghcr.io/capactio/pr
    overrideTag: "PR-653"
supportedProviders:
  - "aws_secretsmanager"
additionalEnvs:
  AWS_DEFAULT_REGION: "eu-west-1"
  AWS_ACCESS_KEY_ID: "${AWS_ACCESS_KEY_ID}"
  AWS_SECRET_ACCESS_KEY: "${AWS_SECRET_ACCESS_KEY}"
ENDOFFILE

Install the Helm chart:

helm install aws -n capact-system ./deploy/kubernetes/charts/secret-storage-backend -f /tmp/aws-values.yaml --wait

Do the port forwarding:

kubectl -n capact-system port-forward svc/aws-secret-storage-backend 50051:50051

Export env variable with custom, unique TypeInstance ID, which will be used for the test:

export TYPEINSTANCE_ID="bc387c6c-2580-46e8-aa1f-0e8f630951d" # this one has not been used during last 7 days... yet 😄

Run the smoke test without the request context:

GRPC_SECRET_STORAGE_BACKEND_ADDR=":50051" go test ./pkg/hub/api/grpc/storage_backend -run "^TestNewStorageBackendClient_WithDefaultProvider$" -v -count 1

Cleanup

Run:

helm del -n capact-system dotenv aws

Related issue(s)

See #647

@pkosiec pkosiec added enhancement New feature or request WIP Work in progress area/hub Relates to Hub labels Mar 2, 2022
@pkosiec pkosiec changed the title Use secret storage backend Create Helm chart for Secret Storage Backend and support default secret provider Mar 2, 2022
@pkosiec pkosiec removed the WIP Work in progress label Mar 2, 2022
@mkuziemko mkuziemko self-assigned this Mar 3, 2022
mkuziemko
mkuziemko approved these changes Mar 3, 2022
View reviewed changes
Copy link

@mkuziemko mkuziemko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Really great work, I didn't spot even any suggestions to apply 🚀

@pkosiec pkosiec enabled auto-merge (squash) March 3, 2022 12:47
@pkosiec pkosiec disabled auto-merge March 3, 2022 13:22
@pkosiec pkosiec merged commit 8ae1909 into capactio:main Mar 3, 2022
@pkosiec pkosiec deleted the use-secret-storage-backend branch March 3, 2022 13:23
@pkosiec pkosiec mentioned this pull request Mar 14, 2022
Closed
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mkuziemko mkuziemko mkuziemko approved these changes

@tmitchell tmitchell Awaiting requested review from tmitchell tmitchell is a code owner

@mszostok mszostok Awaiting requested review from mszostok mszostok is a code owner

Assignees

@mkuziemko mkuziemko

Labels
area/hub Relates to Hub enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@pkosiec @mkuziemko