Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PWB: Support defining sensitive config values via k8s secrets #535

Open
wants to merge 7 commits into
base: main
Choose a base branch
from
Open

PWB: Support defining sensitive config values via k8s secrets #535

wants to merge 7 commits into from
+98 −19

Conversation

pat-s
Copy link
Contributor

@pat-s pat-s commented Jul 19, 2024

Applies to

  • launcherPem
  • secureCookieKey
  • userPassword
  • database.conf

When doing so, the rstudio-secret is skipped and individual mounts containing the above-mentioned secret values are injected.

This PR is breaking as the items listed are now maps and existing deployments would need to migrate from launcherPem: <value> to launcherPem.value: <value>.

I've tested this in a deployment of mine and it works as expected so far.

secureCookieKey:
  existingSecret: secure-cookie-key
launcherPem:
  existingSecret: launcher-pem
config:
  database:
    conf:
      existingSecret: database-conf
userPassword:
  existingSecret: workbench-user-password

The advantage of this approach is that it gives power to the users and makes use of "simple" k8s secrets instead of relying on some chart magic which puts together a bundled secret from plain config values.

related #520 #493

@pat-s pat-s requested review from GCRev, zachhannum and a team as code owners November 7, 2024 18:49
@damienleger-cure51
Copy link

Hello, I would love to see this merged! 🙏

On my setup, helm chart is deployed through ArgoCD and it doesn't support helm lookup function. This lookup function is the one responsible for checking that launcher.pem+secureCookieKey exists, resulting of those secret values regenerated on every ArgoCD sync. Having those to be set only directly on values.yaml currently to fix this situation is a problem for sensitive value.

@jforest jforest removed the request for review from colearendt February 24, 2025 17:49
bschwedler
bschwedler reviewed Feb 25, 2025
View reviewed changes
charts/rstudio-workbench/Chart.yaml
@@ -1,6 +1,6 @@
name: rstudio-workbench
description: Official Helm chart for Posit Workbench
version: 0.8.7
version: 1.0.0
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jforest We will probably want this to be a new minor version

Suggested change
version: 1.0.0
version: 0.9.0

@jforest
Copy link
Contributor

jforest commented Feb 25, 2025

hi @pat-s can you please merge a recent main into this? There have been a lot of changes since july, including the addition of helm unittests to run!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bschwedler bschwedler bschwedler left review comments

@GCRev GCRev GCRev left review comments

@atheriel atheriel Awaiting requested review from atheriel

@zachhannum zachhannum Awaiting requested review from zachhannum zachhannum is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@pat-s @damienleger-cure51 @jforest @bschwedler @GCRev