-
Notifications
You must be signed in to change notification settings - Fork 17
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update user.toml path and example images #172
Conversation
I would like to see a test for configuration updates as part of this PR, wdyt? |
@lilic what kind of tests were you thinking of? |
@asymmetric Similar as we already have for initial config, but this to make sure config updates work and will always work despite the fact we change something. |
I'd keep that for a separate PR. I don't see a very strong correlation between this PR and tests for Also, this PR is blocking the release. Or do you mean that we should have the tests before we release? Either way, I'd keep the two things separate. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good I think.
examples/config/habitat.yml
Outdated
# expects that encoding. | ||
# Plain text content: protected-mode = "no" | ||
user.toml: cHJvdGVjdGVkLW1vZGUgPSAibm8i | ||
# Each item needs to be base64-encoded in base64. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The reason why I went with the protected-mode, instead of port number was that we can see a different message when visiting <cluster_ip>:30001. With protected mode set by default to "yes", we get a message about Redis being locked down. With our user.toml override, we could see something else.
But in the end, changing the port number is also fine - you documented that below in the Service part.
examples/config/README.md
Outdated
@@ -1,6 +1,6 @@ | |||
# Initial configuration | |||
|
|||
This example demostrates how initial configuration works with the Habitat operator. With the manifest file we deploy a Redis Habitat service. | |||
This example demonstrates how initial configuration works with the Habitat operator. With the manifest file we deploy a Redis Habitat service. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd be against fixing the typo - the word with the typo sounds like a Greek name and we need some greek reference, because Kubernetes.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm actually against it but for a very different reason: it's not relevant to this patch. :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh I see that it is relevant, cause such a vague/broad commit log verb. :D
Filed an issue for adding a test for config updates, so we won't forget that. |
examples/bind-config/habitat.yml
Outdated
user.toml: cG9ydCA9IDQ0NDQ= | ||
--- | ||
apiVersion: habitat.sh/v1 | ||
kind: Habitat | ||
kind: Habitat |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
irrelevant change. Separate patch for fixing formatting please
@@ -10,6 +10,6 @@ After the Habitat operator is up and running, execute the following command from | |||
kubectl create -f examples/bind/habitat.yml | |||
``` | |||
|
|||
This will deploy two `Habitat`s, a simple HTTP server written in Go that will be bound to a PostgreSQL database. The Go server will display the port number the database listens on. | |||
This will deploy two `Habitat`s, a simple HTTP server written in Go that will be bound to a Redis database. The Go server will display the port number the database listens on. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we really call the services or apps as "habitats"?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, the naming is a bit weird. In Habitat they're services, but the CRD is Habitat, so same as we say ConfigMaps, I think we're justified to say Habitats.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not sure I agree and it sounds strange but OK. :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
bound to a Redis instance. By default, the Redis database instance would [listen | ||
on port | ||
6379](https://github.com/habitat-sh/core-plans/blob/7bc934c31e92c959aea0444671900c57c23d5265/redis/default.toml#L3), | ||
but we change this with the configuration stored in the `user-toml`. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
in the commit log it's "user.toml", but here it's with a dash.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's with a dash because what I'm pointing at here is the Kubernetes Secret named user-toml
, rather than the filename under which the Secret is mounted in the Pod.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't get the log message " Remove stutter", what's stutter?
pkg/controller/controller.go
Outdated
@@ -715,7 +715,7 @@ func (hc *HabitatController) newDeployment(h *habv1.Habitat) (*appsv1beta1.Deplo | |||
Name: initialConfigFilename, | |||
// The Habitat supervisor creates a directory for each service under /hab/svc/<servicename>. | |||
// We need to place the user.toml file in there in order for it to be detected. | |||
MountPath: fmt.Sprintf("/hab/svc/%s/%s", h.Spec.Service.Name, userTOMLFile), | |||
MountPath: fmt.Sprintf("/hab/user/%s/config/%s", h.Spec.Service.Name, userTOMLFile), | |||
SubPath: userTOMLFile, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We need to get rid of this line.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The SubPath thing should be dropped.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As you know, I'm usually pretty big on atomic commits but I would have put all "postgresql -> redis" changes in one commit as it seems very much like one logical change, even if a big one affecting different files.
examples/encrypted/README.md
Outdated
|
||
``` | ||
kubectl delete secret your-secret-name | ||
``` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
but we are not teaching k8s, just giving them a direct command to use so they don't have to look it up just for this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah but this is basic stuff, and it's also orthogonal: create/delete work across all resources. If you don't know how to do CRUD operations on a resource, I don't think you should delve into operators yet..
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
But I mean, I can add it back.. I just think it's useless, as virtually 100% of people reading this will know how to do it.
@@ -1,7 +1,7 @@ | |||
apiVersion: v1 | |||
kind: Secret | |||
metadata: | |||
name: user-toml-secret | |||
name: user-toml |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for explaining what "stutter" is but i don't see any repetition here in the name.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In this case, a Service whose name ends in -service, and stuff like that.
Or a Secret whose name ends in -secret
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
kubectl get secret
returning user-toml-secret
is stutter IMO. Of course it's a Secret. It doesn't help to have -secret
there, because that object will only be returned when you ask for Secrets.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree with the change. I was just being nitpicky about it not fitting the "stutter" title.
70cc1bf
to
8023360
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One line to remove.
examples/config/README.md
Outdated
This will create a [Kubernetes Secret](https://kubernetes.io/docs/concepts/configuration/secret/) with the configurations and a simple Node.js application that will display a msg. When running on minikube, it can be accessed under port `30001` of the minikube VM. `minikube ip` can be used to retrieve the IP. | ||
Initially our app is configured to display the msg `"Hello world."`. Because we override this with the Secret we just created, our app will instead display `Hello from our Habitat-Operator!`. | ||
This will create a [Kubernetes Secret](https://kubernetes.io/docs/concepts/configuration/secret/) with the configurations and a Redis database. | ||
Initially the Redis database is configured to be in protected mode. Because we override this with the Secret we just created, our db will not be in this mode anymore. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Drop this line, please - you decided to change the port instead of the protected mode.
a73e55c
to
5f56ca3
Compare
Signed-off-by: Lorenzo Manacorda <lorenzo@kinvolk.io>
Signed-off-by: Lorenzo Manacorda <lorenzo@kinvolk.io>
Signed-off-by: Lorenzo Manacorda <lorenzo@kinvolk.io>
Changing the port is a simpler, clearer example. Signed-off-by: Lorenzo Manacorda <lorenzo@kinvolk.io>
Signed-off-by: Lorenzo Manacorda <lorenzo@kinvolk.io>
Make the filename independent of the implementation. In case we want to switch db or web app again in the future. Signed-off-by: Lorenzo Manacorda <lorenzo@kinvolk.io>
Signed-off-by: Lorenzo Manacorda <lorenzo@kinvolk.io>
It's unnecessary. Signed-off-by: Lorenzo Manacorda <lorenzo@kinvolk.io>
Signed-off-by: Lorenzo Manacorda <lorenzo@kinvolk.io>
Signed-off-by: Lorenzo Manacorda <lorenzo@kinvolk.io>
No need to teach people how to use Kubernetes. Signed-off-by: Lorenzo Manacorda <lorenzo@kinvolk.io>
The path was changed in habitat-sh/habitat#3814 Signed-off-by: Lorenzo Manacorda <lorenzo@kinvolk.io>
The new path only contains the user.toml file, so the whole-directory can be bind-mounted, without having to resort to the symlinking hacks of SubPath. Signed-off-by: Lorenzo Manacorda <lorenzo@kinvolk.io>
We now change the port, instead of the protected mode. Signed-off-by: Lorenzo Manacorda <lorenzo@kinvolk.io>
It had been removed by mistake in fa18258. Signed-off-by: Lorenzo Manacorda <lorenzo@kinvolk.io>
It was creating a directory named user.toml and placing the user.toml there. Signed-off-by: Lorenzo Manacorda <lorenzo@kinvolk.io>
5f56ca3
to
4e36d97
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Heh, you also forgot about removing "user.toml" from the mount path, so you got user.toml
directory inside config
? Happened to me too in #164. ;)
Anyway, LFAD.
This PR updates the images used in examples. The new images feature an updated supervisor, which looks for the
user.toml
file in a new location.Also, this PR changes the example to use redis whenever possible, to reduce maintenance overhead.
Closes #164.
Closes #165.