Update user.toml path and example images #172
Conversation
|
I would like to see a test for configuration updates as part of this PR, wdyt? |
|
@lilic what kind of tests were you thinking of? |
|
@asymmetric Similar as we already have for initial config, but this to make sure config updates work and will always work despite the fact we change something. |
|
I'd keep that for a separate PR. I don't see a very strong correlation between this PR and tests for Also, this PR is blocking the release. Or do you mean that we should have the tests before we release? Either way, I'd keep the two things separate. |
examples/config/habitat.yml
Outdated
| # expects that encoding. | ||
| # Plain text content: protected-mode = "no" | ||
| user.toml: cHJvdGVjdGVkLW1vZGUgPSAibm8i | ||
| # Each item needs to be base64-encoded in base64. |
There was a problem hiding this comment.
The reason why I went with the protected-mode, instead of port number was that we can see a different message when visiting <cluster_ip>:30001. With protected mode set by default to "yes", we get a message about Redis being locked down. With our user.toml override, we could see something else.
But in the end, changing the port number is also fine - you documented that below in the Service part.
examples/config/README.md
Outdated
| @@ -1,6 +1,6 @@ | |||
| # Initial configuration | |||
|
|
|||
| This example demostrates how initial configuration works with the Habitat operator. With the manifest file we deploy a Redis Habitat service. | |||
| This example demonstrates how initial configuration works with the Habitat operator. With the manifest file we deploy a Redis Habitat service. | |||
There was a problem hiding this comment.
I'd be against fixing the typo - the word with the typo sounds like a Greek name and we need some greek reference, because Kubernetes.
There was a problem hiding this comment.
I'm actually against it but for a very different reason: it's not relevant to this patch. :)
There was a problem hiding this comment.
Oh I see that it is relevant, cause such a vague/broad commit log verb. :D
|
Filed an issue for adding a test for config updates, so we won't forget that. |
examples/bind-config/habitat.yml
Outdated
| user.toml: cG9ydCA9IDQ0NDQ= | ||
| --- | ||
| apiVersion: habitat.sh/v1 | ||
| kind: Habitat | ||
| kind: Habitat |
There was a problem hiding this comment.
irrelevant change. Separate patch for fixing formatting please
| @@ -10,6 +10,6 @@ After the Habitat operator is up and running, execute the following command from | |||
| kubectl create -f examples/bind/habitat.yml | |||
| ``` | |||
|
|
|||
| This will deploy two `Habitat`s, a simple HTTP server written in Go that will be bound to a PostgreSQL database. The Go server will display the port number the database listens on. | |||
| This will deploy two `Habitat`s, a simple HTTP server written in Go that will be bound to a Redis database. The Go server will display the port number the database listens on. | |||
There was a problem hiding this comment.
Do we really call the services or apps as "habitats"?
There was a problem hiding this comment.
Yeah, the naming is a bit weird. In Habitat they're services, but the CRD is Habitat, so same as we say ConfigMaps, I think we're justified to say Habitats.
There was a problem hiding this comment.
Not sure I agree and it sounds strange but OK. :)
| bound to a Redis instance. By default, the Redis database instance would [listen | ||
| on port | ||
| 6379](https://github.com/habitat-sh/core-plans/blob/7bc934c31e92c959aea0444671900c57c23d5265/redis/default.toml#L3), | ||
| but we change this with the configuration stored in the `user-toml`. |
There was a problem hiding this comment.
in the commit log it's "user.toml", but here it's with a dash.
There was a problem hiding this comment.
It's with a dash because what I'm pointing at here is the Kubernetes Secret named user-toml, rather than the filename under which the Secret is mounted in the Pod.
pkg/controller/controller.go
Outdated
| @@ -715,7 +715,7 @@ func (hc *HabitatController) newDeployment(h *habv1.Habitat) (*appsv1beta1.Deplo | |||
| Name: initialConfigFilename, | |||
| // The Habitat supervisor creates a directory for each service under /hab/svc/<servicename>. | |||
| // We need to place the user.toml file in there in order for it to be detected. | |||
| MountPath: fmt.Sprintf("/hab/svc/%s/%s", h.Spec.Service.Name, userTOMLFile), | |||
| MountPath: fmt.Sprintf("/hab/user/%s/config/%s", h.Spec.Service.Name, userTOMLFile), | |||
| SubPath: userTOMLFile, | |||
There was a problem hiding this comment.
We need to get rid of this line.
examples/encrypted/README.md
Outdated
|
|
||
| ``` | ||
| kubectl delete secret your-secret-name | ||
| ``` |
There was a problem hiding this comment.
but we are not teaching k8s, just giving them a direct command to use so they don't have to look it up just for this.
There was a problem hiding this comment.
Yeah but this is basic stuff, and it's also orthogonal: create/delete work across all resources. If you don't know how to do CRUD operations on a resource, I don't think you should delve into operators yet..
There was a problem hiding this comment.
But I mean, I can add it back.. I just think it's useless, as virtually 100% of people reading this will know how to do it.
| @@ -1,7 +1,7 @@ | |||
| apiVersion: v1 | |||
| kind: Secret | |||
| metadata: | |||
| name: user-toml-secret | |||
| name: user-toml | |||
There was a problem hiding this comment.
Thanks for explaining what "stutter" is but i don't see any repetition here in the name.
There was a problem hiding this comment.
In this case, a Service whose name ends in -service, and stuff like that.
Or a Secret whose name ends in -secret.
There was a problem hiding this comment.
kubectl get secret returning user-toml-secret is stutter IMO. Of course it's a Secret. It doesn't help to have -secret there, because that object will only be returned when you ask for Secrets.
There was a problem hiding this comment.
I agree with the change. I was just being nitpicky about it not fitting the "stutter" title.
asymmetric
force-pushed
the
krnowak/redis
branch
from
70cc1bf
to
8023360
Compare
examples/config/README.md
Outdated
| This will create a [Kubernetes Secret](https://kubernetes.io/docs/concepts/configuration/secret/) with the configurations and a simple Node.js application that will display a msg. When running on minikube, it can be accessed under port `30001` of the minikube VM. `minikube ip` can be used to retrieve the IP. | ||
| Initially our app is configured to display the msg `"Hello world."`. Because we override this with the Secret we just created, our app will instead display `Hello from our Habitat-Operator!`. | ||
| This will create a [Kubernetes Secret](https://kubernetes.io/docs/concepts/configuration/secret/) with the configurations and a Redis database. | ||
| Initially the Redis database is configured to be in protected mode. Because we override this with the Secret we just created, our db will not be in this mode anymore. |
There was a problem hiding this comment.
Drop this line, please - you decided to change the port instead of the protected mode.
asymmetric
force-pushed
the
krnowak/redis
branch
from
a73e55c
to
5f56ca3
Compare
Signed-off-by: Lorenzo Manacorda <lorenzo@kinvolk.io>
Signed-off-by: Lorenzo Manacorda <lorenzo@kinvolk.io>
Signed-off-by: Lorenzo Manacorda <lorenzo@kinvolk.io>
Changing the port is a simpler, clearer example. Signed-off-by: Lorenzo Manacorda <lorenzo@kinvolk.io>
Signed-off-by: Lorenzo Manacorda <lorenzo@kinvolk.io>
Make the filename independent of the implementation. In case we want to switch db or web app again in the future. Signed-off-by: Lorenzo Manacorda <lorenzo@kinvolk.io>
Signed-off-by: Lorenzo Manacorda <lorenzo@kinvolk.io>
It's unnecessary. Signed-off-by: Lorenzo Manacorda <lorenzo@kinvolk.io>
Signed-off-by: Lorenzo Manacorda <lorenzo@kinvolk.io>
Signed-off-by: Lorenzo Manacorda <lorenzo@kinvolk.io>
No need to teach people how to use Kubernetes. Signed-off-by: Lorenzo Manacorda <lorenzo@kinvolk.io>
The path was changed in habitat-sh/habitat#3814 Signed-off-by: Lorenzo Manacorda <lorenzo@kinvolk.io>
The new path only contains the user.toml file, so the whole-directory can be bind-mounted, without having to resort to the symlinking hacks of SubPath. Signed-off-by: Lorenzo Manacorda <lorenzo@kinvolk.io>
We now change the port, instead of the protected mode. Signed-off-by: Lorenzo Manacorda <lorenzo@kinvolk.io>
It had been removed by mistake in fa18258. Signed-off-by: Lorenzo Manacorda <lorenzo@kinvolk.io>
It was creating a directory named user.toml and placing the user.toml there. Signed-off-by: Lorenzo Manacorda <lorenzo@kinvolk.io>
asymmetric
force-pushed
the
krnowak/redis
branch
from
5f56ca3
to
4e36d97
Compare
This PR updates the images used in examples. The new images feature an updated supervisor, which looks for the
user.tomlfile in a new location.Also, this PR changes the example to use redis whenever possible, to reduce maintenance overhead.
Closes #164.
Closes #165.