Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Blueprint] read metadata from other kubernetes resources than secrets or configmaps #2834

Open
sybernatus opened this issue Apr 22, 2024 · 5 comments
Open

[Blueprint] read metadata from other kubernetes resources than secrets or configmaps #2834

sybernatus opened this issue Apr 22, 2024 · 5 comments
Assignees
@viveksinghggits
Labels
enhancement
Projects
Kanister

Comments

@sybernatus
Copy link

Is your feature request related to a problem? Please describe.
It's more a question than a feature request
In Blueprint templates, I'm using objects field to access secrets data within my backup phase. As objects seems to be generic, I'm wondering if I can use it to access other kubernetes object data.

Describe the solution you'd like
I'd like to do something like this:

apiVersion: config.kio.kasten.io/v1alpha1
kind: Profile
metadata:
  name: my-kasten-profile
  namespace: kasten-io
spec:
  type: Location
  locationSpec:
    credential:
      secret:
        apiVersion: v1
        kind: secret
        name: my-secret
        namespace: kasten-io
      secretType: AwsAccessKey
    objectStore:
      endpoint: https://my-s3-endpoint.com:10443
      name: my-s3
      objectStoreType: S3
      pathType: Directory
      region: fr-south-1
    type: ObjectStore
---

apiVersion: cr.kanister.io/v1alpha1
kind: Blueprint
metadata:
  name: my-backup
actions:
  backup:
    phases:
      - func: KubeExec
        name: backupToS3
        objects:
          s3Secret:
            kind: Secret
            name: 'my-secret'
            namespace: 'kasten-io'
          s3Location:
            group: config.kio.kasten.io
            kind: Profile <== Access other resources than secrets
            namespace: 'kasten-io'
            name: 'my-kasten-profile'
        args:
          namespace: "{{ .StatefulSet.Namespace }}"
          pod: "{{ index .StatefulSet.Pods 0 }}"
          container: my-container
          command:
            - bash
            - -o
            - errexit
            - -o
            - pipefail
            - -c
            - |
              S3_ACCESS_KEY={{ index .Phases.backupToS3.Secrets.s3Secret.Data "aws_access_key_id" | toString }} # <== This is working
              S3_LOCATION={{ index .Phases.backupToS3.Profile.s3Location.Data "endpoint" | toString }} # <== This is not working

Environment
Kubernetes Version/Provider: 1.25
Cluster Size (#nodes): 30
@github-actions GitHub Actions
Copy link

Thanks for opening this issue 👍. The team will review it shortly.

If this is a bug report, make sure to include clear instructions how on to reproduce the problem with minimal reproducible examples, where possible. If this is a security report, please review our security policy as outlined in SECURITY.md.

If you haven't already, please take a moment to review our project's Code of Conduct document.

@infraq infraq added this to To Be Triaged in Kanister Apr 22, 2024
@viveksinghggits
Copy link
Contributor

Hi @sybernatus,
That's a great question. Even though phases[?].objects field looks specific enough to assume that we should be able to use any object there, it's not supported right now to provide other Kubernetes objects.
If you can talk about your use case, maybe we would be able to figure out a way to do that using other standard ways.

@mlavi mlavi removed the triage label May 23, 2024
@mlavi
Copy link
Contributor

mlavi commented May 23, 2024

Waiting to hear more detail, please let us know your use case @sybernatus .

@sybernatus
Copy link
Author

Hi, and thanks for your reply 🙂
What I would like is to avoid duplicating data across resources. For example, as in my kasten profile I have the endpoint of my S3, I would like to avoid creating a secret or configmap that have the same information.

Reading you, it seems that it is still not possible for now. So I will duplicate them in a configmap to use them in my blueprint.

@viveksinghggits
Copy link
Contributor

Hi, and thanks for your reply 🙂 What I would like is to avoid duplicating data across resources. For example, as in my kasten profile I have the endpoint of my S3, I would like to avoid creating a secret or configmap that have the same information.

Reading you, it seems that it is still not possible for now. So I will duplicate them in a configmap to use them in my blueprint.

ok, I understand.
So I am assuming you need the S3 endpoint (that is configured in profile) in your blueprint and are trying to do something using that endpoint. Usually we don't expect a blueprint to have separate s3 commands to push and pull things from a bucket and that is the reason maybe you are seeing this behaviour. Usually the kando or any other command (if applicable) does this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@viveksinghggits viveksinghggits

Labels
enhancement
Projects
Kanister
To Be Triaged
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mlavi @viveksinghggits @sybernatus