Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[RFE] Leverage resource-sync mechanism for resources that need created before cluster-agent comes up #11892

Closed
thatmidwesterncoder opened this issue Sep 11, 2024 · 7 comments · Fixed by #12131
Closed

[RFE] Leverage resource-sync mechanism for resources that need created before cluster-agent comes up #11892

thatmidwesterncoder opened this issue Sep 11, 2024 · 7 comments · Fixed by #12131
Assignees
@izaac @richard-cox @momesgin
Labels
JIRA kind/enhancement priority/0 QA/manual-test Indicates issue requires manually testing status/backport-candidate
Milestone
v2.10.0

Comments

@thatmidwesterncoder
Copy link

thatmidwesterncoder commented Sep 11, 2024
edited by richard-cox
Loading

Is your feature request related to a problem? Please describe.

Currently there is a gap where certain resources that are required by system components (e.g. additionalManifests) are stored in plain text on the cluster object. After rancher/rancher#45718 is completed there will be a way to synchronize resources (at first just secrets) to the downstream clusters during the provisioning process by way of a specific annotation (docs soon).

The UI should use this feature where necessary to ensure that potentially sensitive manifests do not end up on disk.

Describe the solution you'd like

When creating a cluster through the wizard - the UI should create other resources (namely secrets) first with the appropriate annotation and then the cluster object, which would allow the provisioning process to bring up the cluster -> create those secrets -> then continue the provisioning process.

Describe alternatives you've considered

Mentioned in the r/r issue above, namely using additionalManifests or machineSelectorFiles. But those require the files to be placed on disk before being applied by RKE2.

Additional context

This will most likely complicate the UI in certain places (the additional config tab mostly) because creates will create the secret, then updates will update said secret. Hopefully it can be abstracted away to hook into it wherever there is something sensitive.

Related: Parent - SURE-5434, UI - SURE-9078
@Sahota1225 Sahota1225 added this to the v2.9.next2 milestone Sep 11, 2024
@github-actions github-actions bot added the QA/dev-automation Issues that engineers have written automation around so QA doesn't have look at this label Sep 11, 2024
@richard-cox
Copy link
Member

richard-cox commented Sep 12, 2024
edited
Loading

@Sahota1225 , @thatmidwesterncoder We need to discuss the implementation before starting this, was there an RFC?

@richard-cox richard-cox modified the milestones: v2.9.next2, v2.10.0 Sep 12, 2024
@gaktive
Copy link
Member

gaktive commented Sep 13, 2024

/backport v2.9.next2

@github-actions github-actions bot mentioned this issue Sep 13, 2024
Closed
@gaktive gaktive removed their assignment Sep 13, 2024
@richard-cox
Copy link
Member

See UI JIRA for implementation details SURE-9078

@richard-cox richard-cox self-assigned this Sep 25, 2024
@richard-cox
Copy link
Member

Blocked on SURE-5434

@gaktive gaktive assigned momesgin and unassigned richard-cox Sep 25, 2024
@richard-cox
Copy link
Member

/backport v2.8.9

@richard-cox richard-cox self-assigned this Sep 30, 2024
@github-actions github-actions bot mentioned this issue Sep 30, 2024
Closed
@richard-cox
Copy link
Member

richard-cox commented Sep 30, 2024
edited
Loading

Blocked on #12066

This was referenced Oct 3, 2024
Closed
Merged
@richard-cox richard-cox added QA/manual-test Indicates issue requires manually testing and removed QA/dev-automation Issues that engineers have written automation around so QA doesn't have look at this labels Oct 10, 2024
This was referenced Oct 11, 2024
Merged
Merged
@momesgin momesgin mentioned this issue Oct 11, 2024
Merged
7 tasks
@izaac izaac self-assigned this Oct 22, 2024
@izaac
Copy link
Contributor

izaac commented Oct 22, 2024

Rancher version: v2.10-ae9edd7151ea0a2387b0dcf3d9387eff74d9d101-head
UI: master 4e82a4d

Tested on vSphere 8 in a vSphere local cluster using Downstream vSphere clusters.
The vSphere CPI and CSI apps create secrets on the local (Rancher) cluster. vsphere-config-secret and vsphere-cpi-creds

These are referenced during vSphere provisioning using the vSphere cloud provider. Deselecting auto generate secrets from the Add Ons, the secrets are automatically picked up and used for pre-bootstrap during provision.

Scope here was only vSphere. As per the Linked PRs.
Reference backport: #12065 (comment)

@izaac izaac closed this as completed Oct 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@izaac izaac

@richard-cox richard-cox

@momesgin momesgin

Labels
JIRA kind/enhancement priority/0 QA/manual-test Indicates issue requires manually testing status/backport-candidate
Projects
None yet
Milestone
v2.10.0
Development

Successfully merging a pull request may close this issue.

[2.10] vSphere Secrets Sync richard-cox/dashboard
6 participants
@izaac @gaktive @richard-cox @Sahota1225 @thatmidwesterncoder @momesgin