Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix #2229 - dex-passwords in common/dex/base #2588

Merged
merged 1 commit into from
Jan 2, 2024
Merged

Fix #2229 - dex-passwords in common/dex/base #2588

merged 1 commit into from
Jan 2, 2024

Conversation

kromanow94
Copy link
Contributor

The dex-passwords secret has not been defined properly and the secret wasn't added to the dex kustomization file.

Description of your changes:
The changes are done as discussed in #2229 (review).

@kromanow94
fix kubeflow#2229 - dex-passwords in common/dex/base
8aafa9a 
The dex-passwords secret didn't have the secret defined properly and the secret wasn't added to the dex kustomization file.
@juliusvonkohout
Copy link
Member

Are you sure that the string is allowed like this? i am under the impression, that we have to encode it since it contains the dollar sign.

"You can define the Secret object in a manifest first, in JSON or YAML format, and then create that object. The Secret resource contains two maps: data and stringData. The data field is used to store arbitrary data, encoded using base64. The stringData field is provided for convenience, and it allows you to provide the same data as unencoded strings. The keys of data and stringData must consist of alphanumeric characters, -, _ or .."

https://kubernetes.io/docs/tasks/configmap-secret/managing-secret-using-config-file/#create-the-config-file

@kromanow94 kromanow94 mentioned this pull request Jan 2, 2024
Closed
@kromanow94
Copy link
Contributor Author

I was able to verify that this form works:

$ git checkout fix-pull-2229
$ git reset --hard
$ git log -1
commit 8aafa9a3041e2bec2441dd44df4854288ede6a04 (HEAD -> fix-pull-2229, origin/fix-pull-2229)
Author:     Krzysztof Romanowski <krzysztof.romanowski.kr3@roche.com>
AuthorDate: Tue Jan 2 13:50:19 2024 +0000
Commit:     Krzysztof Romanowski <krzysztof.romanowski.kr3@roche.com>
CommitDate: Tue Jan 2 13:50:19 2024 +0000

    fix #2229 - dex-passwords in common/dex/base

$ kustomize build common/dex/base/ | kubectl apply -f - --dry-run=server -oyaml | yq '.items[] | select(.metadata.name == "dex-passwords")| .data.DEX_USER_PASSWORD' -r | base64 -d; echo
$2y$12$4K/VkmDd1q1Orb3xAt82zu8gk7Ad6ReFR4LCP9UeYE90NLiN9Df72

But, I agree that even if this works, we should comply with the documentation because in future the K8s system can be more restrictive and more in-sync with the docs.

I've made a change to define the value encoded with base64.

kromanow94 added a commit to kromanow94/kubeflow-internal-acls that referenced this pull request Jan 2, 2024
@kromanow94
Add kromanow94 as member
0e75db2 
Contributions:
* kubeflow/manifests#2544
* kubeflow/manifests#2588
* kubeflow/manifests#2516
* kubeflow/manifests#2517
* kubeflow/manifests#2229 (review)
* kubeflow/kubeflow#7437 (comment)
* https://kubeflow.slack.com/archives/CKBA5D0MU/p1702465109437099
* https://kubeflow.slack.com/archives/C01A7RYEYMB/p1702556772959959
* https://kubeflow.slack.com/archives/CE10KS9M4/p1700672066110009
* https://kubeflow.slack.com/archives/CE10KS9M4/p1700672066110009
@kromanow94 kromanow94 mentioned this pull request Jan 2, 2024
Merged
@kromanow94
Copy link
Contributor Author

Ah, I see that this wasn't necessary... The docs talk about the key in data and stringData. It was the value that really had the dollar sign.

The keys of data and stringData must consist of alphanumeric characters, -, _ or ..

With that in mind, I'm more in favor of going with stringData to be more explicit. I'll make the change and bring it back.

@juliusvonkohout
Copy link
Member

/lgtm
/approve

@google-oss-prow google-oss-prow bot added the lgtm label Jan 2, 2024
@google-oss-prow Google OSS Prow
Copy link

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: juliusvonkohout, kromanow94

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@google-oss-prow google-oss-prow bot merged commit 19c4dc2 into kubeflow:master Jan 2, 2024
6 checks passed
google-oss-prow bot pushed a commit to kubeflow/internal-acls that referenced this pull request Jan 2, 2024
@kromanow94
Add kromanow94 as member (#631)
89d844f 
Contributions:
* kubeflow/manifests#2544
* kubeflow/manifests#2588
* kubeflow/manifests#2516
* kubeflow/manifests#2517
* kubeflow/manifests#2229 (review)
* kubeflow/kubeflow#7437 (comment)
* https://kubeflow.slack.com/archives/CKBA5D0MU/p1702465109437099
* https://kubeflow.slack.com/archives/C01A7RYEYMB/p1702556772959959
* https://kubeflow.slack.com/archives/CE10KS9M4/p1700672066110009
* https://kubeflow.slack.com/archives/CE10KS9M4/p1700672066110009
@kromanow94 kromanow94 mentioned this pull request Jan 3, 2024
Closed
@kromanow94 kromanow94 deleted the fix-pull-2229 branch July 8, 2024 07:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@juliusvonkohout juliusvonkohout Awaiting requested review from juliusvonkohout

@kimwnasptd kimwnasptd Awaiting requested review from kimwnasptd

Assignees

@juliusvonkohout juliusvonkohout

Labels
approved lgtm size/XS
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@kromanow94 @juliusvonkohout