Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[EPIC] Secret Handling #131

Closed
sylus opened this issue Jan 19, 2022 · 5 comments
Closed

[EPIC] Secret Handling #131

sylus opened this issue Jan 19, 2022 · 5 comments
Assignees
@sylus
Labels
area/engineering Requires attention from engineering: focus on foundational components or platform DevOps area/security priority/soon size/M 2-3 days

Comments

@sylus
Copy link
Member

sylus commented Jan 19, 2022
edited
Loading

Overview

Even though some components that have secrets are merged in. This section is just to highlight some of the secret interpolation handling we still have to do and not forget about.
@sylus sylus pinned this issue Jan 19, 2022
@sylus sylus added the size/M 2-3 days label Jan 19, 2022
@sylus sylus self-assigned this Jan 24, 2022
@sylus sylus added area/engineering Requires attention from engineering: focus on foundational components or platform DevOps area/security size/S ~1 day priority/soon and removed size/S ~1 day labels Jan 24, 2022
@blairdrummond
Copy link
Contributor

Where secrets like this are needed, I think it might not be crazy just to create them in terraform. What do you think @sylus ?

@sylus
Copy link
Member Author

sylus commented Feb 4, 2022

Yeah so i run this kustomize and then afterwards I apply this configmap manually but argo can do it and will ignore this confgmap on future syncs.

apiVersion: v1
kind: ConfigMap
metadata:
  name: oidc-authservice-parameters
  namespace: istio-system
  annotations:
    argocd.argoproj.io/compare-options: IgnoreExtraneous

@sylus
Copy link
Member Author

sylus commented Feb 4, 2022

So I think all we need to do know is call the following in ArgoCD and it should just work:

https://github.com/StatCan/aaw-kubeflow-manifests/blob/main/kustomize/stacks/argo/kubeflow.yaml

@sylus
Copy link
Member Author

sylus commented Feb 4, 2022

@blairdrummond ^ something next week to look at.

@sylus
Copy link
Member Author

sylus commented Feb 23, 2022

This should work for now and can revisit with Vault in the future!

@sylus sylus closed this as completed Feb 23, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sylus sylus

Labels
area/engineering Requires attention from engineering: focus on foundational components or platform DevOps area/security priority/soon size/M 2-3 days
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sylus @blairdrummond