limited-rainbow-51650
01/28/2020, 9:49 AMconst privatePullCredentials = new kubernetes.core.v1.Secret('dockerprivatepull', {
type: "<http://kubernetes.io/dockerconfigjson|kubernetes.io/dockerconfigjson>",
metadata: {
namespace: namespace.metadata.name
},
stringData: {
".dockerconfigjson": config
.requireSecret("docker-hub-token")
.apply(value => {
return JSON.stringify({
auths: {
"<https://index.docker.io/v1/>": {
auth: value
}
}
})
})
}
});
Output:
kubectl get secret dockerprivatepull-s2nimzmf --namespace=apps --output=yaml master ● ↓2 10:43:53
apiVersion: v1
data:
.dockerconfigjson: eyJhdXRocyI6eyJodHRwczovL2luZGV4LmRvY2tlci5pby92MS8iOnsiYXV0aCI6ImRlOWM1NTgyLTM4ZTMtNGY1Mi04ZTFhLTk0NzgzNWQ2ZTc5YyJ9fX0=
kind: Secret
metadata:
annotations:
<http://kubectl.kubernetes.io/last-applied-configuration|kubectl.kubernetes.io/last-applied-configuration>: |
{"apiVersion":"v1","kind":"Secret","metadata":{"annotations":{"<http://pulumi.com/autonamed|pulumi.com/autonamed>":"true"},"labels":{"<http://app.kubernetes.io/managed-by|app.kubernetes.io/managed-by>":"pulumi"},"name":"dockerprivatepull-s2nimzmf","namespace":"apps"},"stringData":{".dockerconfigjson":"{\"auths\":{\"<https://index.docker.io/v1/>\":{\"auth\":\"<clear text secret here!!!>"}}}"},"type":"<http://kubernetes.io/dockerconfigjson|kubernetes.io/dockerconfigjson>"}
<http://pulumi.com/autonamed|pulumi.com/autonamed>: "true"
creationTimestamp: "2020-01-28T09:43:00Z"
labels:
<http://app.kubernetes.io/managed-by|app.kubernetes.io/managed-by>: pulumi
name: dockerprivatepull-s2nimzmf
namespace: osimis
resourceVersion: "935549"
selfLink: /api/v1/namespaces/osimis/secrets/dockerprivatepull-s2nimzmf
uid: c19731a4-45e9-414a-8a04-fb92ce5f05bd
type: <http://kubernetes.io/dockerconfigjson|kubernetes.io/dockerconfigjson>
broad-helmet-79436
01/28/2020, 10:15 AMkubectl apply
to apply the secret, which makes .
The “correct” way to do it seems like it would be to use kubectl create
the first time, and then kubectl replace
on subsequent updates, which does not retain a last-applied-configuration
annotation (ref https://kubernetes.io/docs/tasks/manage-kubernetes-objects/declarative-config/)
would you like to make a github issue? 😄limited-rainbow-51650
01/28/2020, 11:37 AMbroad-helmet-79436
01/28/2020, 11:38 AMlimited-rainbow-51650
01/28/2020, 11:40 AMbroad-helmet-79436
01/28/2020, 11:40 AMlimited-rainbow-51650
01/28/2020, 11:41 AMbroad-helmet-79436
01/28/2020, 11:42 AMlimited-rainbow-51650
01/28/2020, 11:43 AMgorgeous-egg-16927
01/28/2020, 7:23 PMlimited-rainbow-51650
01/28/2020, 7:25 PMkubectl create secret …
and with kubectl get secret ...
I get a secret without annotation.
2. I create a secret via Pulumi. With kubectl get secret
I get a secret with the annotation.
So is Pulumi doing something different from the CLI?gorgeous-egg-16927
01/28/2020, 7:29 PMkubectl
adds the same annotation, but it might not for Secrets; I’d have to check. Pulumi’s k8s provider adds that annotation to help with client-side diffing.kubectl
doesn’t add that annotation. Wasn’t aware of that before.limited-rainbow-51650
01/28/2020, 7:38 PMgorgeous-egg-16927
01/28/2020, 7:39 PM