Hi all got a very novice question got the following deployme Pulumi Community #kubernetes

Hi all, got a very novice question: got the follow...

proud-spoon-58287

08/05/2020, 10:00 AM

Hi all, got a very novice question: got the following deployment

Copy code

apiVersion: apps/v1
apiVersion: apps/v1
kind: Deployment
metadata:
  annotations:
    kompose.cmd: kompose convert
    kompose.version: 1.21.0 ()
  labels:
    io.kompose.service: ksqldb-server
  name: ksqldb-server
spec:
  replicas: 1
  selector:
    matchLabels:
      io.kompose.service: ksqldb-server
  strategy: {}
  template:
    metadata:
      annotations:
        kompose.cmd: kompose convert
        kompose.version: 1.21.0 ()
      labels:
        io.kompose.service: ksqldb-server
    spec:
      containers:
      - env:
        - name: KSQL_BOOTSTRAP_SERVERS
          value: pkc-4r297.europe-west1.gcp.confluent.cloud:9092
        - name: KSQL_KSQL_INTERNAL_TOPIC_REPLICAS
          value: "3"
        - name: KSQL_KSQL_LOGGING_PROCESSING_STREAM_AUTO_CREATE
          value: "true"
        - name: KSQL_KSQL_LOGGING_PROCESSING_TOPIC_AUTO_CREATE
          value: "true"
        - name: KSQL_KSQL_LOGGING_PROCESSING_TOPIC_REPLICATION_FACTOR
          value: "3"
        - name: KSQL_KSQL_SINK_REPLICAS
          value: "3"
        - name: KSQL_KSQL_STREAMS_REPLICATION_FACTOR
          value: "3"
        - name: KSQL_LISTENERS
          value: <http://0.0.0.0:8088>
        - name: KSQL_SASL_JAAS_CONFIG
          value: |
            org.apache.kafka.common.security.plain.PlainLoginModule required username="USERNAME" password="PASSOWRD";
        - name: KSQL_SASL_MECHANISM
          value: PLAIN
        - name: KSQL_SECURITY_PROTOCOL
          value: SASL_SSL
        image: confluentinc/ksqldb-server:0.10.1
        imagePullPolicy: ""
        name: ksqldb-server
        ports:
        - containerPort: 8088
        resources: {}
      hostname: ksqldb-server
      restartPolicy: Always
      serviceAccountName: ""
      volumes: []

proud-spoon-58287

08/05/2020, 10:01 AM

and I need to replace USERNAME and PASSWORD 🙂

proud-spoon-58287

08/05/2020, 10:02 AM

I work with Pulumi, and I can manipulate the yaml before getting deployed in order to replace USERNAME and PASSWORD with the right values.

proud-spoon-58287

08/05/2020, 10:03 AM

what I do not like of my current implementation is that I am binded to this deployment structure and it is very inflexible

proud-spoon-58287

08/05/2020, 10:04 AM

Is there a way to pass something link another yaml to the deployment file which contains the right values and reference those?

proud-spoon-58287

08/05/2020, 10:14 AM

Copy code

valueFrom:
            secretKeyRef:
              key:

proud-spoon-58287

08/05/2020, 10:15 AM

can I put the pulumi config key? 🙂

kind-mechanic-53546

08/05/2020, 11:56 AM

Check out this stack

kind-mechanic-53546

08/05/2020, 11:56 AM

specifically,

Copy code

// Create secret from MongoDB connection string.
const mongoConnStrings = new k8s.core.v1.Secret(
    "mongo-secrets",
    {
        metadata: { name: "mongo-secrets", namespace: config.appsNamespaceName},
        data: mongoHelpers.parseConnString(cosmosdb.connectionStrings),
    },
    { provider },
);

kind-mechanic-53546

08/05/2020, 11:57 AM

and

Copy code

name: "WORDPRESS_DATABASE_PASSWORD",
                                valueFrom: {
                                    secretKeyRef: {
                                        name: mariadbSecret.metadata.name,
                                        key: "mariadb-password"
                                    }
                                }

from here

proud-spoon-58287

08/05/2020, 12:58 PM

thanks @kind-mechanic-53546

proud-spoon-58287

08/05/2020, 1:53 PM

@kind-mechanic-53546 This is all clear now thanks

proud-spoon-58287

08/05/2020, 1:53 PM

only thing I do not understand is this

proud-spoon-58287

08/05/2020, 1:53 PM

Copy code

// Create a Secret with the database credentials.
const databaseSecret = new k8s.core.v1.Secret("db-secret", {
    stringData: {
        "database-username": config.databaseUsername,
        "database-password": config.databasePassword,
    }
}, { provider: provider });

proud-spoon-58287

08/05/2020, 1:53 PM

config.X

proud-spoon-58287

08/05/2020, 1:53 PM

does not exists

proud-spoon-58287

08/05/2020, 1:53 PM

but I can do config.get(SECRET-KEY)

proud-spoon-58287

08/05/2020, 1:53 PM

but I got an error

proud-spoon-58287

08/05/2020, 1:53 PM

can you help?

proud-spoon-58287

08/05/2020, 1:54 PM

Copy code

const config = new pulumi.Config();
const ksqlDbSecret = new k8s.core.v1.Secret("ksqldb-secret", {
    stringData: {
        'kafka-cluster-username': config.get('kafkaApiKey'),
        'kafaka-cluster-password': config.get('kafkaApiSecret')
    }
}, { provider: clusterProvider });

proud-spoon-58287

08/05/2020, 1:54 PM

that has compilation errors

proud-spoon-58287

08/05/2020, 1:55 PM

Copy code

'kafka-cluster-username': config.requireSecret('kafkaApiKey'),
        'kafaka-cluster-password': config.requireSecret('kafkaApiSecret')

proud-spoon-58287

08/05/2020, 1:55 PM

that sorts it 🙂

proud-spoon-58287

08/05/2020, 2:19 PM

@kind-mechanic-53546 got another question

proud-spoon-58287

08/05/2020, 4:12 PM

@billowy-army-68599 this does not work

proud-spoon-58287

08/05/2020, 4:12 PM

Copy code

const config = new pulumi.Config();
const ksqlDbSecret = new k8s.core.v1.Secret("ksqldb-secret", {
    stringData: {
        'kafka-cluster-username': config.get('kafkaApiKey'),
        'kafaka-cluster-password': config.get('kafkaApiSecret')
    }
}, { provider: clusterProvider });

proud-spoon-58287

08/05/2020, 4:13 PM

pulumi asks me to set 'kafka-cluster-username' ...?

proud-spoon-58287

08/05/2020, 4:13 PM

thought it is a key : value

billowy-army-68599

08/05/2020, 4:15 PM

can you show the error?

4 Views

Open in Slack

Previous Next