Thanks to visit codestin.com
Credit goes to github.com

Skip to content

provisioner helm chart: stop requiring psk to be set #14985

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
bpmct opened this issue Oct 4, 2024 · 1 comment · Fixed by #15155
Closed

provisioner helm chart: stop requiring psk to be set #14985

bpmct opened this issue Oct 4, 2024 · 1 comment · Fixed by #15155
Assignees
@johnstcn
Labels
must-do Issues that must be completed by the end of the Sprint. Or else. Only humans may set this.

Comments

@bpmct
Copy link
Member

bpmct commented Oct 4, 2024
edited
Loading

Now that we support --key auth and user auth, let's stop requiring a PSK secret in the provisionerd. As a workaround, the user can set the value to "" and use the key instead.

Secret:

apiVersion: v1
kind: Secret
metadata:
  name: coder-org1-provisioner-key
type: Opaque
stringData:
  key: "the-key"
  psk: ""

Helm values:

coder:
  env:
    - name: CODER_URL
      value: "https://dev.coder.com"
    - name: CODER_PROVISIONER_DAEMON_KEY
      valueFrom:
        secretKeyRef:
          name: coder-org1-provisioner-key
          key: key
  replicaCount: 1
provisionerDaemon:
  pskSecretName: coder-org1-provisioner-key

But we don't want to have users doing this long-term.

Let's also work with @EdwardAngert to update the provisioner docs to explain how to configure this in Helm
@bpmct bpmct added the must-do Issues that must be completed by the end of the Sprint. Or else. Only humans may set this. label Oct 4, 2024
@johnstcn johnstcn self-assigned this Oct 16, 2024
@johnstcn johnstcn mentioned this issue Oct 17, 2024
Merged
@johnstcn
Copy link
Member

johnstcn commented Oct 17, 2024
edited
Loading

@bpmct setting the default value of pskSecretName to an empty string may break folks using the default values, but we should at least add support for setting a provisioner key secret name / key.

EDIT: done in #15122, docs updates (#15155) next.

This was referenced Oct 21, 2024
Merged
Merged
johnstcn added a commit that referenced this issue Oct 22, 2024
@johnstcn
fix(helm/provisioner): fail if psk and key are both set (#15157)
c42f487 
Relates to #14985

Context:
#15122 (comment)

Specifying both `provisionerDaemon.pskSecretName` and
`provisionerDaemon.keySecretName` will now result in an error.

This prevents a potential `CrashLoopBackoff` debug session due to the
following error:

```
error: cannot provide both provisioner key --key and pre-shared key --psk
```
defelmnq pushed a commit that referenced this issue Oct 23, 2024
@johnstcn @defelmnq
fix(helm/provisioner): fail if psk and key are both set (#15157)
63fb66a 
Relates to #14985

Context:
#15122 (comment)

Specifying both `provisionerDaemon.pskSecretName` and
`provisionerDaemon.keySecretName` will now result in an error.

This prevents a potential `CrashLoopBackoff` debug session due to the
following error:

```
error: cannot provide both provisioner key --key and pre-shared key --psk
```
defelmnq pushed a commit that referenced this issue Oct 23, 2024
@johnstcn @EdwardAngert @defelmnq
chore(docs): update external provisioners helm docs (#15155)
ae677e7 
Closes #14985

Updates external provisioner documentation to show steps for using
provisioner keys via Helm:

---------

Co-authored-by: Edward Angert <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@johnstcn johnstcn

Labels
must-do Issues that must be completed by the end of the Sprint. Or else. Only humans may set this.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

chore(docs): update external provisioners helm docs coder/coder
2 participants
@johnstcn @bpmct