-
Notifications
You must be signed in to change notification settings - Fork 11
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Minio does not restart minio if someone changes access-key
/secret-key
via juju config
#47
Labels
bug
Something isn't working
Comments
ca-scribner
added a commit
that referenced
this issue
Mar 28, 2022
Fixes #47 This adds a hash of the current config to environment variables in order to trigger creating a new pod whenever config changes. This ensures minio will restart whenever someone does `juju config minio access-key=newKey` or similar. This also adds unit tests for the new code Implementation: * refactor handling the default value for secret-key (moved to `_get_secret_key()`) to make it reusable * add `_generate_config_hash()` to create the hash of the current config
ca-scribner
added a commit
that referenced
this issue
Mar 31, 2022
Fixes #47 This adds a hash of the current config to environment variables in order to trigger creating a new pod whenever config changes. This ensures minio will restart whenever someone does `juju config minio access-key=newKey` or similar. This also adds unit tests for the new code Implementation: * refactor handling the default value for secret-key (moved to `_get_secret_key()`) to make it reusable * add `_generate_config_hash()` to create the hash of the current config
ca-scribner
added a commit
that referenced
this issue
Apr 1, 2022
Fixes #47 This adds a hash of the current config to environment variables in order to trigger creating a new pod whenever config changes. This ensures minio will restart whenever someone does `juju config minio access-key=newKey` or similar. This also adds unit tests for the new code Implementation: * refactor handling the default value for secret-key (moved to `_get_secret_key()`) to make it reusable * add `_generate_config_hash()` to create the hash of the current config
ca-scribner
added a commit
that referenced
this issue
Apr 1, 2022
Fixes #47 This adds a hash of the current config to environment variables in order to trigger creating a new pod whenever config changes. This ensures minio will restart whenever someone does `juju config minio access-key=newKey` or similar. This also adds unit tests for the new code Implementation: * refactor handling the default value for secret-key (moved to `_get_secret_key()`) to make it reusable * add `_generate_config_hash()` to create the hash of the current config
DomFleischmann
pushed a commit
that referenced
this issue
Apr 4, 2022
* feat: add hash of config to env vars Fixes #47 This adds a hash of the current config to environment variables in order to trigger creating a new pod whenever config changes. This ensures minio will restart whenever someone does `juju config minio access-key=newKey` or similar. This also adds unit tests for the new code Implementation: * refactor handling the default value for secret-key (moved to `_get_secret_key()`) to make it reusable * add `_generate_config_hash()` to create the hash of the current config * fix: _get_secret_key try/except caught wrong exception Fixes bug where we catch errors about missing data in self._stored. Was using `except KeyError`, but `self._stored` raises an `AttributeError` if data is not available. * fix: linting/formatting * feat: Add integration test for credential refresh * fix: test_refresh_credentials Updates test_refresh_credentials to use the refactored connect_client_to_server.
DomFleischmann
pushed a commit
that referenced
this issue
Apr 7, 2022
* Refactor integration tests (#49) * feat: make integration test idempotent * refactor: encapsulate logic for tests, moving connect-to-minio logic into a reusable helper so it can be used by multiple tests * refactor: add arg for access/secret_key in connect_client_to_server * feat: make connection test attempts auto-retry using tenacity.retry * fix: unpin black to fix linting/formatting * fix: credential refresh on config change (#50) * feat: add hash of config to env vars Fixes #47 This adds a hash of the current config to environment variables in order to trigger creating a new pod whenever config changes. This ensures minio will restart whenever someone does `juju config minio access-key=newKey` or similar. This also adds unit tests for the new code Implementation: * refactor handling the default value for secret-key (moved to `_get_secret_key()`) to make it reusable * add `_generate_config_hash()` to create the hash of the current config * fix: _get_secret_key try/except caught wrong exception Fixes bug where we catch errors about missing data in self._stored. Was using `except KeyError`, but `self._stored` raises an `AttributeError` if data is not available. * fix: linting/formatting * feat: Add integration test for credential refresh * fix: test_refresh_credentials Updates test_refresh_credentials to use the refactored connect_client_to_server.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When credentials are updated via
juju config minio access-key=somethingNew
, the credential secret in k8s is updated but this secret update does not automatically get used by the minio workload’s pod because a change to a secret used by a pod does not cause the pod to restart and reload the secret.Possible solutions:
configmap
as immutable and on any config change create a new configmap and then modify the existingdeployment
to point to the new configmap. k8s will only scale down if theconfigmap
is validNote that any solution restarting minio might result in downtime/interruption. The actual minio workload will go down. This shoudl be documented properly. There might be more nuanced solutions, too (can we communicate with the running minio workload to tell it to update the credentials? That sounds like a possible sidecar thing).
The text was updated successfully, but these errors were encountered: