Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixing issues with GCR #34

Merged
merged 2 commits into from
Feb 24, 2017
Merged

Fixing issues with GCR #34

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
6836de8
Fixed issues with GCR
aaron-prindle Feb 9, 2017
5e06d5b
Merge branch 'master' into fix-gcr
stevesloka Feb 24, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 2 additions & 16 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,29 +62,15 @@ kubectl create -f k8s/secret.yaml

1. Clone the repo and navigate to directory

2. Input your application_default_credentials.json information into a secret with the template at k8s/gcr-secret.yaml:
```bash
apiVersion: v1
data:
application_default_credentials.json: <base-64 encoded ~/.config/gcloud/application_default_credentials.json>
kind: Secret
metadata:
name: gcr-secret
namespace: kube-system
labels:
app: gcr-creds
version: v1.2
kubernetes.io/minikube-addons: gcr-creds
type: Opaque
```
2. Input your application_default_credentials.json information into the secret.yaml template located [here](k8s/secret.yaml#L17):
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

On my mac, the application_default_credentials.jsonis empy, but my creds are incredentials`. Is this consistent?

The value for application_default_credentials.json can be obtained with the following command:
```bash
base64 -w $HOME/.config/gcloud/application_default_credentials.json
```

3. Create the secret in kubernetes
```bash
kubectl create -f k8s/gcr-secret.yml
kubectl create -f k8s/secret.yml
```

3. Create the replication controller:
Expand Down
12 changes: 0 additions & 12 deletions k8s/gcr-secret.yaml
View file
Open in desktop

This file was deleted.

9 changes: 9 additions & 0 deletions k8s/replicationController.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,3 +36,12 @@ spec:
secretKeyRef:
name: registry-creds
key: aws-account
volumeMounts:
- name: gcr-creds
mountPath: "/root/.config/gcloud"
readOnly: true
volumes:
- name: gcr-creds
secret:
secretName: gcr-secret

13 changes: 12 additions & 1 deletion k8s/secret.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@

apiVersion: v1
data:
AWS_ACCESS_KEY_ID: Y2hhbmdlbWU=
Expand All @@ -13,3 +12,15 @@ metadata:
version: v1.2
kubernetes.io/minikube-addons: registry-creds
type: Opaque

data:
application_default_credentials.json: Y2hhbmdlbWU=
kind: Secret
metadata:
name: gcr-secret
namespace: kube-system
labels:
app: gcr-creds
version: v1.2
kubernetes.io/minikube-addons: gcr-creds
type: Opaque
3 changes: 1 addition & 2 deletions main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -307,7 +307,7 @@ func validateParams() providerConfig {
var ecrEnabled bool

awsAccountID = os.Getenv("awsaccount")
if len(awsAccountID) == 0 {
if len(awsAccountID) == 0 || awsAccountID == "changeme" {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you think we should merge the secrets? Then make it more explicit which cloud is desired? I want to get everyone working, but may refactor to have it try and work with any cloud at the same time (or both).

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, I think that merging the secrets is the best approach as all secrets are required for the pod to load. I am debating what is the best way to configure the "mode" though. A config map perhaps?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh you did merge to the same! I missed that! I wonder if there's a simple way to "walk" the user through setting it up. Like when you enable the add-on from minikube, it would prompt for the right info and create the secret / configmap behind the scenes.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That is a great idea for minikube, would make it much easier to use! As far as using the addon standalone, I think that adding a config map w/ "mode" is the best solution for now.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok I can work on moving that into a configmap, and cleaning up the code, unless you've got something started or want to tackle.

I want to get this working @tsloughter first in this repo, then will look to incorporate into minikube which is what we had originally discussed.

log.Print("Missing awsaccount env variable, assuming GCR usage")
gcrEnabled = true
ecrEnabled = false
Expand Down Expand Up @@ -354,5 +354,4 @@ func main() {
}
}
}

}