Make creating the secret optional #160
Conversation
Pure-AdamuKaapan
left a comment
Pure-AdamuKaapan
left a comment
There was a problem hiding this comment.
@sdodsley this request seems reasonable to me, we already function fine with the secret missing (we just kinda sit there until it appears). Can you think of any issues this might cause?
@gaima8 I left a few comments if you'd be so kind as to address them, they're mostly just small doc changes. Thanks for your contribution!
pure-pso/README.md
Outdated
| | `flashblade.snapshotDirectoryEnabled` | Enable/Disable FlashBlade snapshots | `false` | | ||
| | `orchestrator.name` | Orchestrator type, such as openshift, k8s | `k8s` | | ||
| | *`arrays` | Array list of all the backend FlashArrays and FlashBlades | must be set by user, see an example below | | ||
| | *`arrays` | Array list of all the backend FlashArrays and FlashBlades | may be set by user, see two examples below | |
There was a problem hiding this comment.
[nit] I'd just change it to "may be set by user, see examples below" (remove "two")
pure-pso/README.md
Outdated
| *Examples: | ||
|
|
||
| 1. Helm values | ||
| To have helm create and manage the secret holding the API tokens use the following in your values file. |
There was a problem hiding this comment.
[nit] capitalize Helm, and end the sentence in a colon instead of period
pure-pso/README.md
Outdated
| 2. Manual secret | ||
| If you wish to manage the secret holding the API tokens yourself do the following; | ||
| Create a kubernetes secret called `pure-provisioner-secret` with a single key `pure.json` containing json formatted like so |
There was a problem hiding this comment.
| Create a kubernetes secret called `pure-provisioner-secret` with a single key `pure.json` containing json formatted like so | |
| Create a Kubernetes secret called `pure-provisioner-secret` in the same namespace as your PSO installation with a single key `pure.json` containing json formatted like so: |
|
@Pure-AdamuKaapan Is this change going to mess up the helm schema? |
|
@sdodsley I think this would make it so that |
|
Hi, requested changes to the README made. |
3 participants
Same as purestorage/helm-charts#258 but for the newer release.
My aim is to have the flux helm-controller install the chart, and it's impractical to pass the API tokens securely for the chart to create the secret.
A sealed-secret solves the problem of getting the values in but the chart will at best overwrite the unsealed secret.
I am very much open to ideas on how to handle the validation of
arraysbetter.