-
Story
-
Resolution: Done
-
Minor
-
None
-
None
-
2
-
False
-
None
-
False
-
-
-
AppSvc Sprint 236, AppSvc Sprint 237, AppSvc Sprint 238
Owner: Architect:
Francesco Ilario
Story (Required)
As a Primaza Developer,
I would like Agent deployment to automatically mount the kubeconfig for communicating with Primaza
So that I don't need to manage the logic of fetching the secret nor to give agent permission to read the secret directly
Background (Required)
The Agents need to read the kubeconfig for communicating with Primaza.
As of now, the kubeconfig is stored in a secret (namely primaza-config) and the agent directly fetches its content from the Kubernetes API Server.
We would like to delegate this responsibility to Kubernetes itself.
See epic for arch document link.
Glossary
See glossary in architecture document
Out of scope
NA
In Scope
- Update agents permissions
- Mount Secret data in agent file-system
Approach(Required)
Instead of fetching the secret at runtime, mount the secret as a volume and access the data from file-system.
A good path where to mount the secret may be the folders /secrets/primaza/ or /etc/primaza.
The logic to create a Kubernetes API Client from file may be added to pkg/primaza/clustercontext.
Demo requirements(Required)
NA
Dependencies
NA
Edge Case
NA
BDD Tests
NA
Acceptance Criteria
- Development
Kubeconfig Secret is mounted in Agent pod's file-system
Agent's controllers which requires a client to communicate with Primaza, should use data from file-system
INVEST Checklist
Dependencies identified
Blockers noted and expected delivery timelines set
Design is implementable
Acceptance criteria agreed upon
Story estimated
Legend
Unknown
Verified
Unsatisfied