-
Task
-
Resolution: Done
-
Critical
-
ConsoleDot Q2 2020, June 2023 DevProd, DevProd June 2023 Release II, DevProd June Release Part III, DevProd June 2023 Release Part IV, DevProd June 2023 Release V, DevProd June 2023 Release VI, July 24, July 28th Dev Prod, July 28th Dev Prod- Round 2, Aug Release , Aug Release #2, Aug #3, Aug #4, DevProd Release Completed Items (August 15, 2023), Release-Aug, Aug #2
-
None
-
False
-
-
False
-
Unset
-
No
-
-
With the secret/configmap watching that Clowder is going to roll out to stage/prod very soon, care needs to be taken to ensure that apps don't end up in a bad state, as they have in ephemeral. One team referenced a database secret that was created by clowder in their clowdapp deployment. The normal flow (pre-change) would have gone like this
- ClowdApp reconciled
- Secret for database created
- Deployment uses secret to populate env vars
- App successfully comes up
With the secret/config watching, if a secret is down as being required, it must be present at the time of reconciliation. What was happening with the app in question was this.
- Clowdapp tries to read secret to generate hash
- Fails......secret not present, hence no database secret created, hence never completes
The app has now changed how they are grabbing their database credentials and are getting them from Clowders cdappconfig, which is the right way to do it.
To avoid this happening to other apps, an audit should be undertaken to ensure that no other apps are doing the same.
