Skip to content
This repository has been archived by the owner on Dec 15, 2022. It is now read-only.

S3 bucket does not store any data in k8s secret #245

Open
asajoshi opened this issue Oct 31, 2022 · 0 comments
Open

S3 bucket does not store any data in k8s secret #245

asajoshi opened this issue Oct 31, 2022 · 0 comments
Labels
bug Something isn't working

Comments

@asajoshi
Copy link

Expected behaviour

S3 bucket resource needs to store connection details such as region and endpoint to k8s secret , similar to IAM resource example.

Actual behaviour

When a resource is created, it creates a blank k8s secret with no data propagated.

Steps to reproduce

Installation

check latest version from releases

# provider.yaml 
apiVersion: pkg.crossplane.io/v1alpha1
kind: ControllerConfig
metadata:
  name: vault
spec:
  podSecurityContext:
    fsGroup: 2000
  args:
    - --enable-external-secret-stores
    - --debug
  metadata:
    annotations:
      vault.hashicorp.com/agent-inject: "true"
      vault.hashicorp.com/agent-inject-token: "true"
      vault.hashicorp.com/role: crossplane
      vault.hashicorp.com/agent-run-as-user: "2000"

---
apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
  name: crossplane-provider-jet-aws
spec:
  package: crossplane/provider-jet-aws:v0.5.0
  controllerConfigRef:
    name: vault

# providerconfig.yaml 
apiVersion: aws.jet.crossplane.io/v1alpha1
kind: ProviderConfig
metadata:
  name: default
spec:
  credentials:
    source: Secret
    secretRef:
        namespace: crossplane-system
        name: aws-creds
        key: creds

kubectl apply -f provider.yaml 
kubectl apply -f providerconfig.yaml

# verify it's healthy 
kubectl describe providers.pkg.crossplane.io crossplane-provider-jet-aws

configuration

# store aws access and secret keys in creds.conf file
AWS_PROFILE=default && echo -e "[default]\naws_access_key_id = $(aws configure get aws_access_key_id --profile $AWS_PROFILE)\naws_secret_access_key = $(aws configure get aws_secret_access_key --profile $AWS_PROFILE)" > creds.conf

#create a provider secret 
kubectl create secret generic aws-creds -n crossplane-system --from-file=creds=./creds.conf

# apply provider config to use that secret
kubectl apply -f providerconfig.yaml

Simple s3 bucket creation: Tried to run the s3 example given by provider-jet-aws

apiVersion: s3.aws.jet.crossplane.io/v1alpha2
kind: Bucket
metadata:
  name: sample-bucket-by-asa
  annotations:
    # This will be the actual bucket name. It must be globally unique, so you
    # probably want to change it before trying to apply this example.
    crossplane.io/external-name: crossplane-example-bucket-by-asa
spec:
  forProvider:
    region: us-west-1
    acl: private
    tags:
      Name: SampleBucket
  writeConnectionSecretToRef:
    name: s3connectiondetails
    namespace: crossplane-system

This creates a blank secret with no data such as region and endpoint, whereas in iam accesskey example, accesskeys are propagated in the secret.

Conclusion/ Observation -
Implementation for secret propagation seems missing for s3 bucket.
@asajoshi asajoshi added the bug Something isn't working label Oct 31, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@asajoshi