You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The UDS Operator config includes two config values for authservice, CA Cert and Redis. This config secret is provided to Pepr pods as env vars but changes to values are not properly handled. This particular issue is focused on the two authservice values.
In order to properly handle modifications to this configuration:
Pepr must update the UDSConfig when the secret changes. This could be done with a watch on the secret or a checksum on the pepr pods to cycle them when the secret updates.
Code around the authservice config must handle adding/changing the CA cert and redis configuration. Currently these values are only added as part of buildInitialSecret meaning this only works when the authservice-uds secret does not exist. We should ensure that when the config is changed we also update the secret and cycle authservice.
Definition of done: Slim-dev can be deployed without configuration for redis/ca-cert. After adding either or both of these parameters Pepr properly updates the authservice-uds secret and cycles the Authservice pod to read the new config.
Note: There are other "upgrade" that we do not account for in the config like changing domain. These should not be part of this issue but are good to track as known limitations as well.
The text was updated successfully, but these errors were encountered:
From user reports there is a workaround that can be used by deleting the authservice-uds secret and cycling the pepr watcher pod. This is obviously not ideal, but is functional until this issue is resolved.
The UDS Operator config includes two config values for authservice, CA Cert and Redis. This config secret is provided to Pepr pods as env vars but changes to values are not properly handled. This particular issue is focused on the two authservice values.
In order to properly handle modifications to this configuration:
authservice-uds
secret does not exist. We should ensure that when the config is changed we also update the secret and cycle authservice.Definition of done: Slim-dev can be deployed without configuration for redis/ca-cert. After adding either or both of these parameters Pepr properly updates the
authservice-uds
secret and cycles the Authservice pod to read the new config.Note: There are other "upgrade" that we do not account for in the config like changing domain. These should not be part of this issue but are good to track as known limitations as well.
The text was updated successfully, but these errors were encountered: