feat: platform secrets as sealed secrets#2978
Conversation
CasLubbers
left a comment
CasLubbers
left a comment
There was a problem hiding this comment.
Really impressive with the work you did! It was/is thought review
…them with SealedSecrets
CasLubbers
left a comment
CasLubbers
left a comment
There was a problem hiding this comment.
Really great work you did some nice improvements. I can understand it much better right now.
| const applySealedSecretResource = async (manifest: SealedSecretManifest): Promise<void> => { | ||
| await k8s.custom().patchNamespacedCustomObject( | ||
| { | ||
| group: 'bitnami.com', |
There was a problem hiding this comment.
Nice this is already really clean! I would only make constants out of the group, version and plural. And maybe fieldManager we also use that in the applyAsApps for ArgoCD
| cert.validity.notAfter = new Date() | ||
| cert.validity.notAfter.setFullYear(cert.validity.notBefore.getFullYear() + 10) | ||
|
|
||
| const attrs = [ |
There was a problem hiding this comment.
This is also a good contender to move out of the function and create a constant with good naming
| ] | ||
| cert.setSubject(attrs) | ||
| cert.setIssuer(attrs) | ||
| cert.setExtensions([ |
There was a problem hiding this comment.
Same here this object can get out of this function and get a good name
| * - apps.X -> X-secrets | ||
| * - topLevel -> topLevel-secrets | ||
| */ | ||
| const deriveSecretName = (secretPath: string): string => { |
There was a problem hiding this comment.
Nice one! this was that hardcoded map right?
|
|
||
| // Read all YAML files in the sealedsecrets subdirectory | ||
| const files = await deps.readdir(sealedSecretsDir) | ||
| for (const file of files) { |
There was a problem hiding this comment.
This for loop can also be in a separate function with something like: applySealedSecretsFromFiles? Then you'll directly see what it is and does
| } | ||
| } | ||
|
|
||
| public async applyRecoveryManifests(): Promise<void> { |
There was a problem hiding this comment.
This function is a bit tricky. It will work for now, but what if we want to add other items then secrets to the recovery?
3 participants
📌 Summary
PRs: apl-api | apl-tasks
🔍 Reviewer Notes
🧹 Checklist