Alexandre Dutra
Alexandre Dutra
Indeed but it would be cleaner if we explicitly refrain from passing credentials to medusa when auth is disabled.
Just to be clear, even with auth disabled a secret for Medusa is being created and replicated, then fed into the Medusa container through env vars. The Medusa client then...
@dorsegal our plan is to distribute the operator using Helm charts initially. Operator Hub would be the ultimate goal, but that requires a lot more work.
> Still can't get the integration tests to work. K3s doesn't work properly in rootless. Yeah I'm not sure running a Kubernetes cluster inside a rootless container is even possible.
> Do you plan to have GC implemented as part of the operator? I think it can be useful to have CRD for it See here: #9415 So it's planned...
Debugging a bit, this happens because the Nessie server requires OAUTH2 authentication with complex grant types, but `RESTCatalog` only accepts `client_credentials`. The error happens when fetching the config endpoint. I...
``` org.apache.iceberg.exceptions.NotAuthorizedException: Not authorized: at org.apache.iceberg.rest.ErrorHandlers$DefaultErrorHandler.accept(ErrorHandlers.java:210) at org.apache.iceberg.rest.ErrorHandlers$DefaultErrorHandler.accept(ErrorHandlers.java:188) at org.apache.iceberg.rest.HTTPClient.throwFailure(HTTPClient.java:211) at org.apache.iceberg.rest.HTTPClient.execute(HTTPClient.java:323) at org.apache.iceberg.rest.HTTPClient.execute(HTTPClient.java:262) at org.apache.iceberg.rest.HTTPClient.get(HTTPClient.java:358) at org.apache.iceberg.rest.RESTSessionCatalog.fetchConfig(RESTSessionCatalog.java:980) at org.apache.iceberg.rest.RESTSessionCatalog.initialize(RESTSessionCatalog.java:223) at org.apache.iceberg.rest.RESTCatalog.initialize(RESTCatalog.java:78) ```
It's non trivial to determine why the iceberg detection failed, and the fact that both APIs try to hit a `/config` endpoint first makes it even harder. @snazy wdyt of...
> WDYT about a URN like the following? > > ``` > urn:nessie-secret:adls-account-secret?+provider=k8s?=name=accountName&secret=accountKeyRef > ``` Indeed we could use an r-component for the provider – but going down that route,...
Hi @jordi-ydteam thanks for reporting this. Unfortunately I am unable to reproduce. All test cases above work fine for me. For example, here is the config map generated for `values-reproduction.yaml`:...