csm icon indicating copy to clipboard operation
csm copied to clipboard

Published 20 hours ago verified publisher icon dell

[FEATURE]: Should we consider changing the method that is used to create the secret.

Open gashof opened this issue 2 years ago • 4 comments

Bug Description

I am looking at the CSI Driver for PowerScale documentation, but this applies to any of the drivers where we use the more complex syntax to create the secret. https://dell.github.io/csm-docs/docs/csidriver/installation/helm/isilon/#install-the-driver

When installing we have 2 secrets that are often created. The latter is more simple and less prone to error.: Create isilon-creds secret using the following command: kubectl create secret generic isilon-creds -n isilon --from-file=config=secret.yaml -o yaml --dry-run=client | kubectl apply -f - and kubectl create -f empty-secret.yaml

The below mistake in syntax is easy to make and difficult to spot. Without the correct syntax the pods will go into a crash loop back off due to the secret not configured right. This could be avoided with kubectl create -f secret.yaml. kubectl create secret generic isilon-creds -n test-isilon --from-file=secret.yaml -o yaml --dry-run=client | kubectl apply -f - vs kubectl create secret generic isilon-creds2 -n test-isilon --from-file=config=secret.yaml -o yaml --dry-run=client | kubectl apply -f -

The only difference in the created secrets is this part: apiVersion: v1 data: config:

vs

apiVersion: v1 data: secret.yaml:

Logs

n/a

Screenshots

n/a

Additional Environment Information

n/a

Steps to Reproduce

see above

Expected Behavior

Syntax for secret creation should be simple and eliminate the possibility of user error and secret should be created correctly.

CSM Driver(s)

All where we use the more complex method to create the secret

Installation Type

All where we use the more complex method to create the secret

Container Storage Modules Enabled

None and uncertain if this affects them

Container Orchestrator

All where we use the more complex method to create the secret

Operating System

All where we use the more complex method to create the secret

gashof avatar Jun 24 '22 21:06 gashof

IMO this should be taken up as an enhancement.

bharathsreekanth avatar Jun 27 '22 12:06 bharathsreekanth

what is the proposal here ? Create secret (isilon-creds) using approach: kubectl create -f empty-secret.yaml or kubectl create secret generic isilon-creds -n test-isilon --from-file=secret.yaml -o yaml --dry-run=client | kubectl apply -f -

bpjain2004 avatar Jun 27 '22 13:06 bpjain2004

So from the field they want to ease secret creation just like we create empty secret --> kubectl create -f empty-secret.yaml

nitesh3108 avatar Jun 28 '22 06:06 nitesh3108

@gashof Added this to backlog items. This will be discussed and taken up based on the priority.

randeepdell avatar Jun 28 '22 09:06 randeepdell