openshift
Regression since OpenShift 3: it is no longer possible to input multiline template parameters
Hi, folks! I've migrated a template I used to have under OpenShift 3 to a new cluster running OpenShift 4 (https://openshift-console.osci.io). I'm facing a difference in the OpenShift Console Web UI that I can't seem to work around.
Some of my template parameters have to be multiline (in particular, a private key that ends up in a secret). In OS3 I used to go to the catalog, click on my template, and each <input> field in the configuration tab would have a double-sided arrow icon with a hint on hover saying “Expand to enter multiple lines of content. This is required if you need to include newline characters.”. I would click it and paste that private key with as many lines as necessary.
Now, in OS4, I can't find such expansion capability. It only allows one-line inputs for template parameters. Any chance I'm overlooking something? Is it a bug?
I've found an old ticket about OS3 from when that the original “expand” feature was implemented: https://bugzilla.redhat.com/show_bug.cgi?id=1312444#c4. The respective PR is https://github.com/openshift/origin-web-console/pull/739.
The following screenshot demonstrates what I face in OS4:
The next screenshots are how it used to be implemented in OS3:
This is also filed @ https://issues.redhat.com/browse/OCPBUGS-23080.
The related input field seems to be coming from this place: https://github.com/openshift/console/blob/802c16e3f239a53d9254379f51872fdc7433bc64/frontend/public/components/instantiate-template.tsx#L295-L305
I also filed https://issues.redhat.com/browse/OCPBUGS-23080, not knowing what the best place for reporting is.
Issues go stale after 90d of inactivity.
Mark the issue as fresh by commenting /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen.
If this issue is safe to close now please do so with /close.
/lifecycle stale
Stale issues rot after 30d of inactivity.
Mark the issue as fresh by commenting /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.
Exclude this issue from closing by commenting /lifecycle frozen.
If this issue is safe to close now please do so with /close.
/lifecycle rotten /remove-lifecycle stale
@aaronmcohen hey, do you know why https://issues.redhat.com/browse/OCPBUGS-23080 got auto-closed?
Here's a copy of the template that I provided over in the Jira issue:
---
apiVersion: template.openshift.io/v1
kind: Template
labels:
app: ${NAME}-github-app
template: ${NAME}-github-app
message: >
The following service(s) have been created in your project:
${NAME}-github-app, ${NAME}-${DATABASE_SERVICE_NAME}.
metadata:
annotations:
description: A bot (GitHub App) made with Octomachinery
iconClass: icon-python
openshift.io/display-name: Octomachinery-based GitHub App bot (Python + PostgreSQL)
openshift.io/documentation-url: >
https://github.com/sanitizers/octomachinery
openshift.io/long-description: >
This template defines resources needed to develop a GitHub Bot
application, including a build configuration and application
deployment configuration. It does not include a database.
openshift.io/provider-display-name: >
@webknjaz
openshift.io/support-url: >
https://github.com/sanitizers/octomachinery/issues
tags: bot, GitHub, GitHub App, octomachinery, Python
template.openshift.io/bindable: 'false'
name: octomachinery-github-app
objects:
- apiVersion: v1
kind: Secret
metadata:
name: ${NAME}-github-app
stringData:
database-password: ${DATABASE_PASSWORD}
database-user: ${DATABASE_USER}
database-url: >-
${DATABASE_ENGINE}://${DATABASE_USER}:${DATABASE_PASSWORD}@${NAME}-${DATABASE_SERVICE_NAME}:5432/${DATABASE_NAME}
github-app-private-key: ${GITHUB_PRIVATE_KEY}
github-app-webhook-secret: ${GITHUB_WEBHOOK_SECRET}
github-oauth-client-id: ${GITHUB_OAUTH_CLIENT_ID}
github-oauth-client-secret: ${GITHUB_OAUTH_CLIENT_SECRET}
sentry-dsn: ${SENTRY_DSN}
- apiVersion: v1
kind: Service
metadata:
annotations:
description: Exposes and load balances the application pods
service.alpha.openshift.io/dependencies: >
[{"name": "${NAME}-${DATABASE_SERVICE_NAME}", "kind": "Service"}]
name: ${NAME}-github-app
spec:
ports:
- name: github-app-http-port
port: 8080
targetPort: 8080
selector:
name: ${NAME}-github-app
- apiVersion: route.openshift.io/v1
kind: Route
metadata:
name: ${NAME}-github-app
spec:
host: ${APPLICATION_DOMAIN}
port:
targetPort: github-app-http-port
tls:
insecureEdgeTerminationPolicy: Redirect
termination: edge
to:
kind: Service
name: ${NAME}-github-app
- apiVersion: image.openshift.io/v1
kind: ImageStream
metadata:
annotations:
description: Keeps track of changes in the application image
name: ${NAME}-github-app
- apiVersion: build.openshift.io/v1
kind: BuildConfig
metadata:
annotations:
description: Defines how to build the application
template.alpha.openshift.io/wait-for-ready: 'true'
name: ${NAME}-github-app
spec:
output:
to:
kind: ImageStreamTag
name: ${NAME}-github-app:latest
postCommit:
script: true || ./manage.py test
source:
contextDir: ${CONTEXT_DIR}
git:
ref: ${SOURCE_REPOSITORY_REF}
uri: ${SOURCE_REPOSITORY_URL}
type: Git
strategy:
sourceStrategy:
env:
- name: PIP_INDEX_URL
value: ${PIP_INDEX_URL}
from:
name: quay.io/fedora/python-39:latest
kind: DockerImage
type: Source
triggers:
- type: ImageChange
- type: ConfigChange
- github:
secret: ${GITHUB_WEBHOOK_SECRET}
type: GitHub
- generic:
secret: ${GENERIC_WEBHOOK_SECRET}
type: Generic
- apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
annotations:
description: Defines how to deploy the application server
template.alpha.openshift.io/wait-for-ready: 'true'
name: ${NAME}-github-app
spec:
replicas: 1
selector:
name: ${NAME}-github-app
# docs.openshift.com/container-platform/3.10/dev_guide/deployments/deployment_strategies.html
strategy:
#type: Rolling
type: Recreate
template:
metadata:
labels:
name: ${NAME}-github-app
name: ${NAME}-github-app
spec:
containers:
- env:
- name: APP_MODULE
value: ${APP_MODULE}
- name: HOST
value: ${HOST}
- name: GITHUB_APP_IDENTIFIER
value: ${GITHUB_APP_IDENTIFIER}
- name: GITHUB_PRIVATE_KEY
valueFrom:
secretKeyRef:
key: github-app-private-key
name: ${NAME}-github-app
- name: GITHUB_WEBHOOK_SECRET
valueFrom:
secretKeyRef:
key: github-app-webhook-secret
name: ${NAME}-github-app
- name: GITHUB_OAUTH_CLIENT_ID
valueFrom:
secretKeyRef:
key: github-oauth-client-id
name: ${NAME}-github-app
- name: GITHUB_OAUTH_CLIENT_SECRET
valueFrom:
secretKeyRef:
key: github-oauth-client-secret
name: ${NAME}-github-app
- name: SENTRY_DSN
valueFrom:
secretKeyRef:
key: sentry-dsn
name: ${NAME}-github-app
- name: ENV
value: ${ENV}
- name: DEBUG
value: ${DEBUG}
- name: DATABASE_SERVICE_NAME
value: ${NAME}-${DATABASE_SERVICE_NAME}
- name: DATABASE_ENGINE
value: ${DATABASE_ENGINE}
- name: DATABASE_NAME
value: ${DATABASE_NAME}
- name: DATABASE_USER
valueFrom:
secretKeyRef:
key: database-user
name: ${NAME}-github-app
- name: DATABASE_PASSWORD
valueFrom:
secretKeyRef:
key: database-password
name: ${NAME}-github-app
- name: APP_CONFIG
value: ${APP_CONFIG}
image: ' '
name: ${NAME}-github-app
ports:
- containerPort: 8080
resources:
limits:
memory: ${MEMORY_LIMIT}
triggers:
- imageChangeParams:
automatic: true
containerNames:
- ${NAME}-github-app
from:
kind: ImageStreamTag
name: ${NAME}-github-app:latest
type: ImageChange
- type: ConfigChange
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: ${NAME}-${DATABASE_SERVICE_NAME}
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: ${VOLUME_CAPACITY}
- apiVersion: v1
kind: Service
metadata:
annotations:
description: Exposes the database server
name: ${NAME}-${DATABASE_SERVICE_NAME}
spec:
ports:
- name: postgresql
port: 5432
targetPort: 5432
selector:
name: ${NAME}-${DATABASE_SERVICE_NAME}
- apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
annotations:
description: Defines how to deploy the database
template.alpha.openshift.io/wait-for-ready: 'true'
name: ${NAME}-${DATABASE_SERVICE_NAME}
spec:
replicas: 1
selector:
name: ${NAME}-${DATABASE_SERVICE_NAME}
strategy:
type: Recreate
template:
metadata:
labels:
name: ${NAME}-${DATABASE_SERVICE_NAME}
name: ${NAME}-${DATABASE_SERVICE_NAME}
spec:
containers:
- env:
- name: POSTGRESQL_USER
valueFrom:
secretKeyRef:
key: database-user
name: ${NAME}-github-app
- name: POSTGRESQL_PASSWORD
valueFrom:
secretKeyRef:
key: database-password
name: ${NAME}-github-app
- name: POSTGRESQL_DATABASE
value: ${DATABASE_NAME}
image: ' '
livenessProbe:
exec:
command:
- /usr/libexec/check-container
- --live
initialDelaySeconds: 120
timeoutSeconds: 10
name: postgresql
ports:
- containerPort: 5432
readinessProbe:
exec:
command:
- /usr/libexec/check-container
initialDelaySeconds: 5
timeoutSeconds: 1
resources:
limits:
memory: ${MEMORY_POSTGRESQL_LIMIT}
volumeMounts:
- mountPath: /var/lib/pgsql/data
name: ${NAME}-${DATABASE_SERVICE_NAME}-data
volumes:
- name: ${NAME}-${DATABASE_SERVICE_NAME}-data
persistentVolumeClaim:
claimName: ${NAME}-${DATABASE_SERVICE_NAME}
triggers:
- imageChangeParams:
automatic: true
containerNames:
- postgresql
from:
kind: ImageStreamTag
name: postgresql:${POSTGRESQL_VERSION}
namespace: ${NAMESPACE}
type: ImageChange
- type: ConfigChange
parameters:
- description: The name assigned to all of the frontend objects defined in this template.
displayName: Name
name: NAME
required: true
value: <octomachinery>
- description: The OpenShift Namespace where the ImageStream resides.
displayName: Namespace
name: NAMESPACE
required: true
value: wk-test-project # openshift
- description: >
Version of Python image to be used (3.7, 3.8, 3.9, 3.10 or latest).
displayName: Version of Python Image
name: PYTHON_VERSION
required: true
value: '3.10'
- description: Version of PostgreSQL image to be used (9.4, 9.5, 9.6 or latest).
displayName: Version of PostgreSQL Image
name: POSTGRESQL_VERSION
required: true
value: '9.6'
- description: Maximum amount of memory the container can use.
displayName: Memory Limit
name: MEMORY_LIMIT
required: true
value: 512Mi
- description: Maximum amount of memory the PostgreSQL container can use.
displayName: Memory Limit (PostgreSQL)
name: MEMORY_POSTGRESQL_LIMIT
required: true
value: 512Mi
- description: Volume space available for data, e.g. 512Mi, 2Gi
displayName: Volume Capacity
name: VOLUME_CAPACITY
required: true
value: 1Gi
- description: >
The URL of the repository with your application source code
displayName: Git Repository URL
name: SOURCE_REPOSITORY_URL
required: true
value: https://github.com/sanitizers/<app-slug>-github-app.git
- description: >
Set this to a branch name, tag or other ref of your repository if
you are not using the default branch.
displayName: Git Reference
name: SOURCE_REPOSITORY_REF
- description: >
Set this to the relative path to your project if it is not in the
root of your repository.
displayName: Context Directory
name: CONTEXT_DIR
- description: >
The exposed hostname that will route to the Django service, if left
blank a value will be defaulted.
displayName: Application Hostname
name: APPLICATION_DOMAIN
value: ''
- description: >
Github trigger secret. A difficult to guess string encoded as part
of the webhook URL. Not encrypted.
displayName: GitHub Webhook Secret
from: '[a-zA-Z0-9]{40}'
generate: expression
name: GITHUB_WEBHOOK_SECRET
- description: A secret string used to configure the Generic webhook.
displayName: Generic Webhook Secret
from: '[a-zA-Z0-9]{40}'
generate: expression
name: GENERIC_WEBHOOK_SECRET
- displayName: Database Service Name
name: DATABASE_SERVICE_NAME
required: true
value: postgresql
- description: 'Database engine: postgresql, mysql or sqlite (default).'
displayName: Database Engine
name: DATABASE_ENGINE
required: true
value: postgresql
- displayName: Database Name
name: DATABASE_NAME
required: true
value: default
- displayName: Database Username
name: DATABASE_USER
required: true
value: <octomachinery>-github-app
- displayName: Database User Password
from: '[a-zA-Z0-9]{16}'
generate: expression
name: DATABASE_PASSWORD
- description: Relative path to Gunicorn configuration file (optional).
displayName: Application Configuration File Path
name: APP_CONFIG
- description: The custom PyPI index URL
displayName: Custom PyPI Index URL
name: PIP_INDEX_URL
value: ''
- description: The App ID copied from GitHub App settings page
displayName: App ID copied from GitHub App settings page
name: GITHUB_APP_IDENTIFIER
required: true
- description: The private key downloaded from GitHub App settings page
displayName: Private key downloaded from GitHub App settings page
name: GITHUB_PRIVATE_KEY
required: true
value: >
FIXME: Edit in the workload secrets post creation.
Reason: the OpenShift Web Console used to allow multiline
inputs in v3 but not in v4.
- description: The OAuth Client ID copied from GitHub App settings page
displayName: OAuth Client ID copied from GitHub App settings page
name: GITHUB_OAUTH_CLIENT_ID
required: true
- description: >
The OAuth Client secret copied from GitHub App settings page
displayName: OAuth Client secret copied from GitHub App settings page
name: GITHUB_OAUTH_CLIENT_SECRET
required: true
- description: >-
[KEEP EMPTY] The path to the WSGI application importable
displayName: >-
[KEEP EMPTY] Path to the WSGI application importable
name: APP_MODULE
required: false # so that s2i machinery actually invokes `app.sh`
value: '' # chronographer
- description: The interface IP to listen to
displayName: Bind host
name: HOST
required: true
value: 0.0.0.0
- description: Environment type (prod or dev)
displayName: Environment
name: ENV
required: true
value: prod
- description: Verbosity mode (boolean)
displayName: Debug
name: DEBUG
required: true
value: 'false'
- description: Sentry connection string
displayName: Sentry DSN
name: SENTRY_DSN
required: true
value: ''
...
@logonoff: Closing this issue.
In response to this:
/close
completed in #14416 #14508 #14545
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.
![openshift-ci[bot] avatar](https://avatars.githubusercontent.com/in/91280?v=4 "Published by a pub.dev verified publisher"){kind=small}
Is this already released? Which versions are expected to have the patch included?
This patch should be included in OCP 4.18.0, likely 4.17.7 or 4.17.8, and some future 4.16.z release
But just to be sure: there's no public release in neither stream and I need to wait, right?
But just to be sure: there's no public release in neither stream and I need to wait, right?
The patch has made it to OCP 4.17.7 and 4.16.26!
https://amd64.ocp.releases.ci.openshift.org/releasestream/4-stable/release/4.17.7 https://access.redhat.com/errata/RHSA-2024:10518
https://amd64.ocp.releases.ci.openshift.org/releasestream/4-stable/release/4.16.26 https://access.redhat.com/errata/RHSA-2024:10823