'kots pull' doesn't preserve valuePlaintext

[MikaelSmith]

The admin console workflow to update files says to

• kots download
• make changes
• kots upload

However it's not clear where to make changes.

• If I make them in base, then do kots upload, those are reflected in the diff and applied. However if I then make config changes in the console, my changes get overwritten.
• If I make them in upstream, then do kots upload, the changes don't appear in the diff until I also make some sort of config change in the console.

The best solution I found was to do kots download --decrypt-password-values, make changes in upstream, and run kots pull <slug> --local-path <slug>/upstream --rootdir newdir --exclude-admin-console --license-file <slug>/upstream/userdata/license.yaml --downstream this-cluster. I could then upload newdir/<slug> (or say --rootdir . and update in-place) but the password values from config that show up in base have been changed in a way I don't trust.

That kots pull invocation isn't easy to figure out, and it doesn't appear to treat valuePlaintext correctly.

[dexhorthy]

Thanks @MikaelSmith ! I know doing the pull using --local-path is experimental right now, but the workflow you're using should be working, I'd be curious if @marccampbell has any more thoughts on the password values changes.

Just to clarify -- this is for developing your app against kotsadm right, not about adding last-mile kustomize changes to a production application, right?

[MikaelSmith]

Ah yes, this is primarily about developing an application and testing out configuration/templating. So my work-around isn't terrible, but kots pull seems like it should work with valuePlaintext.

P.S. https://kots.io/kotsadm/updating/patching-with-kustomize/ would be a useful link to have in the Admin Console talking about Edit any of your files in your favorite IDE..

[MikaelSmith]

An additional note: doing kots pull also rewrites the userdata/config.yaml with encrypted values, removing the valuePlaintext.

[mahesws]

The admin console workflow to update files says to

• kots download
• make changes
• kots upload

However it's not clear where to make changes.

• If I make them in base, then do kots upload, those are reflected in the diff and applied. However if I then make config changes in the console, my changes get overwritten.
• If I make them in upstream, then do kots upload, the changes don't appear in the diff until I also make some sort of config change in the console.

The best solution I found was to do kots download --decrypt-password-values, make changes in upstream, and run kots pull <slug> --local-path <slug>/upstream --rootdir newdir --exclude-admin-console --license-file <slug>/upstream/userdata/license.yaml --downstream this-cluster. I could then upload newdir/<slug> (or say --rootdir . and update in-place) but the password values from config that show up in base have been changed in a way I don't trust.

That kots pull invocation isn't easy to figure out, and it doesn't appear to treat valuePlaintext correctly.

Is this issue fixed? I am still getting the same when editing "cd4pe/upstream/userdata/config.yaml" file & uploading using "kubectl kots upload --namespace default --slug cd4pe ./cd4pe". No changes in cd4pe apps.

[MikaelSmith]

We've primarily moved to relying on the KOTS Admin Console service to handle pulls, so we only modify "upstream". I modify <app>/upstream/userdata/config.yaml regularly to make changes. Always set/edit value (not default), and make sure there aren't duplicate entries.

Recent versions of KOTS also include kubectl kots set config <key>=<value>, which should be simpler to accomplish the same thing.