helm icon indicating copy to clipboard operation
helm copied to clipboard

Published 20 hours ago verified publisher icon woodpecker-ci

Auto-create `WOODPECKER_AGENT_SECRET` secret

Open pat-s opened this issue 5 months ago • 1 comments

While #144 took a first stab, the implementation does not work in practice for users as the secret is not generated automatically. Right now, only an empty k8s secret is created which must be filled manually with data containing WOODPECKER_AGENT_SECRET.

As #207 shows, users ideally expect the server-agent connection to work OOB.

This new approach

  • creates a k8s secret called woodpecker-default-agent-secret which contains a valid WOODPECKER_AGENT_SECRET
  • Creation is controlled by a boolean flag createAgentSecret (default true for server), which can be set to false if users want to control the creation themselves

woodpecker-default-agent-secret will be read by the server and agent (if both are in the same namespace). If the agent chart is deployed to a different namespace, users must configure the same secret on their own as we can't ensure the creation of identical secrets across namespaces.

fix #207

TODO

  • [x] Update README/instructions
  • [x] Add tests

Breaking

As this PR changes the way how secrets are created and removes the default woodpecker-custom-secret (as this is not in use anymore), this might break existing installations, hence the "breaking" label and major bump.

pat-s avatar Sep 23 '24 17:09 pat-s