[Blueprint] read metadata from other kubernetes resources than secrets or configmaps
Opened this issue ยท 5 comments
Is your feature request related to a problem? Please describe.
It's more a question than a feature request
In Blueprint templates, I'm using objects field to access secrets data within my backup phase. As objects seems to be generic, I'm wondering if I can use it to access other kubernetes object data.
Describe the solution you'd like
I'd like to do something like this:
apiVersion: config.kio.kasten.io/v1alpha1
kind: Profile
metadata:
name: my-kasten-profile
namespace: kasten-io
spec:
type: Location
locationSpec:
credential:
secret:
apiVersion: v1
kind: secret
name: my-secret
namespace: kasten-io
secretType: AwsAccessKey
objectStore:
endpoint: https://my-s3-endpoint.com:10443
name: my-s3
objectStoreType: S3
pathType: Directory
region: fr-south-1
type: ObjectStore
---
apiVersion: cr.kanister.io/v1alpha1
kind: Blueprint
metadata:
name: my-backup
actions:
backup:
phases:
- func: KubeExec
name: backupToS3
objects:
s3Secret:
kind: Secret
name: 'my-secret'
namespace: 'kasten-io'
s3Location:
group: config.kio.kasten.io
kind: Profile <== Access other resources than secrets
namespace: 'kasten-io'
name: 'my-kasten-profile'
args:
namespace: "{{ .StatefulSet.Namespace }}"
pod: "{{ index .StatefulSet.Pods 0 }}"
container: my-container
command:
- bash
- -o
- errexit
- -o
- pipefail
- -c
- |
S3_ACCESS_KEY={{ index .Phases.backupToS3.Secrets.s3Secret.Data "aws_access_key_id" | toString }} # <== This is working
S3_LOCATION={{ index .Phases.backupToS3.Profile.s3Location.Data "endpoint" | toString }} # <== This is not workingEnvironment
Kubernetes Version/Provider: 1.25
Cluster Size (#nodes): 30
Thanks for opening this issue ๐. The team will review it shortly.
If this is a bug report, make sure to include clear instructions how on to reproduce the problem with minimal reproducible examples, where possible. If this is a security report, please review our security policy as outlined in SECURITY.md.
If you haven't already, please take a moment to review our project's Code of Conduct document.
Hi @sybernatus,
That's a great question. Even though phases[?].objects field looks specific enough to assume that we should be able to use any object there, it's not supported right now to provide other Kubernetes objects.
If you can talk about your use case, maybe we would be able to figure out a way to do that using other standard ways.
Waiting to hear more detail, please let us know your use case @sybernatus .
Hi, and thanks for your reply ๐
What I would like is to avoid duplicating data across resources. For example, as in my kasten profile I have the endpoint of my S3, I would like to avoid creating a secret or configmap that have the same information.
Reading you, it seems that it is still not possible for now. So I will duplicate them in a configmap to use them in my blueprint.
Hi, and thanks for your reply ๐ What I would like is to avoid duplicating data across resources. For example, as in my kasten profile I have the endpoint of my S3, I would like to avoid creating a secret or configmap that have the same information.
Reading you, it seems that it is still not possible for now. So I will duplicate them in a configmap to use them in my blueprint.
ok, I understand.
So I am assuming you need the S3 endpoint (that is configured in profile) in your blueprint and are trying to do something using that endpoint. Usually we don't expect a blueprint to have separate s3 commands to push and pull things from a bucket and that is the reason maybe you are seeing this behaviour. Usually the kando or any other command (if applicable) does this.