fix: consistent imageCredentials in KubeEnforcer #110
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- KubeEnforcer used a different, older imagePullSecret name than the
other charts
- this would cause bugs and result in the image being unable to be
pulled if one followed the directions and used the
aqua-registry-secret name
- 38f48d6 changed it from
csp-registry-secret to aqua-registry-secret
- and the docs said the default was aqua-image-pull-secret, which
wasn't what it was set to nor the new name, it was neither
- seemed like the Enforcer used this incorrect name in its docs
until 38f48d6 as well
- the create default was set to true, but is false in the other charts,
so this sets it to false to make it consistent
- it also specified an email for some reason, while none of the other
charts do so
- docs didn't specify repositoryUriPrefix or registry, but Enforcer
and Server do, so add those for consistency
- also because it's a bit misleading and confusing to not add _all_
the configurable values in the docs if a "see more in values.yaml"
or something isn't specified
This was referenced Aug 6, 2020
|
This now has merge conflicts because #121 was merged beforehand, despite my comments on #121 pointing out the duplications it made to this PR |
|
fixed on all active branches, closing this PR |
@KoppulaRajender the current branches actually don't have this code. #121 was merged (despite my comments) but that only duplicated one part of this PR and not the rest... For instance, The README here also still doesn't have |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
KubeEnforcer used a different, older imagePullSecret name than the
other charts
pulled if one followed the directions and used the
aqua-registry-secret name
csp-registry-secret to aqua-registry-secret
wasn't what it was set to nor the new name, it was neither
until 38f48d6 as well
the create default was set to true, but is false in the other charts,
so this sets it to false to make it consistent
it also specified an email for some reason, while none of the other
charts do so
docs didn't specify repositoryUriPrefix or registry, but Enforcer
and Server do, so add those for consistency
the configurable values in the docs if a "see more in values.yaml"
or something isn't specified
Tags
38f48d6 changed the secret name in charts per the description.
Fixes inconsistencies introduced in #86, #93, and #94
Like #103, which also made a correction to the imagePullSecret naming, this type of bug is really easy to hit, get confused by, and spend a lot of unnecessary time on
Review Notes
This is a bugfix but is technically slightly breaking as well for anyone that relied on previous behavior. The KubeEnforcer chart still has yet to be published per #96 though