Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Generate machine key in home directory in K8s #707

Merged
merged 2 commits into from
Nov 30, 2023
Merged

Generate machine key in home directory in K8s #707

merged 2 commits into from
Nov 30, 2023

Conversation

APErebus
Copy link
Contributor

@APErebus APErebus commented Nov 30, 2023
edited
Loading

Background

The machine key is currently generated for linux in /etc/octopus/machinekey. This then is regenerated when the pod restarts, so the encrypted values (which are stored in the home directory, on a NFS share) can't be decrypted

Results

When running in K8S only, we change the location of the file to generate the machine key to be in the configured environment variable TentacleHome (which currently is the NFS share /octopus). This results in the key being persisted across pod restarts and the cert can be decrypted

Shortcut story: [sc-66137]

How to review this PR

Quality ✔️

Pre-requisites

  • I have read How we use GitHub Issues for help deciding when and where it's appropriate to make an issue.
  • I have considered informing or consulting the right people, according to the ownership map.
  • I have considered appropriate testing for my change.

@APErebus APErebus requested a review from a team as a code owner November 30, 2023 02:05
APErebus
APErebus commented Nov 30, 2023
View reviewed changes
source/Octopus.Tentacle/Util/PlatformDetection.cs
@@ -14,8 +14,7 @@ public static class Kubernetes
/// <summary>
/// Indicates if the Tentacle is running inside a Kubernetes cluster.
/// </summary>
public static bool IsRunningInKubernetes => !string.IsNullOrWhiteSpace(Environment.GetEnvironmentVariable("KUBERNETES_SERVICE_HOST")) ||
(bool.TryParse(Environment.GetEnvironmentVariable("OCTOPUS__TENTACLE__FORCEK8S"), out var b) && b);
public static bool IsRunningInKubernetes => bool.TryParse(Environment.GetEnvironmentVariable("OCTOPUS__K8STENTACLE__FORCE"), out var b) && b;
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changed this to be explicit and this env var will be set in the helm/pod configuration

Base automatically changed from ap/override-directories to main November 30, 2023 02:39
@APErebus APErebus force-pushed the ap/generate-machine-key-in-home-directory-k8s branch from 891bc33 to 5e10c1f Compare November 30, 2023 02:45
@shortcut-integration Shortcut Integration
Copy link

This pull request has been linked to Shortcut Story #66137: Explore using NFS server for shared storage with tentacle + jobs.

@APErebus APErebus enabled auto-merge (squash) November 30, 2023 03:54
@APErebus APErebus merged commit f1c2e4e into main Nov 30, 2023
48 checks passed
@APErebus APErebus deleted the ap/generate-machine-key-in-home-directory-k8s branch November 30, 2023 04:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zentron zentron zentron approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@APErebus @zentron