-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Move ncbi_api_key to secrets. #2357
Conversation
You need to add a flag to the seal command so it can be unsealed in any namespace – I'll look up the flag when not afk |
@theosanderson (absolutely no urgency) as you set this up for other secrets - which namespace is the sealed-secrets-controller in? (I'm also running these commands locally - which I hope is ok - I'm a bit uncertain how exactly kubeseal on my machine knows which public key the controller is using for sealing this secret... so I'm wondering if this isn't actually the right way - but the docs are a bit vague) |
They talk about getting the public key from the cluster for encryption: https://github.com/bitnami-labs/sealed-secrets?tab=readme-ov-file#public-key--certificate - but don't we have different ones for each instance? |
Yeah the docs are confusing on that. For our k3s cluster, all you need to do is:
The |
Ah my |
Have you ever been able to access our k3s cluster? If not you need credentials which until now I think Chaoran has issued |
Cornelius also wrote up some stuff about it: https://github.com/loculus-project/loculus/blob/main/kubernetes/README.md#setting-up-kubeconfig-locally-to-access-the-remote-cluster |
…st-ncbi --from-literal=api-key=KEY --dry-run=client -o yaml > secret.yaml
I tried changing the secret.yaml but keep getting the same error:
|
Ah, sealed secrets only apply to stuff that happens on the cluster. I.e. they won't work for the E2E tests. Maybe put the secret in the preview specific yaml? (In the same directory as values.yaml) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice!
resolves #1844
preview URL: https://set-secret-ncbi.loculus.org/
Steps to seal
~/.kube/config
with our cluster credentialsecho -n KEY | base64
) - create secrets does this conversion for you-kubernetes/loculus/values_preview_server.yaml
.Screenshot
PR Checklist