Bug 1718412 - TemplateInstance object not taking into account values passed in through secret
Summary: TemplateInstance object not taking into account values passed in through secret
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Templates
Version: 4.2.0
Hardware: Unspecified
OS: Linux
unspecified
high
Target Milestone: ---
: 4.2.0
Assignee: Gabe Montero
QA Contact: XiuJuan Wang
URL:
Whiteboard:
Depends On: 1713982 1719044
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-06-07 16:55 UTC by Gabe Montero
Modified: 2019-12-23 06:11 UTC (History)
16 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1713982
Environment:
Last Closed: 2019-10-16 06:31:35 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2019:2922 None None None 2019-10-16 06:31:52 UTC

Comment 1 Gabe Montero 2019-06-07 17:16:24 UTC
PR https://github.com/openshift/origin/pull/23047 is up for 4.2/master branch

Comment 2 Gabe Montero 2019-06-10 21:18:46 UTC
PR has merged

Comment 3 XiuJuan Wang 2019-06-17 07:28:16 UTC
$oc  get clusterversion 
NAME      VERSION   AVAILABLE   PROGRESSING   SINCE   STATUS
version             False       True          3h47m   4.2.0-0.ci-2019-06-16-194145

The value of secret secrettest still don't get took.

$ oc get templateinstance secrettest -o yaml 
apiVersion: template.openshift.io/v1
kind: TemplateInstance
metadata:
  creationTimestamp: "2019-06-17T07:21:36Z"
  finalizers:
  - template.openshift.io/finalizer
  name: secrettest
  namespace: mycloudpoc
  resourceVersion: "55206"
  selfLink: /apis/template.openshift.io/v1/namespaces/mycloudpoc/templateinstances/secrettest
  uid: 8a8ca906-90d0-11e9-b8a6-0a580a800028
spec:
  requester:
    groups:
    - system:serviceaccounts
    - system:serviceaccounts:mycloudpoc
    - system:authenticated
    username: system:serviceaccount:mycloudpoc:mycloudadmin
  secret:
    name: secrettest
  template:
    metadata:
      annotations:
        description: Openshift Project delivered via Hybrid Cloud
      creationTimestamp: "2019-06-17T07:20:58Z"
      name: odenprojcreation
      namespace: mycloudpoc
      resourceVersion: "55042"
      selfLink: /apis/template.openshift.io/v1/namespaces/mycloudpoc/templates/odenprojcreation
      uid: 7445c4de-90d0-11e9-b7ca-0a580a810026
    objects:
    - apiVersion: v1
      kind: Project
      metadata:
        annotations:
          openshift.io/description: Openshift Project delivered via Hybrid Cloud
          openshift.io/display-name: ${PROJECT_NAME}
          openshift.io/node-selector: sla${SLA}=true
        creationTimestamp: null
        labels:
          apmid: ${APMID}
          assignmentcode: ${CODE}
          crq: ${CRQ}
          deliverymanager: ${DM}
          requester: ${REQUESTER}
          ritm: ${RITM}
          serviceruntimemanager: ${SRM}
          sla: ${SLA}
          sz: ${SZ}
          technicalcontact: ${PROJECT_ADMIN_USER}
        name: ${PROJECT_NAME}
      spec: {}
      status: {}
    - apiVersion: v1
      kind: ResourceQuota
      metadata:
        name: compute-resources
        namespace: ${PROJECT_NAME}
      spec:
        hard:
          limits.memory: ${MEM}
          requests.cpu: ${CPU}
    - apiVersion: v1
      kind: ResourceQuota
      metadata:
        name: platform-resources
        namespace: ${PROJECT_NAME}
      spec:
        hard:
          persistentvolumeclaims: 10
          pods: 30
          requests.storage: 500Gi
    - apiVersion: v1
      kind: LimitRange
      metadata:
        creationTimestamp: null
        name: compute-limits
        namespace: ${PROJECT_NAME}
      spec:
        limits:
        - max:
            cpu: 2
            memory: 16Gi
          min:
            cpu: 7m
            memory: 100Mi
          type: Pod
        - default:
            cpu: 500m
            memory: 256Mi
          defaultRequest:
            cpu: 50m
            memory: 128Mi
          max:
            cpu: 2
            memory: 16Gi
          min:
            cpu: 7m
            memory: 100Mi
          type: Container
    - apiVersion: v1
      groupNames: []
      kind: RoleBinding
      metadata:
        creationTimestamp: null
        name: admins
        namespace: ${PROJECT_NAME}
      roleRef:
        name: admin
      subjects:
      - kind: User
        name: ${PROJECT_ADMIN_USER}
      userNames:
      - ${PROJECT_ADMIN_USER}
      - ${REQUESTER}
    - apiVersion: v1
      groupNames:
      - system:serviceaccounts:${PROJECT_NAME}
      kind: RoleBinding
      metadata:
        creationTimestamp: null
        name: system:image-pullers
        namespace: ${PROJECT_NAME}
      roleRef:
        name: system:image-puller
      subjects:
      - kind: SystemGroup
        name: system:serviceaccounts:${PROJECT_NAME}
      userNames: []
    - apiVersion: v1
      groupNames: []
      kind: RoleBinding
      metadata:
        creationTimestamp: null
        name: system:image-builders
        namespace: ${PROJECT_NAME}
      roleRef:
        name: system:image-builder
      subjects:
      - kind: ServiceAccount
        name: builder
      userNames:
      - system:serviceaccount:${PROJECT_NAME}:builder
    - apiVersion: v1
      groupNames: []
      kind: RoleBinding
      metadata:
        creationTimestamp: null
        name: system:deployers
        namespace: ${PROJECT_NAME}
      roleRef:
        name: system:deployer
      subjects:
      - kind: ServiceAccount
        name: deployer
      userNames:
      - system:serviceaccount:${PROJECT_NAME}:deployer
    parameters:
    - name: PROJECT_NAME
    - name: PROJECT_ADMIN_USER
    - name: DM
    - name: SRM
    - name: RITM
      value: nill
    - name: CRQ
      value: nill
    - name: CODE
      value: nill
    - name: APMID
      value: nill
    - name: REQUESTER
    - name: MEM
      value: 0Mi
    - name: CPU
      value: 0m
    - name: SZ
      value: volvoci
    - name: SLA
      value: standard
status:
  conditions:
  - lastTransitionTime: "2019-06-17T07:21:36Z"
    message: ""
    reason: Created
    status: "True"
    type: Ready
  objects:
  - ref:
      apiVersion: project.openshift.io/v1
      kind: Project
      name: openshift-proj011
      uid: 8ac5f74c-90d0-11e9-84df-06ec4392e7f4
  - ref:
      apiVersion: v1
      kind: ResourceQuota
      name: compute-resources
      namespace: openshift-proj011
      uid: 8ac7fcf4-90d0-11e9-84df-06ec4392e7f4
  - ref:
      apiVersion: v1
      kind: ResourceQuota
      name: platform-resources
      namespace: openshift-proj011
      uid: 8ac98010-90d0-11e9-84df-06ec4392e7f4
  - ref:
      apiVersion: v1
      kind: LimitRange
      name: compute-limits
      namespace: openshift-proj011
      uid: 8acbdf6c-90d0-11e9-84df-06ec4392e7f4
  - ref:
      apiVersion: authorization.openshift.io/v1
      kind: RoleBinding
      name: admins
      namespace: openshift-proj011
      uid: 8acedb92-90d0-11e9-84df-06ec4392e7f4
  - ref:
      apiVersion: authorization.openshift.io/v1
      kind: RoleBinding
      name: system:image-pullers
      namespace: openshift-proj011
      uid: 8ad4b162-90d0-11e9-84df-06ec4392e7f4
  - ref:
      apiVersion: authorization.openshift.io/v1
      kind: RoleBinding
      name: system:image-builders
      namespace: openshift-proj011
      uid: 8ad8bce7-90d0-11e9-84df-06ec4392e7f4
  - ref:
      apiVersion: authorization.openshift.io/v1
      kind: RoleBinding
      name: system:deployers
      namespace: openshift-proj011
      uid: 8adc1fc9-90d0-11e9-84df-06ec4392e7f4

Comment 4 Gabe Montero 2019-06-17 18:25:41 UTC
@XiuJuan the secret values do not appear in the templateinstance yaml

They show up in the object created by the template ... you need to

a) take the name/value pairs defined in the secret, such as 

  "stringData": {
      "APMID": "OS",
      "CODE": "VY02RJ",
      "CPU": "2",
      "CRQ": "SRTest013",
      "DM": "vishwa",
      "MEM": "4Gi",
      "PROJECT_ADMIN_USER": "tin2933",
      "PROJECT_NAME": "openshift-proj011",
      "REQUESTER": "tin2933",
      "RITM": "openritm013",
      "SLA": "basic",
      "SRM": "vishwa",
      "SZ": "VolvoCI"
  }

b) map those keys to template parameters .... take for example "CRQ"

c) then display the yaml for those objects, for example when I 'oc get project openshift-proj011 -o yaml"

I see this label:

    crq: SRTest013


That came from the "CRQ": "SRTest013" in the secret.

Give it another go please.

Comment 8 errata-xmlrpc 2019-10-16 06:31:35 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:2922


Note You need to log in before you can comment on or make changes to this bug.