Skip to content

feat(config): add UseConfigAsSecret #2996

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 10 commits into
base: main
Choose a base branch
from
Open

feat(config): add UseConfigAsSecret #2996

wants to merge 10 commits into from

Conversation

@Ravio1i
Copy link

@Ravio1i Ravio1i commented Jul 16, 2025

/kind feature

What does this pull request do? Which issues does it resolve? (use resolves #<issue_number> if possible)
resolves #2622

This PR adds support for storing vCluster configuration in a ConfigMap instead of a Secret, providing better transparency and easier debugging capabilities.

Key Changes:

  • Added useConfigAsSecret configuration option (defaults to false for ConfigMap storage)
  • Created new Helm template config-configmap.yaml for ConfigMap-based storage
  • Updated StatefulSet template to conditionally use ConfigMap or Secret based on configuration
  • Enhanced CLI tools (create, describe) to automatically detect and work with both storage types
  • Added comprehensive helper utilities in pkg/util/confighelper for unified config retrieval
  • Updated Go struct ControlPlaneAdvanced to include UseConfigAsSecret field
  • Added extensive test coverage for both ConfigMap and Secret scenarios

Please provide a short message that should be published in the vcluster release notes
Fixed an issue where vcluster ...

Added support for storing vCluster configuration in ConfigMaps instead of Secrets, improving configuration transparency and debugging capabilities

What else do we need to know?

  • Default Behavior: New vClusters will use ConfigMaps by default (useConfigAsSecret: false) We can change that to whatever we want

Testing

This feature was thoroughly tested using a local idpbuilder setup:

  1. Built vcluster binary with the new ConfigMap functionality

  2. Built vclusterctl binary

  3. Created Docker image and pushed to local idpbuilder registry (gitea.cnoe.localtest.me:8443)

  4. Deployed using built vclusterctl with a config containing

      controlPlane:
    advanced:
      useConfigAsSecret: false
    helm package ./chart -d .tmp-chart
cd .tmp-chart
helm repo index . --url http://localhost:8080
python3 -m http.server 8080

./vclusterctl create test-vcluster \
   --chart-repo http://localhost:8080 \
   --chart-version $(helm show chart ../chart | grep version | awk '{print $2}') \
 -f _vcluster-config.yml

  5. Confirmed that configuration is properly stored in plaintext ConfigMap
Ravio1i added 10 commits July 16, 2025 15:30
@Ravio1i
feat(config): add UseConfigAsSecret
eef41f0
@Ravio1i
fix(chart): add support for using ConfigMap instead of Secret for vCl…
4533259 
…uster configuration
@Ravio1i
refactor(charts): useConfigAsSecret
56f262c
@Ravio1i
refactor(config): vCluster configuration handling for Secret and Conf…
59110a1 
…igMap to confighelper
@Ravio1i
fix(schema): rename useConfigMap to useConfigAsSecret for clarity
7288c1a
@Ravio1i
test(config): add flag to use ConfigMap for vCluster configuration
4f1d81c
@Ravio1i
refactor(config): streamline vCluster configuration retrieval by repl…
c126514 
…acing secret access with config helper
@Ravio1i
fix(helm): update vCluster config retrieval to support ConfigMap in a…
cf3aca7 
…ddition to Secret
@Ravio1i
fix(cart): update test descriptions and conditions for useConfigAsSec…
d9cd1cf 
…ret flag
@Ravio1i
fix(config): rename unmarshalConfig to UnmarshalConfig and improve co…
ee959d0 
…nfig retrieval logic
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

1 participant

@Ravio1i