Expected behaviour
S3 bucket resource needs to store connection details such as region and endpoint to k8s secret , similar to IAM resource example.
Actual behaviour
When a resource is created, it creates a blank k8s secret with no data propagated.
Steps to reproduce
Installation
check latest version from releases
# provider.yaml
apiVersion: pkg.crossplane.io/v1alpha1
kind: ControllerConfig
metadata:
name: vault
spec:
podSecurityContext:
fsGroup: 2000
args:
- --enable-external-secret-stores
- --debug
metadata:
annotations:
vault.hashicorp.com/agent-inject: "true"
vault.hashicorp.com/agent-inject-token: "true"
vault.hashicorp.com/role: crossplane
vault.hashicorp.com/agent-run-as-user: "2000"
---
apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
name: crossplane-provider-jet-aws
spec:
package: crossplane/provider-jet-aws:v0.5.0
controllerConfigRef:
name: vault
# providerconfig.yaml
apiVersion: aws.jet.crossplane.io/v1alpha1
kind: ProviderConfig
metadata:
name: default
spec:
credentials:
source: Secret
secretRef:
namespace: crossplane-system
name: aws-creds
key: creds
kubectl apply -f provider.yaml
kubectl apply -f providerconfig.yaml
# verify it's healthy
kubectl describe providers.pkg.crossplane.io crossplane-provider-jet-aws
configuration
# store aws access and secret keys in creds.conf file
AWS_PROFILE=default && echo -e "[default]\naws_access_key_id = $(aws configure get aws_access_key_id --profile $AWS_PROFILE)\naws_secret_access_key = $(aws configure get aws_secret_access_key --profile $AWS_PROFILE)" > creds.conf
#create a provider secret
kubectl create secret generic aws-creds -n crossplane-system --from-file=creds=./creds.conf
# apply provider config to use that secret
kubectl apply -f providerconfig.yaml
Simple s3 bucket creation: Tried to run the s3 example given by provider-jet-aws
apiVersion: s3.aws.jet.crossplane.io/v1alpha2
kind: Bucket
metadata:
name: sample-bucket-by-asa
annotations:
# This will be the actual bucket name. It must be globally unique, so you
# probably want to change it before trying to apply this example.
crossplane.io/external-name: crossplane-example-bucket-by-asa
spec:
forProvider:
region: us-west-1
acl: private
tags:
Name: SampleBucket
writeConnectionSecretToRef:
name: s3connectiondetails
namespace: crossplane-system
This creates a blank secret with no data such as region and endpoint, whereas in iam accesskey example, accesskeys are propagated in the secret.
Conclusion/ Observation -
Implementation for secret propagation seems missing for s3 bucket.
Expected behaviour
S3 bucket resource needs to store connection details such as region and endpoint to k8s secret , similar to IAM resource example.
Actual behaviour
When a resource is created, it creates a blank k8s secret with no data propagated.
Steps to reproduce
Installation
check latest version from releases
configuration
Simple s3 bucket creation: Tried to run the s3 example given by provider-jet-aws
This creates a blank secret with no data such as region and endpoint, whereas in iam accesskey example, accesskeys are propagated in the secret.
Conclusion/ Observation -
Implementation for secret propagation seems missing for s3 bucket.