Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docs: add demo for workload secrets #1045

Merged
merged 3 commits into from
Dec 17, 2024
Merged

docs: add demo for workload secrets #1045

merged 3 commits into from
Dec 17, 2024

Conversation

davidweisse
Copy link
Contributor

This adds a demo application running a MySQL server with an encrypted volume mount, similar to the volume-tester. For this, the cryptsetup init container uses the workload secret to set up a LUKS partition that is mounted to /var/lib/mysql. The demo is also provided as a release artifact as mysql-demo.yml.

@davidweisse davidweisse added the documentation Improvements for user docs label Dec 2, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Dec 2, 2024
edited
Loading

PR Preview Action v1.4.8
Preview removed because the pull request was closed.
2024-12-17 10:41 UTC

burgerdev
burgerdev reviewed Dec 2, 2024
View reviewed changes
Copy link
Contributor

@burgerdev burgerdev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great!

docs/docs/examples/mysql.md Outdated Show resolved Hide resolved
docs/docs/examples/mysql.md Outdated Show resolved Hide resolved
docs/docs/examples/mysql.md Outdated Show resolved Hide resolved
docs/docs/examples/mysql.md Outdated Show resolved Hide resolved
docs/docs/examples/mysql.md Show resolved Hide resolved
docs/docs/examples/mysql.md Show resolved Hide resolved
internal/kuberesource/sets.go Outdated Show resolved Hide resolved
internal/kuberesource/sets.go Outdated Show resolved Hide resolved
internal/kuberesource/sets.go Outdated Show resolved Hide resolved
internal/kuberesource/sets.go Outdated Show resolved Hide resolved
burgerdev
burgerdev reviewed Dec 4, 2024
View reviewed changes
internal/kuberesource/sets.go Outdated Show resolved Hide resolved
internal/kuberesource/sets.go Outdated Show resolved Hide resolved
internal/kuberesource/sets.go Outdated Show resolved Hide resolved
@davidweisse davidweisse force-pushed the dav/workload-secrets-demo branch 3 times, most recently from bc385a2 to 40c593a Compare December 10, 2024 15:58
burgerdev
burgerdev reviewed Dec 10, 2024
View reviewed changes
Copy link
Contributor

@burgerdev burgerdev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall LGTM, but we need to deal with the password before merging.

docs/docs/examples/mysql.md Show resolved Hide resolved
docs/docs/examples/mysql.md Outdated Show resolved Hide resolved
docs/docs/examples/mysql.md Outdated Show resolved Hide resolved
docs/docs/examples/mysql.md Outdated Show resolved Hide resolved
docs/docs/examples/mysql.md Outdated Show resolved Hide resolved
docs/docs/examples/mysql.md Outdated Show resolved Hide resolved
internal/kuberesource/parts.go Show resolved Hide resolved
@m1ghtym0
Copy link
Member

Awesome!
I like the idea of having more examples like this in the mid-term future.
One thought: Should we label them so that they are easier to "find" or people know immediately what they are looking at?

  • Instead of "Confidential emoji voting" -> "Simple demo app"
  • Instead of "Encrypted volume mount" -> "MySQL"

We then might want to have a dedicated "Tasks" section in the docs that goes more in-depth with certain operations such as "Mount encrypted volumes, "recover the coordinator", ...
We have these things hidden in the architecture and components section to some extend.

Let me know what you think:-)

@burgerdev
Copy link
Contributor

We could also consider the https://diataxis.fr/ approach for structuring. I'd defer this discussion for the PR here, though.

@katexochen katexochen added this to the v1.2.0 milestone Dec 13, 2024
@davidweisse davidweisse force-pushed the dav/workload-secrets-demo branch from 40c593a to 73fcc13 Compare December 16, 2024 14:45
burgerdev
burgerdev approved these changes Dec 16, 2024
View reviewed changes
Copy link
Contributor

@burgerdev burgerdev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm, only few nits

docs/docs/examples/mysql.md Outdated Show resolved Hide resolved
docs/docs/examples/mysql.md Outdated Show resolved Hide resolved
@davidweisse davidweisse force-pushed the dav/workload-secrets-demo branch from 73fcc13 to c22e55e Compare December 17, 2024 10:22
@davidweisse davidweisse merged commit b31716c into main Dec 17, 2024
11 checks passed
@davidweisse davidweisse deleted the dav/workload-secrets-demo branch December 17, 2024 10:40
@3u13r 3u13r mentioned this pull request Dec 18, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@burgerdev burgerdev burgerdev approved these changes

@3u13r 3u13r Awaiting requested review from 3u13r

Assignees
No one assigned
Labels
documentation Improvements for user docs
Projects
None yet
Milestone
v1.2.0
Development

Successfully merging this pull request may close these issues.
5 participants
@davidweisse @m1ghtym0 @burgerdev @3u13r @katexochen