Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docs: expand documentation for secrets #3605

Merged
merged 12 commits into from
May 16, 2024
Merged

docs: expand documentation for secrets #3605

merged 12 commits into from
May 16, 2024
+161 −1

Conversation

lorenzo-cavazzi
Copy link
Member

@lorenzo-cavazzi lorenzo-cavazzi commented Apr 30, 2024
edited
Loading

Documentation for the new "User secrets"

@lorenzo-cavazzi lorenzo-cavazzi force-pushed the build/secrets-in-sessions-docs branch from dc024b5 to ed4af79 Compare April 30, 2024 15:47
@Panaetius Panaetius temporarily deployed to ci-renku-3605 May 2, 2024 07:58 — with GitHub Actions Inactive
@Panaetius Panaetius force-pushed the build/secrets-in-sessions-docs branch from c311ab4 to fd8320e Compare May 2, 2024 08:03
@Panaetius Panaetius temporarily deployed to ci-renku-3605 May 2, 2024 08:03 — with GitHub Actions Inactive
@Panaetius Panaetius force-pushed the build/secrets-in-sessions-docs branch from fd8320e to db42709 Compare May 2, 2024 08:11
@Panaetius Panaetius temporarily deployed to ci-renku-3605 May 2, 2024 08:11 — with GitHub Actions Inactive
@Panaetius Panaetius temporarily deployed to ci-renku-3605 May 2, 2024 08:17 — with GitHub Actions Inactive
@Panaetius Panaetius force-pushed the build/secrets-in-sessions branch 4 times, most recently from df36d29 to db3d3c2 Compare May 7, 2024 18:17
@Panaetius Panaetius temporarily deployed to ci-renku-3605 May 8, 2024 09:28 — with GitHub Actions Inactive
Base automatically changed from build/secrets-in-sessions to release-0.52.x May 10, 2024 09:04
@lorenzo-cavazzi lorenzo-cavazzi force-pushed the build/secrets-in-sessions-docs branch from 17e9e79 to 8f6ed84 Compare May 14, 2024 09:49
lokijuhy
lokijuhy requested changes May 14, 2024
View reviewed changes
Copy link
Member

@lokijuhy lokijuhy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good! Just a few minor suggestions

docs/topic-guides/secrets/secrets.rst Outdated Show resolved Hide resolved
docs/topic-guides/secrets/secrets.rst Outdated Show resolved Hide resolved
docs/topic-guides/secrets/secrets.rst Outdated Show resolved Hide resolved
docs/topic-guides/secrets/secrets.rst Outdated Show resolved Hide resolved
docs/topic-guides/secrets/secrets.rst Outdated Show resolved Hide resolved
@lorenzo-cavazzi lorenzo-cavazzi marked this pull request as ready for review May 14, 2024 16:39
@lorenzo-cavazzi lorenzo-cavazzi requested a review from a team as a code owner May 14, 2024 16:39
rokroskar
rokroskar requested changes May 15, 2024
View reviewed changes
Copy link
Member

@rokroskar rokroskar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Really nice docs, thanks for writing this up! Just a few minor comments and suggestions

docs/topic-guides/secrets/secrets.rst Outdated Show resolved Hide resolved
docs/topic-guides/secrets/secrets.rst Outdated Show resolved Hide resolved
docs/topic-guides/secrets/secrets.rst Outdated Show resolved Hide resolved
docs/topic-guides/secrets/secrets.rst Outdated Show resolved Hide resolved
docs/topic-guides/secrets/secrets.rst Show resolved Hide resolved
sgaist
sgaist suggested changes May 15, 2024
View reviewed changes
Copy link
Contributor

@sgaist sgaist left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall it looks nice.

The encryption / decryption gif is excellent !

docs/spelling_wordlist.txt Outdated Show resolved Hide resolved
docs/topic-guides/secrets/secrets.rst Outdated Show resolved Hide resolved
docs/topic-guides/secrets/secrets.rst Outdated Show resolved Hide resolved
docs/topic-guides/secrets/secrets.rst Outdated Show resolved Hide resolved
docs/topic-guides/secrets/secrets.rst
On session start, an init container reads the mounted secrets, and uses the
``user key`` to undo the inner encryption. It then creates files inside the
session with the decrypted secret values.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

May I nitpick a bit ?
The Kubernetes secret is in fact only mounted in the init container that will decrypt its content. The session (if we are talking about the main container) will only see the volume containing the decrypted secrets.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll let @Panaetius answer this technical aspect 😁

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've changed the description a bit (I think this comment meant to address the previous paragraph, not this one)

@lorenzo-cavazzi lorenzo-cavazzi requested a review from a team as a code owner May 15, 2024 12:14
@lorenzo-cavazzi
Copy link
Member Author

@sgaist @rokroskar @lokijuhy Thank you for reading through this 🙏
I incorporated all your suggestions; please feel free to comment further should you find anything else.

@lokijuhy I added changes to the release notes here c187e4a . Mind that the link won't work until we publish the release since it's a new page.

@lorenzo-cavazzi lorenzo-cavazzi mentioned this pull request May 15, 2024
Merged
lokijuhy
lokijuhy approved these changes May 16, 2024
View reviewed changes
Copy link
Member

@lokijuhy lokijuhy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎉

@lorenzo-cavazzi lorenzo-cavazzi requested a review from rokroskar May 16, 2024 14:42
@lorenzo-cavazzi lorenzo-cavazzi merged commit d4e2cc3 into release-0.52.x May 16, 2024
16 checks passed
@lorenzo-cavazzi lorenzo-cavazzi deleted the build/secrets-in-sessions-docs branch May 16, 2024 14:44
lokijuhy pushed a commit that referenced this pull request May 27, 2024
@lorenzo-cavazzi @Panaetius @lokijuhy
docs: expand documentation for secrets (#3605)
7fdae22 
Co-authored-by: Ralf Grubenmann <[email protected]>
Co-authored-by: Ralf Grubenmann <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Panaetius Panaetius Panaetius left review comments

@sgaist sgaist sgaist requested changes

@lokijuhy lokijuhy lokijuhy approved these changes

@rokroskar rokroskar rokroskar approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@lorenzo-cavazzi @Panaetius @sgaist @rokroskar @lokijuhy