From f512b47fb68859e090c07b0036f542603b1e86df Mon Sep 17 00:00:00 2001 From: Will Smith Date: Thu, 25 Apr 2024 10:23:58 -0700 Subject: [PATCH] Upmerge v0.32 to edge (#1119) * Update docs for v0.32.0 * Update environment logic (#1097) Signed-off-by: Aaron Crawfis * Superbeeny/adding podspec secrets (#1100) * Adding example on how to access secrets and add them to the container environment Signed-off-by: Nick Beenham <1985327+superbeeny@users.noreply.github.com> * Adding code tabs where the commands differ between linux/windows Signed-off-by: Nick Beenham <1985327+superbeeny@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Will <28876888+willtsai@users.noreply.github.com> Signed-off-by: Nick Beenham <1985327+superbeeny@users.noreply.github.com> * Updates requested from PR review Signed-off-by: Nick Beenham <1985327+superbeeny@users.noreply.github.com> * nit: add a new line for spacing aesthetics Signed-off-by: Will <28876888+willtsai@users.noreply.github.com> --------- Signed-off-by: Nick Beenham <1985327+superbeeny@users.noreply.github.com> Signed-off-by: Will <28876888+willtsai@users.noreply.github.com> Co-authored-by: Will <28876888+willtsai@users.noreply.github.com> * Make env configurable (#1102) Signed-off-by: Reshma Abdul Rahim Co-authored-by: Will <28876888+willtsai@users.noreply.github.com> * fix(bug): Update index.md (#1113) * fix(bug): Update index.md Fixed a bug in the cleanup script. The command `rad app delete demo -y` results in this output: `Application 'demo' does not exist or has already been deleted.` The command should be: `rad app delete -y` The output will be: `Application first-app deleted` Signed-off-by: Loek Duys * Update docs/content/getting-started/index.md Signed-off-by: Reshma Abdul Rahim <61033581+Reshrahim@users.noreply.github.com> --------- Signed-off-by: Loek Duys Signed-off-by: Reshma Abdul Rahim <61033581+Reshrahim@users.noreply.github.com> Co-authored-by: Reshma Abdul Rahim <61033581+Reshrahim@users.noreply.github.com> * Fix broken link in faq (#1112) * fix broken link in index.md Signed-off-by: Dan Moseley * Update index.md Signed-off-by: Dan Moseley * Update docs/content/concepts/faq/index.md Signed-off-by: Reshma Abdul Rahim <61033581+Reshrahim@users.noreply.github.com> --------- Signed-off-by: Dan Moseley Signed-off-by: Reshma Abdul Rahim <61033581+Reshrahim@users.noreply.github.com> Co-authored-by: Reshma Abdul Rahim <61033581+Reshrahim@users.noreply.github.com> * add Connections crosslinks to Existing app tutorial (#1103) * add Connections crosslinks to Existing app tutorial Signed-off-by: Will Tsai <28876888+willtsai@users.noreply.github.com> * add more crosslinks Signed-off-by: Will Tsai <28876888+willtsai@users.noreply.github.com> --------- Signed-off-by: Will Tsai <28876888+willtsai@users.noreply.github.com> --------- Signed-off-by: Aaron Crawfis Signed-off-by: Nick Beenham <1985327+superbeeny@users.noreply.github.com> Signed-off-by: Will <28876888+willtsai@users.noreply.github.com> Signed-off-by: Reshma Abdul Rahim Signed-off-by: Loek Duys Signed-off-by: Reshma Abdul Rahim <61033581+Reshrahim@users.noreply.github.com> Signed-off-by: Dan Moseley Signed-off-by: Will Tsai <28876888+willtsai@users.noreply.github.com> Co-authored-by: Radius CI Bot Co-authored-by: Aaron Crawfis Co-authored-by: Nick Beenham <1985327+superbeeny@users.noreply.github.com> Co-authored-by: Will <28876888+willtsai@users.noreply.github.com> Co-authored-by: Reshma Abdul Rahim <61033581+Reshrahim@users.noreply.github.com> Co-authored-by: Loek Duys Co-authored-by: Dan Moseley --- docs/content/concepts/faq/index.md | 2 +- docs/content/getting-started/index.md | 2 +- .../kubernetes/how-to-access-secrets/index.md | 149 ++++++++++++++++++ .../snippets/secrets-container.bicep | 26 +++ .../snippets/secrets-patch.bicep | 62 ++++++++ docs/content/tutorials/helm/index.md | 8 +- .../tutorials/tutorial-add-radius/index.md | 1 + 7 files changed, 247 insertions(+), 3 deletions(-) create mode 100644 docs/content/guides/author-apps/kubernetes/how-to-access-secrets/index.md create mode 100644 docs/content/guides/author-apps/kubernetes/how-to-access-secrets/snippets/secrets-container.bicep create mode 100644 docs/content/guides/author-apps/kubernetes/how-to-access-secrets/snippets/secrets-patch.bicep diff --git a/docs/content/concepts/faq/index.md b/docs/content/concepts/faq/index.md index 31e064f32..20d83a04a 100644 --- a/docs/content/concepts/faq/index.md +++ b/docs/content/concepts/faq/index.md @@ -14,7 +14,7 @@ Currently yes. Although Radius is architected to run on any platform, today Kube ### Can I incrementally adopt, or "try out" Radius? -Yes. The easiest way to add Radius to an existing application is through [Radius annotations](#TODO). Simply add the annotations to your existing Helm chart or Kubernetes YAML and you can use the Radius app graph, connections, and Recipes. [Try the tutorial](#TODO) to learn more. +Yes. The easiest way to add Radius to an existing application is through [Radius annotations]({{< ref "/tutorials/tutorial-add-radius#step-3-add-radius-to-the-guestbook-application" >}}). Simply add the annotations to your existing Helm chart or Kubernetes YAML and you can use the Radius app graph, connections, and Recipes. [Try the tutorial]({{< ref "/tutorials/tutorial-add-radius" >}}) to learn more. ### Do I have to self-host Radius? Is there a managed service for Radius? diff --git a/docs/content/getting-started/index.md b/docs/content/getting-started/index.md index 818b1c6d0..eacfdae70 100644 --- a/docs/content/getting-started/index.md +++ b/docs/content/getting-started/index.md @@ -190,7 +190,7 @@ Resources: To delete your app, run the [rad app delete]({{< ref rad_application_delete >}}) command to cleanup the app and its resources, including the Recipe resources: ```bash -rad app delete demo -y +rad app delete first-app -y ``` ## Next steps diff --git a/docs/content/guides/author-apps/kubernetes/how-to-access-secrets/index.md b/docs/content/guides/author-apps/kubernetes/how-to-access-secrets/index.md new file mode 100644 index 000000000..f23a86ad1 --- /dev/null +++ b/docs/content/guides/author-apps/kubernetes/how-to-access-secrets/index.md @@ -0,0 +1,149 @@ +--- +type: docs +title: "How-To: Access Kubernetes secrets using PodSpec" +linkTitle: "Secrets using PodSpec" +description: "Learn how to patch Kubernetes secrets into the container environment using PodSpec definitions" +weight: 300 +slug: 'secrets-podspec' +categories: "How-To" +tags: ["containers","Kubernetes", "secrets"] +--- + +This how-to guide will provide an overview of how to: + +- Patch existing Kubernetes secrets using [PodSpec](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#PodSpec) definitions and provide them to the environment of a container. + +## Prerequisites + +- [rad CLI]({{< ref getting-started >}}) +- [Radius initialized with `rad init`]({{< ref howto-environment >}}) +- [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) + +## Step 1: Define a container + +Begin by creating a file named `app.bicep` with a Radius [container]({{< ref "guides/author-apps/containers" >}}): + +{{< rad file="snippets/secrets-container.bicep" embed=true >}} + +## Step 2: Deploy the app and container + +Run this command to deploy the app and container: + +```bash +rad run ./app.bicep -a demo +``` + +Once the deployment completes successfully, you should see the following confirmation message along with some system logs: + +``` +Building app.bicep... +Deploying template 'app.bicep' for application 'demo' and environment 'dev' from workspace 'dev'... + +Deployment In Progress... + +.. demo Applications.Core/containers +Completed demo Applications.Core/applications + +Deployment Complete + +Resources: + demo Applications.Core/applications + demo Applications.Core/containers + +Starting log stream... + ++ demo-7d94db59f6-ps6cf › demo +demo-7d94db59f6-ps6cf demo No APPLICATIONINSIGHTS_CONNECTION_STRING found, skipping Azure Monitor setup +demo-7d94db59f6-ps6cf demo Using in-memory store: no connection string found +demo-7d94db59f6-ps6cf demo Server is running at http://localhost:3000 +dashboard-7f7db87c5-7d2jf dashboard [port-forward] connected from localhost:7007 -> ::7007 +demo-7d94db59f6-ps6cf demo [port-forward] connected from localhost:3000 -> ::3000 +``` + +Verify the pod is running: + +```bash +kubectl get pods -n dev-demo +``` +You should see the following output in your console: +``` +NAME READY STATUS RESTARTS AGE +demo-7d94db59f6-k7dfb 1/1 Running 0 62s +``` + +## Step 3: Create a secret + +Create a secret in your Kubernetes cluster using the following command: + +```bash +kubectl create secret generic my-secret --from-literal=secret-key=secret-value -n dev-demo +``` + +Verify the secret is created: + +```bash +kubectl get secrets -n dev-demo +``` + +## Step 4: Patch the secret + +Patch the secret into the container by adding the following `runtimes` block to the `container` resource in your `app.bicep` file: + +{{< rad file="snippets/secrets-patch.bicep" embed=true markdownConfig="{linenos=table,hl_lines=[\"25-60\"]}" >}} + +## Step 5: Redeploy the app and container + +Redeploy and run your app: + +```bash +rad app deploy demo +``` + +Once the deployment completes successfully, you should see the environment variable in the container. + +To validate this, first get the pod name: + +```bash +kubectl get pods -n dev-demo +``` + +You should see the following output in your console, with the pod name: +``` +NAME READY STATUS RESTARTS AGE +demo-d64cc4d6d-xjnjz 1/1 Running 0 62s +``` + +Then, exec into the pod and check the environment variable (substitute the pod name with the one you got from the previous command): + +{{< tabs "macOS/Linux/WSL" "Windows" >}} + +{{% codetab %}} + +```bash +kubectl -n dev-demo exec demo-d64cc4d6d-xjnjz -- env | grep MY_SECRET +``` + +{{% /codetab %}} + +{{% codetab %}} + +```powershell +kubectl -n dev-demo exec demo-d64cc4d6d-xjnjz -- env | findstr MY_SECRET +``` + +{{% /codetab %}} + +{{< /tabs >}} + +## Cleanup + +Run the following command to [delete]({{< ref "guides/deploy-apps/howto-delete" >}}) your app and container: + +```bash +rad app delete demo +``` + +## Further reading + +- [Kubernetes in Radius containers]({{< ref "guides/author-apps/containers/overview#kubernetes" >}}) +- [PodSpec in Radius containers]({{< ref "reference/resource-schema/core-schema/container-schema#runtimes" >}}) \ No newline at end of file diff --git a/docs/content/guides/author-apps/kubernetes/how-to-access-secrets/snippets/secrets-container.bicep b/docs/content/guides/author-apps/kubernetes/how-to-access-secrets/snippets/secrets-container.bicep new file mode 100644 index 000000000..cf50f3d4b --- /dev/null +++ b/docs/content/guides/author-apps/kubernetes/how-to-access-secrets/snippets/secrets-container.bicep @@ -0,0 +1,26 @@ +import radius as radius + +@description('Specifies the environment for resources.') +param environment string + +resource app 'Applications.Core/applications@2023-10-01-preview' = { + name: 'demo' + properties: { + environment: environment + } +} + +resource demo 'Applications.Core/containers@2023-10-01-preview' = { + name: 'demo' + properties: { + application: app.id + container: { + image: 'ghcr.io/radius-project/samples/demo:latest' + ports: { + web: { + containerPort: 3000 + } + } + } + } +} diff --git a/docs/content/guides/author-apps/kubernetes/how-to-access-secrets/snippets/secrets-patch.bicep b/docs/content/guides/author-apps/kubernetes/how-to-access-secrets/snippets/secrets-patch.bicep new file mode 100644 index 000000000..f832dcfca --- /dev/null +++ b/docs/content/guides/author-apps/kubernetes/how-to-access-secrets/snippets/secrets-patch.bicep @@ -0,0 +1,62 @@ +import radius as radius + +@description('Specifies the environment for resources.') +param environment string + +resource app 'Applications.Core/applications@2023-10-01-preview' = { + name: 'demo' + properties: { + environment: environment + } +} + +resource demo 'Applications.Core/containers@2023-10-01-preview' = { + name: 'demo' + properties: { + application: app.id + container: { + image: 'ghcr.io/radius-project/samples/demo:latest' + ports: { + web: { + containerPort: 3000 + } + } + } + runtimes: { + kubernetes: { + pod: { + volumes: [ { + name: 'secrets-vol' + secret: { + secretName: 'my-secret' + } + } + ] + containers: [ + { + name: 'demo' + volumeMounts: [ { + name: 'secrets-vol' + readOnly: true + mountPath: '/etc/secrets-vol' + } + ] + env: [ + { + name: 'MY_SECRET' + valueFrom: { + secretKeyRef: { + name: 'my-secret' + key: 'secret-key' + } + } + } + ] + } + ] + hostNetwork: true + } + } + } + } +} diff --git a/docs/content/tutorials/helm/index.md b/docs/content/tutorials/helm/index.md index cf6bf170d..69dae21ec 100644 --- a/docs/content/tutorials/helm/index.md +++ b/docs/content/tutorials/helm/index.md @@ -192,11 +192,12 @@ From here you will go through a series of steps to incrementally add more Radius # Add the following two lines annotations: radapp.io/enabled: 'true' + radapp.io/environment: '{{ .Values.environment }}' spec: ... ``` - Adding the `radapp.io/enabled: 'true'` annotation enables Radius for the deployment. + Adding the `radapp.io/enabled: 'true'` annotation enables Radius for the deployment. The `radapp.io/environment` annotation is optional and is used to set the environment for the application. If not specified, Radius will use the default environment. 1. Save the file after you have made the edits and deploy the application again using Helm. Since the namespace and secret have already been created, we only need to run the `helm` command. @@ -246,6 +247,7 @@ From here you will go through a series of steps to incrementally add more Radius ```bash rad app graph -a demo -g default-demo ``` + where `-a demo` specifies the application name and `-g default-demo` specifies the resource group name. [Resource groups]({{< ref "guides/operations/groups/overview" >}}) are a way to organize resources in Radius. The output should look like this: @@ -311,6 +313,7 @@ In this step you will: name: db namespace: {{ .Release.Namespace }} spec: + environment: '{{ .Values.environment }}' type: Applications.Datastores/redisCaches secretName: redis-secret ``` @@ -462,6 +465,7 @@ Make sure the `app.yaml` file from `./demo/Chart/templates/app.yaml` is open in namespace: {{ .Release.Namespace }} annotations: radapp.io/enabled: 'true' + radapp.io/environment: '{{ .Values.environment }}' radapp.io/connection-redis: 'db' spec: ... @@ -488,6 +492,7 @@ Make sure the `app.yaml` file from `./demo/Chart/templates/app.yaml` is open in namespace: {{ .Release.Namespace }} annotations: radapp.io/enabled: 'true' + radapp.io/environment: '{{ .Values.environment }}' radapp.io/connection-redis: 'db' spec: selector: @@ -510,6 +515,7 @@ Make sure the `app.yaml` file from `./demo/Chart/templates/app.yaml` is open in name: db namespace: {{ .Release.Namespace }} spec: + environment: '{{ .Values.environment }}' type: Applications.Datastores/redisCaches ``` diff --git a/docs/content/tutorials/tutorial-add-radius/index.md b/docs/content/tutorials/tutorial-add-radius/index.md index 6f5a3bd12..7c8a09f0c 100644 --- a/docs/content/tutorials/tutorial-add-radius/index.md +++ b/docs/content/tutorials/tutorial-add-radius/index.md @@ -321,4 +321,5 @@ This output shows that Radius has detected the three container resources in the - To learn more about authoring Radius applications, visit the [Authoring applications guide]({{< ref "guides/author-apps" >}}) - To learn more about deploying applications using Radius, visit the [Deploying applications guide]({{< ref "guides/deploy-apps" >}}) +- To learn more about using the [Radius Connections]({{< ref "guides/author-apps/containers/overview#connections" >}}) annotations to connect your containers and resources, visit the [Radius Helm tutorial]({{< ref "tutorials/helm#step-6-add-connection" >}}) - To learn more about Radius Recipes, visit the [Recipes guide]({{< ref "guides/recipes" >}})