replicatedhq
'kots pull' doesn't preserve valuePlaintext
The admin console workflow to update files says to
- kots download
- make changes
- kots upload
However it's not clear where to make changes.
- If I make them in
base, then dokots upload, those are reflected in the diff and applied. However if I then make config changes in the console, my changes get overwritten. - If I make them in
upstream, then dokots upload, the changes don't appear in the diff until I also make some sort of config change in the console.
The best solution I found was to do kots download --decrypt-password-values, make changes in upstream, and run kots pull <slug> --local-path <slug>/upstream --rootdir newdir --exclude-admin-console --license-file <slug>/upstream/userdata/license.yaml --downstream this-cluster. I could then upload newdir/<slug> (or say --rootdir . and update in-place) but the password values from config that show up in base have been changed in a way I don't trust.
That kots pull invocation isn't easy to figure out, and it doesn't appear to treat valuePlaintext correctly.
Thanks @MikaelSmith ! I know doing the pull using --local-path is experimental right now, but the workflow you're using should be working, I'd be curious if @marccampbell has any more thoughts on the password values changes.
Just to clarify -- this is for developing your app against kotsadm right, not about adding last-mile kustomize changes to a production application, right?
Ah yes, this is primarily about developing an application and testing out configuration/templating. So my work-around isn't terrible, but kots pull seems like it should work with valuePlaintext.
P.S. https://kots.io/kotsadm/updating/patching-with-kustomize/ would be a useful link to have in the Admin Console talking about Edit any of your files in your favorite IDE..
An additional note: doing kots pull also rewrites the userdata/config.yaml with encrypted values, removing the valuePlaintext.
The admin console workflow to update files says to
- kots download
- make changes
- kots upload
However it's not clear where to make changes.
- If I make them in
base, then dokots upload, those are reflected in the diff and applied. However if I then make config changes in the console, my changes get overwritten.- If I make them in
upstream, then dokots upload, the changes don't appear in the diff until I also make some sort of config change in the console.The best solution I found was to do
kots download --decrypt-password-values, make changes inupstream, and runkots pull <slug> --local-path <slug>/upstream --rootdir newdir --exclude-admin-console --license-file <slug>/upstream/userdata/license.yaml --downstream this-cluster. I could then uploadnewdir/<slug>(or say--rootdir .and update in-place) but the password values from config that show up inbasehave been changed in a way I don't trust.That
kots pullinvocation isn't easy to figure out, and it doesn't appear to treatvaluePlaintextcorrectly.
Is this issue fixed? I am still getting the same when editing "cd4pe/upstream/userdata/config.yaml" file & uploading using "kubectl kots upload --namespace default --slug cd4pe ./cd4pe". No changes in cd4pe apps.
We've primarily moved to relying on the KOTS Admin Console service to handle pulls, so we only modify "upstream". I modify <app>/upstream/userdata/config.yaml regularly to make changes. Always set/edit value (not default), and make sure there aren't duplicate entries.
Recent versions of KOTS also include kubectl kots set config <key>=<value>, which should be simpler to accomplish the same thing.