From 4a35b5ea6009fb099322b709263f4b04b98501a7 Mon Sep 17 00:00:00 2001 From: Pedro Franco de Carvalho Date: Fri, 14 Feb 2025 10:05:53 -0300 Subject: [PATCH] Add PSA configuration secret to provisioning resource set When a k3s/RKE2 cluster is created with a non-default PSA configuration template, the configuration from that template is then stored in a secret, which is used by the control plane planner. This secret is only updated by the webhook when the provisioning cluster object is updated, and it wasn't included in the backups created from the default resource set, so after a migration the planner would get stuck in an error state until the secret was re-created manually. --- .../files/default-resourceset-contents/provisioningv2.yaml | 2 +- .../files/sensitive-resourceset-contents/provisioningv2.yaml | 2 +- e2e/test/data/rancher-resource-set-full.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/rancher-backup/files/default-resourceset-contents/provisioningv2.yaml b/charts/rancher-backup/files/default-resourceset-contents/provisioningv2.yaml index da9d23ee..0c4900a0 100644 --- a/charts/rancher-backup/files/default-resourceset-contents/provisioningv2.yaml +++ b/charts/rancher-backup/files/default-resourceset-contents/provisioningv2.yaml @@ -13,7 +13,7 @@ kindsRegexp: "." - apiVersion: "v1" kindsRegexp: "^secrets$" - resourceNameRegexp: "machine-plan$|rke-state$|machine-state$|machine-driver-secret$|machine-provision$|^harvesterconfig|^registryconfig-auth|^harvester-cloud-provider-config" + resourceNameRegexp: "machine-plan$|rke-state$|machine-state$|machine-driver-secret$|machine-provision$|admission-configuration-psact$|^harvesterconfig|^registryconfig-auth|^harvester-cloud-provider-config" namespaces: - "fleet-default" - apiVersion: "v1" diff --git a/charts/rancher-backup/files/sensitive-resourceset-contents/provisioningv2.yaml b/charts/rancher-backup/files/sensitive-resourceset-contents/provisioningv2.yaml index d4992160..f006bb38 100644 --- a/charts/rancher-backup/files/sensitive-resourceset-contents/provisioningv2.yaml +++ b/charts/rancher-backup/files/sensitive-resourceset-contents/provisioningv2.yaml @@ -1,5 +1,5 @@ - apiVersion: "v1" kindsRegexp: "^secrets$" - resourceNameRegexp: "machine-plan$|rke-state$|machine-state$|machine-driver-secret$|machine-provision$|^harvesterconfig|^registryconfig-auth|^harvester-cloud-provider-config" + resourceNameRegexp: "machine-plan$|rke-state$|machine-state$|machine-driver-secret$|machine-provision$|admission-configuration-psact$|^harvesterconfig|^registryconfig-auth|^harvester-cloud-provider-config" namespaces: - "fleet-default" diff --git a/e2e/test/data/rancher-resource-set-full.yaml b/e2e/test/data/rancher-resource-set-full.yaml index 8fc1e6ac..9161b506 100644 --- a/e2e/test/data/rancher-resource-set-full.yaml +++ b/e2e/test/data/rancher-resource-set-full.yaml @@ -296,7 +296,7 @@ resourceSelectors: - apiVersion: "v1" kindsRegexp: "^secrets$" - resourceNameRegexp: "machine-plan$|rke-state$|machine-state$|machine-driver-secret$|machine-provision$|^harvesterconfig|^registryconfig-auth|^harvester-cloud-provider-config" + resourceNameRegexp: "machine-plan$|rke-state$|machine-state$|machine-driver-secret$|machine-provision$|admission-configuration-psact$|^harvesterconfig|^registryconfig-auth|^harvester-cloud-provider-config" namespaces: - "fleet-default"