-
Notifications
You must be signed in to change notification settings - Fork 0
diff command
The tkseal diff PATH command is used to show the difference between the local plain_secrets.json file and the current Opaque Kubernetes secrets associated with a Tanka environment path. The underlying workflow for this command relies on three primary modules:
- Configuration,
- SecretState
- Diff
Based on the implementation plan detailed in the sources, here is the workflow and features of the tkseal diff command:
• Primary Goal: Shows what changes would be applied in the Kubernetes cluster based on the local plain_secrets.json file.
Branch 1: Initialization & Prerequisites (CLI Integration)
- Input Handling: ◦ Requires a PATH argument (the path to the Tanka environment directory).
-
Dependency Check:
- Must verify the existence of required CLI dependencies:
kubectl.Grafana Tanka (tk).-
kubeseal.◦ If dependencies are missing, an error is raised, and the user is advised to run tkseal ready.
- Must verify the existence of required CLI dependencies:
-
User Notification:
- Prints an informational message to the user: "This shows what would change in the cluster based on
plain_secrets.json".
- Prints an informational message to the user: "This shows what would change in the cluster based on
Branch 2: Secret State Management (SecretState Module)
• Purpose: Coordinates state between local files and the Kubernetes cluster.
• Path Normalization:
◦ Normalizes the input path (e.g., removes trailing slashes or .jsonnet extensions).
• Local File Access (Source of Changes):
◦ Defines the path to plain_secrets.json.
◦ Reads plain_secrets content from the file.
◦ Feature: Returns an empty string if plain_secrets.json is missing.
• Cluster Access (Target State):
◦ Retrieves kube_secrets (Opaque Kubernetes secrets) by calling Secrets.for_tk_env.
◦ Converts the retrieved secrets into a JSON string format.
• Environment Context Delegation:
◦ Retrieves the Kubernetes context from the Tanka environment.
◦ Retrieves the Kubernetes namespace from the Tanka environment.
e.g. Run tk status . and see how looks the output
Context: {cluster_name} Cluster: {cluster_name} Environment: APIServer: https://{cluster}.kubernetes.hathitrust.org ApplyStrategy: server ContextNames: [] DiffStrategy: server ExpectVersions: map[Tanka:] ExportJsonnetImplementation: InjectLabels: false Namespace: {namespace_name} ResourceDefaults: map[Annotations:map[] Labels:map[]] TankaEnvLabelFromFields: [] Resources: NAMESPACE OBJECTSPEC {namespace_name} ConfigMap/{config_1} {namespace_name} PersistentVolumeClaim/{condif_1_persVol} {namespace_name} Service/{service_1} {namespace_name} Deployment/{deployment_1} {namespace_name} SealedSecret/{service_1_sealedSecret}
Branch 3: Comparison & Output Features (Diff Module) • Core Function: Compares two text strings (secrets) and displays differences. • Primary Comparison Mode (plain()): ◦ This is the mode executed by tkseal diff PATH. ◦ Comparison Direction: Shows changes that would be made to the cluster by the local plain secrets. ◦ Input Order: Compares secret_state.kube_secrets (as from_text) against secret_state.plain_secrets (as to_text). ◦ Visualization: Generates a unified diff using difflib.unified_diff. ◦ Feature: Specifically shows additions (+) when comparing the cluster state to the local file. • Output Handling: ◦ Feature: No Differences Message: If the generated diff is empty, it prints the message: "No differences". • Secondary Comparison Mode (Internal Feature: pull()): ◦ Although not the primary function of tkseal diff in the CLI, the Diff module supports a reverse comparison. ◦ Comparison Direction: Shows changes that pulling Kubernetes secrets into the local plain_secrets.json would make. ◦ Input Order: Compares secret_state.plain_secrets (as from_text) against secret_state.kube_secrets (as to_text). ◦ Visualization: Specifically shows removals (-) when the local file differs from the cluster secrets in this mode