Add backend/config developer guide, DELTA.md automation, and gen_delt…#8
Add backend/config developer guide, DELTA.md automation, and gen_delt…#8gkostin1966 wants to merge 2 commits into
Conversation
There was a problem hiding this comment.
Pull request overview
Adds developer-facing documentation and a repeatable automation path for comparing and updating Kubernetes-managed dspace.cfg across demo/production/workshop, while keeping decrypted cfg files out of version control.
Changes:
- Added
backend/config/README.mdwith a step-by-step workflow for fetching, editing, and reapplying thedspace-cfgSecret (and explaining ConfigMap overrides). - Added
dotpy/gen_delta.pyto regenerate an auto-redactedbackend/config/DELTA.mdcomparing environment configs. - Updated
.gitignoreto excludebackend/config/*.cfgand addeddotpy/README.mddocumentation for the new script.
Reviewed changes
Copilot reviewed 4 out of 5 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
dotpy/gen_delta.py |
New generator script to diff three cfg files and produce a redacted DELTA.md with findings/recommendations. |
dotpy/README.md |
Documents how to run gen_delta.py and fetch prerequisite cfg files. |
backend/config/README.md |
New operational guide for managing dspace.cfg Secrets and ConfigMap overrides across environments. |
backend/config/DELTA.md |
Generated comparison artifact summarizing current config differences and findings. |
.gitignore |
Prevents committing decrypted cfg files containing secrets. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| ```shell | ||
| cat from-kube.<NAMESPACE>.dspace.cfg | base64 > from-kube.<NAMESPACE>.dspace.cfg.base64 | ||
| ``` | ||
|
|
||
| ### 4. Patch the secret directly (recommended) | ||
|
|
||
| ```shell | ||
| kubectl -n <NAMESPACE> patch secret dspace-cfg \ | ||
| --type='json' \ | ||
| -p="[{\"op\":\"replace\",\"path\":\"/data/dspace.cfg\",\"value\":\"$(cat from-kube.<NAMESPACE>.dspace.cfg.base64)\"}]" | ||
| ``` |
There was a problem hiding this comment.
The base64 re-encode + JSON patch workflow is likely to fail because base64 commonly inserts newlines/wrapping, and $(cat …) will embed those literal newlines into the JSON string passed to kubectl patch. Use a no-wrap base64 option (e.g., base64 -w 0 / base64 --wrap=0) or strip newlines (tr -d '\n') so the patched value is a single-line base64 string.
| ```shell | ||
| kubectl -n <NAMESPACE> get secret dspace-cfg \ | ||
| -o jsonpath="{.data.dspace\.cfg}" | base64 --decode > from-kube.<NAMESPACE>.dspace.cfg | ||
| ``` |
There was a problem hiding this comment.
Step 1 writes the decrypted Secret to from-kube.<NAMESPACE>.dspace.cfg in the current working directory, but only backend/config/*.cfg is gitignored. If someone runs this from the repo root (likely), they will create a plaintext secrets file that is not ignored and could be committed accidentally. Update the commands to write into backend/config/ (or explicitly instruct users to cd backend/config before starting).
…a.py - backend/config/README.md: developer guide for updating dspace.cfg secrets in Kubernetes across production, workshop, and demo environments. Covers the two-layer config (Secret + ConfigMap overrides), kubectl context switching, step-by-step secret update workflow, and how to regenerate the local cfg files from scratch. - backend/config/DELTA.md: auto-generated comparison of the three dspace.cfg environments (25 differing properties, key findings, recommendations). Regenerated by dotpy/gen_delta.py. - dotpy/gen_delta.py: new script that parses the three from-kube.*.dspace.cfg files, computes all differing properties, redacts sensitive values, and writes a fresh DELTA.md with a padded Markdown table, auto-detected findings, and recommendations. - dotpy/README.md: added gen_delta.py entry following existing conventions. - .gitignore: added backend/config/*.cfg to prevent secrets from being committed (db passwords, DOI credentials, API keys).
gkostin1966
force-pushed
the
DEEPBLUE-466/backend
branch
from
e8f57ba to
a6a9314
Compare
|
Moved this code to deepblue-documents-kube project. Closing this PR and deleting the branch. |
…a.py
backend/config/README.md: developer guide for updating dspace.cfg secrets in Kubernetes across production, workshop, and demo environments. Covers the two-layer config (Secret + ConfigMap overrides), kubectl context switching, step-by-step secret update workflow, and how to regenerate the local cfg files from scratch.
backend/config/DELTA.md: auto-generated comparison of the three dspace.cfg environments (25 differing properties, key findings, recommendations). Regenerated by dotpy/gen_delta.py.
dotpy/gen_delta.py: new script that parses the three from-kube.*.dspace.cfg files, computes all differing properties, redacts sensitive values, and writes a fresh DELTA.md with a padded Markdown table, auto-detected findings, and recommendations.
dotpy/README.md: added gen_delta.py entry following existing conventions.
.gitignore: added backend/config/*.cfg to prevent secrets from being committed (db passwords, DOI credentials, API keys).