RR's get named like clustersubscription-8e7563f6-4370-4a36-8350-2fa7a8584ba6 and don't have any internal attribute or label that specifies the name of the subscription, nor details (name/uuid) of the version or channel. This can make debug difficult. Those details should be included as RR spec attributes or labels.

There are some cases where an event might have been missed, or a failure to apply the remoteresource occurred, or someone accidentally modified the RR and broke it. We should not rely on another event to come from razeedash before we try to rectify these issues.

My suggestion would be to set up some interval, maybe every 5-10min where we run callRazee() just in case we hit one of these edge cases. This would be in addition to the event based model that already exists.

• remove the dependency of razee_api, razee_org_key and razee_tags as environment variables
• look on the cluster for configmap/secret containing razee_api, razee_org_key and razee_tags
• call replace subscriptionsByTags with subscriptionsByCluster

Existing users would need to first create lables and register a cluster from razeedash. refs razee-io/Razeedash#321

Code updates for this are in the subscriptions_by_cluster branch

As part of its operation, ClusterSubscription renders a RemoteResource template. https://github.com/razee-io/ClusterSubscription/blob/master/lib/remoteResource.js#L13-L20

In this template it is injecting the orgKey in plain text as a request header. We shouldn't display keys in plain text, so we need to utilize the secret auth header feature defined in RemoteResource https://github.com/razee-io/RemoteResource#request-options (see Note about secretKeyRef)

ie:

const requestsTemplate = `{
  "options": {
    "url": "{{{url}}}",
    "headers": {
      "razee-org-key":
        "valueFrom":
          "secretKeyRef":
            "name": "clustersubscription-{{subscriptionUuid}}-secret"
            "namespace": "razeedeploy"
            "key": "razee-api-org-key"
    }
  }
}`;

in order to reference a secret like the above example, we need to first create a secret.

ie:

const resourceTemplate = {
  'apiVersion': v1,
  'kind': Secret,
  'metadata': {
    'namespace': NAMESPACE,
    'name': resourceName,
    'annotations': {
      'deploy.razee.io/clustersubscription': sub.subscriptionUuid,
      'deploy.razee.io/clusterid': clusterId
    },
    'labels': {
      'razee/watch-resource': 'lite'
    }
  },
  'data': {
    'razee-api-org-key': apiKey
  }
};

the createRemoteResource function should be broken up in such a way as to utilize the code that applies the resource to the cluster for both the remoteResource and the secret. https://github.com/razee-io/ClusterSubscription/blob/master/lib/remoteResource.js#L22-L87

similarly, when a remoteResource gets deleted, the corresponding secret should also be deleted. You will need to break up this function to handle both secrets and remote resources too https://github.com/razee-io/ClusterSubscription/blob/master/lib/remoteResource.js#L89-L111

we are hitting the following error

> [email protected] start /usr/src/app
> node src/index.js
{"name":"cluster-subscription","hostname":"clustersubscription-786fddbb56-9bwzr","pid":19,"level":30,"msg":"Client has connected to the server!","time":"2020-03-10T14:54:52.556Z","v":0}
{"name":"cluster-subscription","hostname":"clustersubscription-786fddbb56-9bwzr","pid":19,"level":30,"msg":"Received subscription data from razeeapi {\n  subscriptions: [\n    {\n      name: 'jupyter-3.0',\n      uuid: '79c43b8e-bf03-42bf-91d1-e0389e9df2f3'\n    }\n  ],\n  urls: [ 'api/v1/channels/jupyter/a69d36b9-0646-4b5e-8d54-bfa2c5f6bdd2' ]\n}","time":"2020-03-10T14:54:52.558Z","v":0}
{"name":"cluster-subscription","hostname":"clustersubscription-786fddbb56-9bwzr","pid":19,"level":30,"msg":"Get 404 /apis/deploy.razee.io/v1alpha1/namespaces/razee/remoteresources/clustersubscription-rr","time":"2020-03-10T14:54:58.975Z","v":0}
{"name":"cluster-subscription","hostname":"clustersubscription-786fddbb56-9bwzr","pid":19,"level":50,"msg":"post error 404 Not Found {\n  kind: 'Status',\n  apiVersion: 'v1',\n  metadata: {},\n  status: 'Failure',\n  message: 'namespaces \"razee\" not found',\n  reason: 'NotFound',\n  details: { name: 'razee', kind: 'namespaces' },\n  code: 404\n}","time":"2020-03-10T14:54:59.141Z","v":0}

index.js -> Line #29, i see the namespace is configured as razee.

When we install the watchkeeper , razeedeploy namespace is created and deploy componenets are created under razeedeploy ns. But the clustersubscription deployment is referring to razee namespace.