-
Notifications
You must be signed in to change notification settings - Fork 168
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add agent-inject-containers annotation #163
Add agent-inject-containers annotation #163
Conversation
name string | ||
annotations map[string]string | ||
expected string | ||
hasPatch bool |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: gofmt needs to be run on this file.
{ | ||
name: "InjectContainers annotation with container name", | ||
annotations: map[string]string{AnnotationAgentInjectContainers: "baz"}, | ||
expected: "baz", | ||
hasPatch: false, | ||
}, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We'll need another test here for multiple containers being selected via this annotation.
raw, ok := a.Pod.Annotations[AnnotationAgentInjectContainers]; | ||
if !ok { | ||
return patches, fmt.Errorf("vault.hashicorp.com/agent-inject-containers annotation not found") | ||
} | ||
|
||
names := make(map[string]struct{}) | ||
for _, name := range strings.Split(raw, ",") { | ||
names[name] = struct{}{} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm thinking this code isn't necessary because we could extend the Agent
struct to have a Containers []string
type, then populate that using the Init function. If the slice is empty, apply to all containers, if it's not, only mount to containers that match.
hey @luke-dd , I'm interested in this functionality; do you need help with this or do you mind if I take this forward? |
Bumping this 😄 |
Sorry for not closing the loop on this! Feel free to take it over @Chili-Man |
Hello @jasonodonnell I created a PR to continue the work of @luke-dd |
Continued in #245 |
Adds the following annotation which allows you to specify which containers will have the secrets volume mounted.
The reasoning behind this annotation is to allow for the limiting of the presence of plaintext secrets to only containers that absolutely need them.