Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add namespace and log level annotations #82

Merged
merged 4 commits into from
Feb 24, 2020
Merged

Add namespace and log level annotations #82

merged 4 commits into from
Feb 24, 2020

Conversation

jasonodonnell
Copy link
Contributor

This resolves #20 by adding Vault namespace support for enterprise installations. Additionally when debugging namespace features, I needed to increase log level. This adds another annotation to change the Vault Agent log level (default to info).

@jasonodonnell jasonodonnell added this to the 0.3.0 milestone Feb 20, 2020
@@ -10,6 +10,11 @@ import (
func (a *Agent) ContainerEnvVars(init bool) ([]corev1.EnvVar, error) {
var envs []corev1.EnvVar

envs = append(envs, corev1.EnvVar{
Name: "VAULT_TOKEN",
Value: "/home/vault/.vault-token",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should this use the TokenFile const?

TokenFile = "/home/vault/.vault-token"

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't this environment variable hold the contents of the token instead? cf. https://www.vaultproject.io/docs/commands/#vault_token

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There's a bug with Kube auth login and namespaces that we haven't been able to track down, so setting this was the only way to get it to work. Auto-auth populates file cache which takes priority. This could be any value.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can put a comment in about this being a work around until we find the bug in the auth method.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see. I think this might affect the auto-revoke on shutdown that I implemented in #67

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I will test the two together and let you know.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@lawliet89 I found a less intrusive solution. This shouldn't cause issues for you!

@thecodejunkie
Copy link

Really looking forward to this PR going in 😄 Great work!

@jasonodonnell jasonodonnell merged commit b364c3f into master Feb 24, 2020
@jasonodonnell jasonodonnell deleted the namespaces branch February 24, 2020 14:51
@jasonodonnell jasonodonnell mentioned this pull request Mar 4, 2020
NLRemco pushed a commit to NLRemco/vault-k8s that referenced this pull request Feb 22, 2022
* Add namespace and log level annotations

* Remove env, add blank token file

* Fix tests

* gofmt
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Support for Vault Namespace
4 participants