Support/ignore injected sidecar containers in the kube cert agent pod #1681
Assignees
Labels
enhancement
New feature or request
estimate/S
Estimated effort/complexity/risk is small
state/accepted
All done!
Comments
pinniped-ci-bot
added
enhancement
pinniped-ci-bot
added
state/started
pinniped-ci-bot
added
state/accepted
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
When the Pinniped Concierge is used on a cluster which is configured to automatically inject sidecar containers into every Pod, then the Concierge controller which fetches keys from the kube cert agent Pod will fail to fetch the keys. This can result in an unusable installation of the Concierge.
The following error will be seen in the Concierge pod logs and on the status of the CredentialIssuer resource:
could not exec into agent pod...a container name must be specified for pod.This was not seen previously because there is normally only one container deployed in the pod, unless the cluster is configured to automatically inject additional containers.
Describe the solution you'd like
The kube cert agent controller should specify the name of the container into which it wants to exec.
Are you considering submitting a PR for this feature?
Yes.
The text was updated successfully, but these errors were encountered: