Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add annotation to change init container order #91

Merged
merged 5 commits into from
Mar 3, 2020
Merged

Add annotation to change init container order #91

merged 5 commits into from
Mar 3, 2020

Conversation

jasonodonnell
Copy link
Contributor

@jasonodonnell jasonodonnell commented Mar 2, 2020
edited
Loading

This adds a new annotation vault.hashicorp.com/agent-init-first which reorders the init container array to make the Vault Agent first. Since init containers run sequentially in order they're defined, this makes when the Vault Agent runs configurable depending on different use cases (such as init containers that need vault secrets).

Also added secret mounts to other init containers present in the pod so they can consume Vault secrets if Vault Agent runs first.

Resolves #53 .

@jasonodonnell jasonodonnell added this to the 0.3.0 milestone Mar 2, 2020
@jasonodonnell jasonodonnell requested a review from tvoran March 2, 2020 18:01
malnick
malnick reviewed Mar 2, 2020
View reviewed changes
agent-inject/agent/agent.go Outdated Show resolved Hide resolved
malnick
malnick reviewed Mar 2, 2020
View reviewed changes
agent-inject/agent/agent.go Show resolved Hide resolved
agent-inject/agent/annotations.go Outdated Show resolved Hide resolved
@jasonodonnell
Copy link
Contributor Author

Since it was relevant I also fixed a bug where the init containers weren't getting secret mount volumes. Init containers can now consume Vault secrets if the Vault Agent runs first.

@jasonodonnell jasonodonnell mentioned this pull request Mar 2, 2020
Closed
@jasonodonnell jasonodonnell requested a review from tvoran March 2, 2020 21:51
@tvoran tvoran added enhancement New feature or request injector Area: mutating webhook service labels Mar 3, 2020
@jasonodonnell jasonodonnell merged commit af43093 into master Mar 3, 2020
@jasonodonnell jasonodonnell deleted the prepend branch March 3, 2020 15:38
@jasonodonnell jasonodonnell mentioned this pull request Mar 4, 2020
Merged
RemcoBuddelmeijer pushed a commit to RemcoBuddelmeijer/vault-k8s that referenced this pull request Feb 22, 2022
@jasonodonnell
Add annotation to change init container order (hashicorp#91)
1aad0fe 
* Add annotation to change init container order

* Fix comment

* Fix init containers not getting secret mounts

* Resolve suggestions

* Guard against misconfiguration of agent first
@NominalTrajectory NominalTrajectory mentioned this pull request Dec 20, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@malnick malnick malnick left review comments

@tvoran tvoran tvoran approved these changes

Assignees
No one assigned
Labels
enhancement New feature or request injector Area: mutating webhook service
Projects
None yet
Milestone
0.3.0
Development

Successfully merging this pull request may close these issues.

Define order of vault init container
3 participants
@jasonodonnell @tvoran @malnick