Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

wait for reconfigure #461

Closed
2 tasks done
saksmt opened this issue May 8, 2024 · 2 comments
Closed
2 tasks done

wait for reconfigure #461

saksmt opened this issue May 8, 2024 · 2 comments
Labels
kind/enhancement Categorizes issue or PR as related to an improvement. lifecycle/stale Denotes an issue or PR that has become stale and will be auto-closed.

Comments

@saksmt
Copy link

saksmt commented May 8, 2024

Preflight Checklist

  • I have searched the issue tracker for an issue that matches the one I want to file, without success.
  • I agree to follow the Code of Conduct.

Problem Description

Currently there is no way to know if config-map for vault (the one with vault_cr) is applied, so there is no way to programmatically wait for it to apply (other than probably polling vault for required changes to be present)

Proposed Solution

Add a label or annotation to already applied config maps after vault-configurer is done with them. Would also be nice to have errors present there instead of configurer logs if feasible.

Alternatives Considered

Full-blown CRD for dynamic vault configuration with proper lifecycle in events instead of labeled (hardcodedly so) config maps.

Additional Information

Example:

For example we want to create secret store and then add some app depending on it to be present

vault-secrets.yaml

apiVersion: v1
kind: ConfigMap
metadata:
  labels:
    app.kubernetes.io/name: vault-configurator
    vault_cr: vault
  name: platform-kv-secrets
  namespace: security-vault
data:
  vault-config.yml: |
    secrets:
      - type: kv
        options:
          version: "2"
        path: platform/secrets

something.yaml

apiVersion: v1
kind: ...

auto-apply.sh

# this may be somewhere in CI or something

kubectl apply -f vault-secrets.yaml

kubectl wait ???

kubectl apply -f something.yaml

This may not seem like very critical issue, that is until content of something is a one-shot job, for example to populate newly created secret engine in atomic and idempotent way (CAS and all)
@saksmt saksmt added the kind/enhancement Categorizes issue or PR as related to an improvement. label May 8, 2024
@github-actions GitHub Actions
Copy link

Thank you for your contribution! This issue has been automatically marked as stale because it has no recent activity in the last 60 days. It will be closed in 20 days, if no further activity occurs. If this issue is still relevant, please leave a comment to let us know, and the stale label will be automatically removed.

@github-actions github-actions bot added the lifecycle/stale Denotes an issue or PR that has become stale and will be auto-closed. label Jul 14, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Aug 4, 2024

This issue has been marked stale for 20 days, and is now closed due to inactivity. If the issue is still relevant, please re-open this issue or file a new one. Thank you!

@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Aug 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/enhancement Categorizes issue or PR as related to an improvement. lifecycle/stale Denotes an issue or PR that has become stale and will be auto-closed.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@saksmt