diff --git a/go.mod b/go.mod index a290fdca7..471bf6bd8 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/magiconair/properties v1.8.7 github.com/mitchellh/hashstructure v1.1.0 github.com/mitchellh/mapstructure v1.5.0 - github.com/nais/liberator v0.0.0-20240930132950-ae1e00c06b2b + github.com/nais/liberator v0.0.0-20241016090233-9652864f12fa github.com/novln/docker-parser v1.0.0 github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.74.0 github.com/prometheus/client_golang v1.20.2 @@ -40,12 +40,10 @@ require ( github.com/emicklei/go-restful/v3 v3.11.0 // indirect github.com/evanphx/json-patch v5.6.0+incompatible // indirect github.com/evanphx/json-patch/v5 v5.9.0 // indirect - github.com/fatih/color v1.16.0 // indirect github.com/fsnotify/fsnotify v1.7.0 // indirect github.com/go-openapi/jsonpointer v0.19.6 // indirect github.com/go-openapi/jsonreference v0.20.2 // indirect github.com/go-openapi/swag v0.22.3 // indirect - github.com/gobuffalo/flect v1.0.2 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/snappy v0.0.4 // indirect @@ -54,7 +52,6 @@ require ( github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-uuid v1.0.3 // indirect github.com/hashicorp/hcl v1.0.0 // indirect - github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/jcmturner/aescts/v2 v2.0.0 // indirect github.com/jcmturner/dnsutils/v2 v2.0.0 // indirect github.com/jcmturner/gofork v1.7.6 // indirect @@ -64,8 +61,6 @@ require ( github.com/json-iterator/go v1.1.12 // indirect github.com/klauspost/compress v1.17.9 // indirect github.com/mailru/easyjson v0.7.7 // indirect - github.com/mattn/go-colorable v0.1.13 // indirect - github.com/mattn/go-isatty v0.0.20 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect @@ -83,20 +78,16 @@ require ( github.com/sourcegraph/conc v0.3.0 // indirect github.com/spf13/afero v1.11.0 // indirect github.com/spf13/cast v1.6.0 // indirect - github.com/spf13/cobra v1.8.0 // indirect github.com/subosito/gotenv v1.6.0 // indirect go.uber.org/multierr v1.11.0 // indirect golang.org/x/crypto v0.24.0 // indirect golang.org/x/exp v0.0.0-20230905200255-921286631fa9 // indirect - golang.org/x/mod v0.17.0 // indirect golang.org/x/net v0.26.0 // indirect golang.org/x/oauth2 v0.21.0 // indirect - golang.org/x/sync v0.7.0 // indirect golang.org/x/sys v0.22.0 // indirect golang.org/x/term v0.21.0 // indirect golang.org/x/text v0.16.0 // indirect golang.org/x/time v0.5.0 // indirect - golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect @@ -104,7 +95,6 @@ require ( k8s.io/apiextensions-apiserver v0.30.1 // indirect k8s.io/klog/v2 v2.120.1 // indirect k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect - sigs.k8s.io/controller-tools v0.15.0 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect sigs.k8s.io/yaml v1.4.0 // indirect diff --git a/go.sum b/go.sum index 9756dba42..9b9d1f059 100644 --- a/go.sum +++ b/go.sum @@ -8,7 +8,6 @@ github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= -github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -26,8 +25,6 @@ github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCv github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg= github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ= -github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM= -github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE= github.com/fortytw2/leaktest v1.3.0 h1:u8491cBMTQ8ft8aeV+adlcytMZylmA5nnwwkRZjI8vw= github.com/fortytw2/leaktest v1.3.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g= github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8= @@ -48,8 +45,6 @@ github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/ github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= -github.com/gobuffalo/flect v1.0.2 h1:eqjPGSo2WmjgY2XlpGwo2NXgL3RucAKo4k4qQMNA5sA= -github.com/gobuffalo/flect v1.0.2/go.mod h1:A5msMlrHtLqh9umBSnvabjsMrCcCpAyzglnDvkbYKHs= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= @@ -84,8 +79,6 @@ github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4= github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY= -github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= -github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/jcmturner/aescts/v2 v2.0.0 h1:9YKLH6ey7H4eDBXW8khjYslgyqG2xZikXP0EQFKrle8= github.com/jcmturner/aescts/v2 v2.0.0/go.mod h1:AiaICIRyfYg35RUkr8yESTqvSy7csK90qZ5xfvvsoNs= github.com/jcmturner/dnsutils/v2 v2.0.0 h1:lltnkeZGL0wILNvrNiVCR6Ro5PGU/SeBvVO/8c/iPbo= @@ -119,11 +112,6 @@ github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0V github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0= github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= -github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= -github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= -github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= -github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= -github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= github.com/mitchellh/hashstructure v1.1.0 h1:P6P1hdjqAAknpY/M1CGipelZgp+4y9ja9kmUZPXP+H0= github.com/mitchellh/hashstructure v1.1.0/go.mod h1:xUDAozZz0Wmdiufv0uyhnHkUTN6/6d8ulp4AwfLKrmA= github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= @@ -135,10 +123,8 @@ github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9G github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= -github.com/nais/liberator v0.0.0-20240911111032-a71f8d06f684 h1:REF6iHubtWc4xL67kB7pG7fJb6jQJY2J6lbPwnhQ96w= -github.com/nais/liberator v0.0.0-20240911111032-a71f8d06f684/go.mod h1:1d4h64edIHLy3L0m7X4MrAR9a5lE7s85KwF6tjTKMUY= -github.com/nais/liberator v0.0.0-20240930132950-ae1e00c06b2b h1:e0PiUXTGiba/nWoLiWjlPDCkEKcrSg26iK0foyypAyU= -github.com/nais/liberator v0.0.0-20240930132950-ae1e00c06b2b/go.mod h1:1d4h64edIHLy3L0m7X4MrAR9a5lE7s85KwF6tjTKMUY= +github.com/nais/liberator v0.0.0-20241016090233-9652864f12fa h1:io4YDPXVTbOxdyLUUZyl6o43DcV+RKzWzqXLaIhqD5k= +github.com/nais/liberator v0.0.0-20241016090233-9652864f12fa/go.mod h1:1d4h64edIHLy3L0m7X4MrAR9a5lE7s85KwF6tjTKMUY= github.com/novln/docker-parser v1.0.0 h1:PjEBd9QnKixcWczNGyEdfUrP6GR0YUilAqG7Wksg3uc= github.com/novln/docker-parser v1.0.0/go.mod h1:oCeM32fsoUwkwByB5wVjsrsVQySzPWkl3JdlTn1txpE= github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= @@ -172,7 +158,6 @@ github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 h1:N/ElC8H3+5X github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ= github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog= -github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/sagikazarmark/locafero v0.4.0 h1:HApY1R9zGo4DBgr7dqsTH/JJxLTTsOt7u6keLGt6kNQ= github.com/sagikazarmark/locafero v0.4.0/go.mod h1:Pe1W6UlPYUk/+wc/6KFhbORCfqzgYEpgQ3O5fPuL3H4= github.com/sagikazarmark/slog-shim v0.1.0 h1:diDBnUNK9N/354PgrxMywXnAwEr1QZcOr6gto+ugjYE= @@ -185,8 +170,6 @@ github.com/spf13/afero v1.11.0 h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8= github.com/spf13/afero v1.11.0/go.mod h1:GH9Y3pIexgf1MTIWtNGyogA5MwRIDXGUr+hbWNoBjkY= github.com/spf13/cast v1.6.0 h1:GEiTHELF+vaR5dhz3VqZfFSzZjYbgeKDpBxQVS4GYJ0= github.com/spf13/cast v1.6.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo= -github.com/spf13/cobra v1.8.0 h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0= -github.com/spf13/cobra v1.8.0/go.mod h1:WXLWApfZ71AjXPya3WOlMsY9yMs7YeiHhFVlvLyhcho= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/spf13/viper v1.19.0 h1:RWq5SEjt8o25SROyN3z2OrDB9l7RPd3lwTWU8EcEdcI= @@ -228,8 +211,6 @@ golang.org/x/exp v0.0.0-20230905200255-921286631fa9/go.mod h1:S2oDrQGGwySpoQPVqR golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= -golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA= -golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= @@ -257,9 +238,7 @@ golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI= golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= @@ -322,8 +301,6 @@ k8s.io/utils v0.0.0-20240310230437-4693a0247e57 h1:gbqbevonBh57eILzModw6mrkbwM0g k8s.io/utils v0.0.0-20240310230437-4693a0247e57/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= sigs.k8s.io/controller-runtime v0.18.5 h1:nTHio/W+Q4aBlQMgbnC5hZb4IjIidyrizMai9P6n4Rk= sigs.k8s.io/controller-runtime v0.18.5/go.mod h1:TVoGrfdpbA9VRFaRnKgk9P5/atA0pMwq+f+msb9M8Sg= -sigs.k8s.io/controller-tools v0.15.0 h1:4dxdABXGDhIa68Fiwaif0vcu32xfwmgQ+w8p+5CxoAI= -sigs.k8s.io/controller-tools v0.15.0/go.mod h1:8zUSS2T8Hx0APCNRhJWbS3CAQEbIxLa07khzh7pZmXM= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= diff --git a/pkg/resourcecreator/testdata/naisjob/cronjob_vault_sidecar_paths_override.yaml b/pkg/resourcecreator/testdata/naisjob/cronjob_vault.yaml similarity index 70% rename from pkg/resourcecreator/testdata/naisjob/cronjob_vault_sidecar_paths_override.yaml rename to pkg/resourcecreator/testdata/naisjob/cronjob_vault.yaml index c1e4fe494..bfe9590bf 100644 --- a/pkg/resourcecreator/testdata/naisjob/cronjob_vault_sidecar_paths_override.yaml +++ b/pkg/resourcecreator/testdata/naisjob/cronjob_vault.yaml @@ -1,5 +1,5 @@ testconfig: - description: vault enabled with sidecar enabled and user specified path for default app secrets + description: vault enabled with user specified path for default app secrets config: features: vault: true @@ -19,7 +19,6 @@ input: schedule: "* 2 * * *" vault: enabled: true - sidecar: true paths: - kvPath: /kv/preprod/fss/mynaisjob/mynamespace mountPath: /var/run/secrets/nais.io/vault @@ -43,25 +42,6 @@ tests: - name: "vault-volume" mountPath: "/var/run/secrets/nais.io/vault" subPath: "vault/var/run/secrets/nais.io/vault" - - name: "vks-sidecar" - image: "navikt/vault-sidekick:v0.3.10-d122b16" - args: - - "-v=10" - - "-logtostderr" - - "-renew-token" - - "-vault=https://vault.adeo.no" - env: - - name: "VAULT_AUTH_METHOD" - value: "token" - - name: "VAULT_TOKEN_FILE" - value: "/var/run/secrets/nais.io/vault/vault_token" - resources: - requests: - cpu: "10m" - volumeMounts: - - name: "vault-volume" - mountPath: "/var/run/secrets/nais.io/vault" - subPath: "vault/var/run/secrets/nais.io/vault" initContainers: - name: "vks-init" image: "navikt/vault-sidekick:v0.3.10-d122b16" diff --git a/pkg/resourcecreator/testdata/vault_sidecar.yaml b/pkg/resourcecreator/testdata/vault_sidecar.yaml deleted file mode 100644 index a3e22f5c2..000000000 --- a/pkg/resourcecreator/testdata/vault_sidecar.yaml +++ /dev/null @@ -1,83 +0,0 @@ -testconfig: - description: vault enabled with sidecar enabled -config: - features: - vault: true - vault: - address: https://vault.adeo.no - kv-path: /kv/preprod/fss - auth-path: auth/kubernetes/preprod/fss/login - init-container-image: navikt/vault-sidekick:v0.3.10-d122b16 -input: - kind: Application - apiVersion: nais.io/v1alpha1 - metadata: - name: myapplication - namespace: mynamespace - uid: "123456" - spec: - vault: - enabled: true - sidecar: true -tests: - - apiVersion: apps/v1 - kind: Deployment - name: myapplication - operation: CreateOrUpdate - match: - - type: subset - name: "vault configuration" - resource: - spec: - template: - spec: - containers: - - name: "myapplication" - volumeMounts: - - name: "vault-volume" - mountPath: "/var/run/secrets/nais.io/vault" - subPath: "vault/var/run/secrets/nais.io/vault" - - name: "vks-sidecar" - image: "navikt/vault-sidekick:v0.3.10-d122b16" - args: - - "-v=10" - - "-logtostderr" - - "-renew-token" - - "-vault=https://vault.adeo.no" - env: - - name: "VAULT_AUTH_METHOD" - value: "token" - - name: "VAULT_TOKEN_FILE" - value: "/var/run/secrets/nais.io/vault/vault_token" - resources: - requests: - cpu: "10m" - volumeMounts: - - name: "vault-volume" - mountPath: "/var/run/secrets/nais.io/vault" - subPath: "vault/var/run/secrets/nais.io/vault" - initContainers: - - name: "vks-init" - image: "navikt/vault-sidekick:v0.3.10-d122b16" - args: - - "-v=10" - - "-logtostderr" - - "-one-shot" - - "-vault=https://vault.adeo.no" - - "-save-token=/var/run/secrets/nais.io/vault/vault_token" - - "-cn=secret:/kv/preprod/fss/myapplication/mynamespace:dir=/var/run/secrets/nais.io/vault,fmt=flatten,retries=1" - env: - - name: "VAULT_AUTH_METHOD" - value: "kubernetes" - - name: "VAULT_SIDEKICK_ROLE" - value: "myapplication" - - name: "VAULT_K8S_LOGIN_PATH" - value: "auth/kubernetes/preprod/fss/login" - volumeMounts: - - name: "vault-volume" - mountPath: "/var/run/secrets/nais.io/vault" - subPath: "vault/var/run/secrets/nais.io/vault" - volumes: - - name: "vault-volume" - emptyDir: - medium: "Memory" diff --git a/pkg/resourcecreator/testdata/vault_sidecar_paths.yaml b/pkg/resourcecreator/testdata/vault_sidecar_paths.yaml deleted file mode 100644 index d9f4923fc..000000000 --- a/pkg/resourcecreator/testdata/vault_sidecar_paths.yaml +++ /dev/null @@ -1,90 +0,0 @@ -testconfig: - description: vault enabled with sidecar enabled and user specified paths -config: - features: - vault: true - vault: - address: https://vault.adeo.no - kv-path: /kv/preprod/fss - auth-path: auth/kubernetes/preprod/fss/login - init-container-image: navikt/vault-sidekick:v0.3.10-d122b16 -input: - kind: Application - apiVersion: nais.io/v1alpha1 - metadata: - name: myapplication - namespace: mynamespace - uid: "123456" - spec: - vault: - enabled: true - sidecar: true - paths: - - kvPath: /serviceuser/data/test/srvuser - mountPath: /secrets/credential/srvuser -tests: - - apiVersion: apps/v1 - kind: Deployment - name: myapplication - operation: CreateOrUpdate - match: - - type: subset - name: "vault configuration" - resource: - spec: - template: - spec: - containers: - - name: "myapplication" - volumeMounts: - - name: "vault-volume" - mountPath: "/var/run/secrets/nais.io/vault" - subPath: "vault/var/run/secrets/nais.io/vault" - - name: "vks-sidecar" - image: "navikt/vault-sidekick:v0.3.10-d122b16" - args: - - "-v=10" - - "-logtostderr" - - "-renew-token" - - "-vault=https://vault.adeo.no" - env: - - name: "VAULT_AUTH_METHOD" - value: "token" - - name: "VAULT_TOKEN_FILE" - value: "/var/run/secrets/nais.io/vault/vault_token" - resources: - requests: - cpu: "10m" - volumeMounts: - - name: "vault-volume" - mountPath: "/var/run/secrets/nais.io/vault" - subPath: "vault/var/run/secrets/nais.io/vault" - initContainers: - - name: "vks-init" - image: "navikt/vault-sidekick:v0.3.10-d122b16" - args: - - "-v=10" - - "-logtostderr" - - "-one-shot" - - "-vault=https://vault.adeo.no" - - "-save-token=/var/run/secrets/nais.io/vault/vault_token" - - "-cn=secret:/serviceuser/data/test/srvuser:dir=/secrets/credential/srvuser,fmt=flatten,retries=1" - - "-cn=secret:/kv/preprod/fss/myapplication/mynamespace:dir=/var/run/secrets/nais.io/vault,fmt=flatten,retries=1" - env: - - name: "VAULT_AUTH_METHOD" - value: "kubernetes" - - name: "VAULT_SIDEKICK_ROLE" - value: "myapplication" - - name: "VAULT_K8S_LOGIN_PATH" - value: "auth/kubernetes/preprod/fss/login" - volumeMounts: - - name: "vault-volume" - mountPath: "/secrets/credential/srvuser" - subPath: "vault/secrets/credential/srvuser" - - name: "vault-volume" - mountPath: "/var/run/secrets/nais.io/vault" - subPath: "vault/var/run/secrets/nais.io/vault" - volumes: - - name: "vault-volume" - emptyDir: - medium: "Memory" diff --git a/pkg/resourcecreator/testdata/vault_sidecar_paths_override.yaml b/pkg/resourcecreator/testdata/vault_sidecar_paths_override.yaml deleted file mode 100644 index 8d262bb20..000000000 --- a/pkg/resourcecreator/testdata/vault_sidecar_paths_override.yaml +++ /dev/null @@ -1,86 +0,0 @@ -testconfig: - description: vault enabled with sidecar enabled and user specified path for default app secrets -config: - features: - vault: true - vault: - address: https://vault.adeo.no - kv-path: /kv/preprod/fss - auth-path: auth/kubernetes/preprod/fss/login - init-container-image: navikt/vault-sidekick:v0.3.10-d122b16 -input: - kind: Application - apiVersion: nais.io/v1alpha1 - metadata: - name: myapplication - namespace: mynamespace - uid: "123456" - spec: - vault: - enabled: true - sidecar: true - paths: - - kvPath: /kv/preprod/fss/myapplication/mynamespace - mountPath: /var/run/secrets/nais.io/vault -tests: - - apiVersion: apps/v1 - kind: Deployment - name: myapplication - operation: CreateOrUpdate - match: - - type: subset - name: "vault configuration" - resource: - spec: - template: - spec: - containers: - - name: "myapplication" - volumeMounts: - - name: "vault-volume" - mountPath: "/var/run/secrets/nais.io/vault" - subPath: "vault/var/run/secrets/nais.io/vault" - - name: "vks-sidecar" - image: "navikt/vault-sidekick:v0.3.10-d122b16" - args: - - "-v=10" - - "-logtostderr" - - "-renew-token" - - "-vault=https://vault.adeo.no" - env: - - name: "VAULT_AUTH_METHOD" - value: "token" - - name: "VAULT_TOKEN_FILE" - value: "/var/run/secrets/nais.io/vault/vault_token" - resources: - requests: - cpu: "10m" - volumeMounts: - - name: "vault-volume" - mountPath: "/var/run/secrets/nais.io/vault" - subPath: "vault/var/run/secrets/nais.io/vault" - initContainers: - - name: "vks-init" - image: "navikt/vault-sidekick:v0.3.10-d122b16" - args: - - "-v=10" - - "-logtostderr" - - "-one-shot" - - "-vault=https://vault.adeo.no" - - "-save-token=/var/run/secrets/nais.io/vault/vault_token" - - "-cn=secret:/kv/preprod/fss/myapplication/mynamespace:dir=/var/run/secrets/nais.io/vault,fmt=flatten,retries=1" - env: - - name: "VAULT_AUTH_METHOD" - value: "kubernetes" - - name: "VAULT_SIDEKICK_ROLE" - value: "myapplication" - - name: "VAULT_K8S_LOGIN_PATH" - value: "auth/kubernetes/preprod/fss/login" - volumeMounts: - - name: "vault-volume" - mountPath: "/var/run/secrets/nais.io/vault" - subPath: "vault/var/run/secrets/nais.io/vault" - volumes: - - name: "vault-volume" - emptyDir: - medium: "Memory" diff --git a/pkg/resourcecreator/vault/vault.go b/pkg/resourcecreator/vault/vault.go index b0f55bb27..96b8da74e 100644 --- a/pkg/resourcecreator/vault/vault.go +++ b/pkg/resourcecreator/vault/vault.go @@ -47,11 +47,6 @@ func Create(source Source, ast *resource.Ast, cfg Config) error { } ast.InitContainers = append(ast.InitContainers, createInitContainer(source, vaultCfg, paths)) - - if naisVault.Sidecar { - ast.Containers = append(ast.Containers, createSideCarContainer(vaultCfg)) - } - ast.Volumes = append(ast.Volumes, corev1.Volume{ Name: "vault-volume", VolumeSource: corev1.VolumeSource{ @@ -60,7 +55,6 @@ func Create(source Source, ast *resource.Ast, cfg Config) error { }, }, }) - ast.VolumeMounts = append(ast.VolumeMounts, createInitContainerMounts(paths)...) return nil diff --git a/pkg/resourcecreator/vault/vaultcontainer.go b/pkg/resourcecreator/vault/vaultcontainer.go index c09791770..6d922ac55 100644 --- a/pkg/resourcecreator/vault/vaultcontainer.go +++ b/pkg/resourcecreator/vault/vaultcontainer.go @@ -8,7 +8,6 @@ import ( "github.com/nais/naiserator/pkg/naiserator/config" "github.com/nais/naiserator/pkg/resourcecreator/resource" corev1 "k8s.io/api/core/v1" - k8sResource "k8s.io/apimachinery/pkg/api/resource" "k8s.io/utils/pointer" ) @@ -105,39 +104,6 @@ func createSecurityContext() *corev1.SecurityContext { } } -func createSideCarContainer(options config.Vault) corev1.Container { - args := []string{ - "-v=10", - "-logtostderr", - "-renew-token", - fmt.Sprintf("-vault=%s", options.Address), - } - - return corev1.Container{ - Name: "vks-sidecar", - VolumeMounts: []corev1.VolumeMount{createDefaultMount()}, - Args: args, - Image: options.InitContainerImage, - Resources: corev1.ResourceRequirements{ - Requests: corev1.ResourceList{ - corev1.ResourceCPU: k8sResource.MustParse("10m"), - }, - }, - Env: []corev1.EnvVar{ - { - Name: "VAULT_AUTH_METHOD", - Value: "token", - }, - - { - Name: "VAULT_TOKEN_FILE", - Value: defaultVaultTokenFileName(), - }, - }, - SecurityContext: createSecurityContext(), - } -} - func createInitContainerMounts(paths []nais_io_v1.SecretPath) []corev1.VolumeMount { volumeMounts := make([]corev1.VolumeMount, 0, len(paths)) for _, path := range paths {