You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently there is no way to know if config-map for vault (the one with vault_cr) is applied, so there is no way to programmatically wait for it to apply (other than probably polling vault for required changes to be present)
Proposed Solution
Add a label or annotation to already applied config maps after vault-configurer is done with them. Would also be nice to have errors present there instead of configurer logs if feasible.
Alternatives Considered
Full-blown CRD for dynamic vault configuration with proper lifecycle in events instead of labeled (hardcodedly so) config maps.
Additional Information
Example:
For example we want to create secret store and then add some app depending on it to be present
# this may be somewhere in CI or something
kubectl apply -f vault-secrets.yaml
kubectl wait???
kubectl apply -f something.yaml
This may not seem like very critical issue, that is until content of something is a one-shot job, for example to populate newly created secret engine in atomic and idempotent way (CAS and all)
The text was updated successfully, but these errors were encountered:
Preflight Checklist
Problem Description
Currently there is no way to know if config-map for vault (the one with
vault_cr
) is applied, so there is no way to programmatically wait for it to apply (other than probably polling vault for required changes to be present)Proposed Solution
Add a label or annotation to already applied config maps after vault-configurer is done with them. Would also be nice to have errors present there instead of configurer logs if feasible.
Alternatives Considered
Full-blown CRD for dynamic vault configuration with proper lifecycle in events instead of labeled (hardcodedly so) config maps.
Additional Information
Example:
For example we want to create secret store and then add some app depending on it to be present
vault-secrets.yaml
something.yaml
auto-apply.sh
This may not seem like very critical issue, that is until content of something is a one-shot job, for example to populate newly created secret engine in atomic and idempotent way (CAS and all)
The text was updated successfully, but these errors were encountered: