wait for reconfigure

[saksmt]

Preflight Checklist

• I have searched the issue tracker for an issue that matches the one I want to file, without success.
• I agree to follow the Code of Conduct.

Problem Description

Currently there is no way to know if config-map for vault (the one with vault_cr) is applied, so there is no way to programmatically wait for it to apply (other than probably polling vault for required changes to be present)

Proposed Solution

Add a label or annotation to already applied config maps after vault-configurer is done with them. Would also be nice to have errors present there instead of configurer logs if feasible.

Alternatives Considered

Full-blown CRD for dynamic vault configuration with proper lifecycle in events instead of labeled (hardcodedly so) config maps.

Additional Information

Example:

For example we want to create secret store and then add some app depending on it to be present

vault-secrets.yaml

apiVersion: v1
kind: ConfigMap
metadata:
  labels:
    app.kubernetes.io/name: vault-configurator
    vault_cr: vault
  name: platform-kv-secrets
  namespace: security-vault
data:
  vault-config.yml: |
    secrets:
      - type: kv
        options:
          version: "2"
        path: platform/secrets

something.yaml

apiVersion: v1
kind: ...

auto-apply.sh

# this may be somewhere in CI or something

kubectl apply -f vault-secrets.yaml

kubectl wait ???

kubectl apply -f something.yaml

This may not seem like very critical issue, that is until content of something is a one-shot job, for example to populate newly created secret engine in atomic and idempotent way (CAS and all)