-
Notifications
You must be signed in to change notification settings - Fork 50
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add ConfigMapSyncer controller and rukpak-ca configmap #483
Conversation
a07b0a7
to
9e016be
Compare
af4a480
to
0a8ea0e
Compare
/hold cancel |
The controller-runtime multi-namespace cache builder PR has not merged yet, so I've refactored this PR to:
|
e4b633a
to
fd8a0d9
Compare
13c8cbc
to
1e91478
Compare
The ConfigMapSyncer syncs secret data to configmaps based on injection annotations present in configmaps in watched namespaces. We include a rukpak-ca configmap with these annotations present so that cluster administrators can share rukpak-ca trust without exposing the CA key that's present in the rukpak-ca secret. This commit also updates the rukpakctl binary to use the configmap rather than the secret to load the rukpak CA. This is helpful for rukpak users that might have access to read configmaps but not secrets in the rukpak system namespace. Signed-off-by: Joe Lanford <joe.lanford@gmail.com>
This PR is two steps forward, but one step back:
Therefore
|
PR needs rebase. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
The ConfigMapSyncer syncs secret data to configmaps based on injection
annotations present in configmaps in watched namespaces.
We include a rukpak-ca configmap with these annotations present so
that cluster administrators can share rukpak-ca trust without
exposing the CA key that's present in the rukpak-ca secret.
Closes #475
Signed-off-by: Joe Lanford joe.lanford@gmail.com