Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fixed issue SparebankenVest/azure-key-vault-to-kubernetes#4 where pod…
…IdentitySelector was not added to template
- Loading branch information
Showing
2 changed files
with
4 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
18d2293
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@torresdal It is not clear to me how to set my aadpodidbinding-label through a Helm install. I have tried the following:
helm upgrade -i azure-key-vault-controller spv-charts/azure-key-vault-controller --namespace akv2k8s --set keyVault.customAuth.enabled=true --set keyVault.customAuth.podIdentitySelector=thisismylabel
This command has not resulted in my aadpodidbinding-label being set. What am I doing wrong?
18d2293
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@foroozf001 The explicit value for aad-pod-identity is removed from our Chart. Use the Helm value
podLabels
according to the docs in aad-pod-identity.18d2293
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am reading the documentation docs and it is unclear to me as to how to set this parameter from the command line. Can you give a concrete example how to go about it? I'm trying the following:
helm upgrade -i azure-key-vault-controller spv-charts/azure-key-vault-controller --namespace akv2k8s --set keyVault.customAuth.enabled=true --set controller.podLabels.aadpodidbinding=myazureidhere
18d2293
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@foroozf001
First: The docs you're referring to is the
akv2k8s
helm chart, a Helm 3 chart containing both the controller and env-injector. This is the chart we recommend to use going forward (we still need to update some docs). However, the chart you're trying to install in your command isazure-key-vault-controller
and has its docs here: https://github.com/SparebankenVest/public-helm-charts/tree/master/stable/azure-key-vault-controller . The values in these charts differ as in theakv2k8s
chart you need to prefix withcontroller
orenv_injector
respectively.Secondly: There was an error in the chart. The custom labels were generated under
selector.matchLabels
instead oftemplate.metadata.labels
- this is now corrected in latest charts. The correct commands (using template locally for test here):akv2k8s chart (env-injector disabled):
or for the azure-key-vault-controller:
18d2293
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks so much! @torresdal