Skip to content

Commit

Permalink
Fixed issue SparebankenVest/azure-key-vault-to-kubernetes#4 where pod…
Browse files Browse the repository at this point in the history 
…IdentitySelector was not added to template
  • Loading branch information
@torresdal
torresdal committed Jun 21, 2019
1 parent 83c00da commit 18d2293
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 1 deletion.
2 changes: 1 addition & 1 deletion stable/azure-key-vault-controller/Chart.yaml
View file
Expand Up @@ -2,7 +2,7 @@ apiVersion: v1
appVersion: 0.1.14
description: A Helm chart that deploys a Kubernetes controller that transform Azure Key Vault Secrets into Kubernetes Secrets
name: azure-key-vault-controller
version: 0.1.20
version: 0.1.21
maintainers:
- name: Sparebanken Vest
email: jon.torresdal@spv.no
3 changes: 3 additions & 0 deletions stable/azure-key-vault-controller/templates/deployment.yaml
View file
Expand Up @@ -18,6 +18,9 @@ spec:
labels:
app: {{ template "azure-key-vault-controller.name" . }}
release: {{ .Release.Name }}
{{- if and .Values.keyVault.customAuth.enabled .Values.keyVault.customAuth.podIdentitySelector}}
aadpodidbinding: {{ .Values.keyVault.customAuth.podIdentitySelector }}
{{- end }}
spec:
serviceAccountName: {{ template "azure-key-vault-controller.fullname" . }}
containers:
Expand Down

5 comments on commit 18d2293

@foroozf001
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@torresdal It is not clear to me how to set my aadpodidbinding-label through a Helm install. I have tried the following:

helm upgrade -i azure-key-vault-controller spv-charts/azure-key-vault-controller --namespace akv2k8s --set keyVault.customAuth.enabled=true --set keyVault.customAuth.podIdentitySelector=thisismylabel

This command has not resulted in my aadpodidbinding-label being set. What am I doing wrong?

@torresdal
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@foroozf001 The explicit value for aad-pod-identity is removed from our Chart. Use the Helm value podLabels according to the docs in aad-pod-identity.

@foroozf001
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@foroozf001 The explicit value for aad-pod-identity is removed from our Chart. Use the Helm value podLabels according to the docs in aad-pod-identity.

I am reading the documentation docs and it is unclear to me as to how to set this parameter from the command line. Can you give a concrete example how to go about it? I'm trying the following:

helm upgrade -i azure-key-vault-controller spv-charts/azure-key-vault-controller --namespace akv2k8s --set keyVault.customAuth.enabled=true --set controller.podLabels.aadpodidbinding=myazureidhere

@torresdal
Copy link
Collaborator Author

@torresdal torresdal commented on 18d2293 Oct 1, 2020
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@foroozf001

First: The docs you're referring to is the akv2k8s helm chart, a Helm 3 chart containing both the controller and env-injector. This is the chart we recommend to use going forward (we still need to update some docs). However, the chart you're trying to install in your command is azure-key-vault-controller and has its docs here: https://github.com/SparebankenVest/public-helm-charts/tree/master/stable/azure-key-vault-controller . The values in these charts differ as in the akv2k8s chart you need to prefix with controller or env_injector respectively.

Secondly: There was an error in the chart. The custom labels were generated under selector.matchLabels instead of template.metadata.labels - this is now corrected in latest charts. The correct commands (using template locally for test here):

akv2k8s chart (env-injector disabled):

helm template akv2k8s stable/akv2k8s --set controller.keyVault.customAuth.enabled=true --set controller.podLabels.aadpodidbinding=test --set env_injector.enabled=false

or for the azure-key-vault-controller:

helm template azure-key-vault-controller stable/azure-key-vault-controller --set keyVault.customAuth.enabled=true --set podLabels.aadpodidbinding=test

@foroozf001
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks so much! @torresdal

Please sign in to comment.