-
Notifications
You must be signed in to change notification settings - Fork 175
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
patch pod spec even if it's already been patched #62
Conversation
before, the updatePodSpec function would return immediately if it detected that the aws-iam-token volume was already present. This patch modifies the behavior so that the function continues to inject environment variables and volume mounts as needed. Specifically, the behavior of injecting env vars, volume mounts, and volumes is now: 1. For each env var in "AWS_ROLE_ARN, AWS_WEB_IDENTITY_TOKEN_FILE, AWS_REGION, AWS_DEFAULT_REGION", inject if not already present in container spec 2. Inject volume mount if not already present in container spec 3. Inject volume if not already present in pod spec
@micahhausler I think folks who want to adopt pod-identity-webhook and use the sidecar pattern will find this useful. Could someone take a look? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think the test needs to be improved a bit to better test what this patch is doing. Otherwise looks good to me.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also added a test that initContainer
's get modified as well
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, thank you!
Hi guys, i think i'm hitting this issue in our EKS cluster, how do we know if this fix is in our EKS cluster? I couldn't find any information on releases. thanks |
Before, the updatePodSpec function would return immediately if it detected that the
aws-iam-token volume was already present.
This patch modifies the behavior so that the function continues to
inject environment variables and volume mounts as needed.
Specifically, the behavior of injecting env vars, volume mounts, and
volumes is now:
For each env var in "AWS_ROLE_ARN, AWS_WEB_IDENTITY_TOKEN_FILE,
AWS_REGION, AWS_DEFAULT_REGION", inject if not already present in
container spec
Inject volume mount if not already present in container spec
Inject volume if not already present in pod spec
Fixes #61