Skip to content
This repository has been archived by the owner on Jul 26, 2022. It is now read-only.

Trigger from CloudWatch Events -> SNS topic or Lambda rather than polling #127

Closed
whereisaaron opened this issue Jul 19, 2019 · 9 comments
Closed

Trigger from CloudWatch Events -> SNS topic or Lambda rather than polling #127

whereisaaron opened this issue Jul 19, 2019 · 9 comments
Labels
enhancement New feature or request Stale

Comments

@whereisaaron
Copy link

Polling every external secret seems like a lot of unnecessary transactions.

SSM will tell you when a secret is updated via a CloudWatch Event. That event can either:

  1. Pass the event to an SNS topic, which kubernetes-external-secrets is subscribed to
  2. Pass the event to a Lambda function that could make a webhook call to a kubernetes-exernal-event endpoint.

kubernetes-external-secretswould still poll on start-up, and maybe once every hour or two, just in case.
@silasbw
Copy link
Contributor

silasbw commented Jul 23, 2019

This sounds great. We'd ❤️ a PR :)

@silasbw silasbw added the enhancement New feature or request label Jul 23, 2019
@cep21
Copy link
Contributor

cep21 commented Mar 18, 2020

Slightly related to this, is it possible to trigger refreshes on a webhook of the service? Then I could set my poll interval really high and do the SNS topic stuff out of band. (It's unclear if SNS subscription needs to be core to the project since a webhook is enough).

@Flydiverny
Copy link
Member

Currently no webhook available but I think it would make sense to add one in some way. Not sure how it should be specified tho.
Should it just be really basic and trigger a repoll of everything or should you specify the secret (KES resource) to trigger polling for that specific one

@cep21
Copy link
Contributor

cep21 commented Mar 18, 2020

Should it just be really basic and trigger a repoll of everything or should you specify the secret (KES resource) to trigger polling for that specific one

Either is fine. The best catch all solution would be a "refresh everything" webhook (also easiest to trigger since you just hit an endpoint and don't care about HTTP body formatting). Honestly secrets update so rarely that it would probably be just fine. It could later be extended to support specific secrets.

@cep21 cep21 mentioned this issue Apr 22, 2020
Closed
@github-actions
Copy link

This issue is stale because it has been open 90 days with no activity. Remove stale label or comment or this will be closed in 30 days.

@github-actions github-actions bot added the Stale label Jan 29, 2021
@cep21
Copy link
Contributor

cep21 commented Jan 29, 2021

/notstale

@Flydiverny Flydiverny removed the Stale label Jan 29, 2021
@github-actions
Copy link

This issue is stale because it has been open 90 days with no activity. Remove stale label or comment or this will be closed in 30 days.

@github-actions github-actions bot added the Stale label Apr 30, 2021
@cep21
Copy link
Contributor

cep21 commented Apr 30, 2021

Nostale

@Flydiverny
Copy link
Member

I don't think this is something we'll include in KES and I think it would be better to start a discussion and possible contribution in the go rewrite https://github.com/external-secrets/external-secrets

@cep21 cep21 mentioned this issue Apr 30, 2021
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement New feature or request Stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@cep21 @Flydiverny @whereisaaron @silasbw