Skip to content

Commit c4fac0c

Browse files
181192181192
authored
Merge pull request #437 from waterfoul/master
Authentication service secret efficiency change
2 parents 4c77638 + 430c75f commit c4fac0c

File tree

1 file changed

+17
-14
lines changed
  • cmd/azure-keyvault-secrets-webhook

1 file changed

+17
-14
lines changed

cmd/azure-keyvault-secrets-webhook/pod.go

+17-14
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,8 @@ import (
2222
"encoding/base64"
2323
"fmt"
2424
"io/ioutil"
25+
"k8s.io/apimachinery/pkg/api/errors"
26+
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
2527
"os"
2628
"path/filepath"
2729
"strconv"
@@ -31,8 +33,6 @@ import (
3133
"github.com/SparebankenVest/azure-key-vault-to-kubernetes/pkg/docker/registry"
3234
"github.com/spf13/viper"
3335
corev1 "k8s.io/api/core/v1"
34-
"k8s.io/apimachinery/pkg/api/errors"
35-
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
3636
"k8s.io/apimachinery/pkg/types"
3737
"k8s.io/client-go/kubernetes"
3838
"k8s.io/klog/v2"
@@ -201,18 +201,6 @@ func (p podWebHook) mutateContainers(ctx context.Context, containers []corev1.Co
201201
}...)
202202

203203
if useAuthService {
204-
_, err := p.clientset.CoreV1().Secrets(p.namespace).Create(context.TODO(), authServiceSecret, metav1.CreateOptions{})
205-
if err != nil {
206-
if errors.IsAlreadyExists(err) {
207-
_, err = p.clientset.CoreV1().Secrets(p.namespace).Update(context.TODO(), authServiceSecret, metav1.UpdateOptions{})
208-
if err != nil {
209-
return false, err
210-
}
211-
} else {
212-
return false, err
213-
}
214-
}
215-
216204
container.VolumeMounts = append(container.VolumeMounts, []corev1.VolumeMount{
217205
{
218206
Name: authSecretVolumeName,
@@ -289,6 +277,21 @@ func (p podWebHook) mutatePodSpec(ctx context.Context, pod *corev1.Pod) error {
289277
}
290278
}
291279

280+
if p.useAuthService && (len(podSpec.InitContainers) > 0 || len(podSpec.Containers) > 0) {
281+
klog.InfoS("create authentication service secret", klog.KRef(p.namespace, pod.Name))
282+
_, err := p.clientset.CoreV1().Secrets(p.namespace).Create(context.TODO(), authServiceSecret, metav1.CreateOptions{})
283+
if err != nil {
284+
if errors.IsAlreadyExists(err) {
285+
_, err = p.clientset.CoreV1().Secrets(p.namespace).Update(context.TODO(), authServiceSecret, metav1.UpdateOptions{})
286+
if err != nil {
287+
return err
288+
}
289+
} else {
290+
return err
291+
}
292+
}
293+
}
294+
292295
klog.InfoS("mutate init-containers", klog.KRef(p.namespace, pod.Name))
293296
initContainersMutated, err := p.mutateContainers(ctx, podSpec.InitContainers, podSpec, authServiceSecret)
294297
if err != nil {

0 commit comments

Comments
 (0)