diff --git a/deploy/deploy.yaml b/deploy/deploy.yaml index 5277868..29ae9d3 100644 --- a/deploy/deploy.yaml +++ b/deploy/deploy.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: minio-credential-injector - namespace: daaas + namespace: daaas-system labels: apps.kubernetes.io/name: minio-credential-injector --- @@ -10,7 +10,7 @@ apiVersion: cert-manager.io/v1alpha2 kind: Issuer metadata: name: minio-credential-injector-issuer - namespace: daaas + namespace: daaas-system labels: apps.kubernetes.io/name: minio-credential-injector spec: @@ -20,17 +20,17 @@ apiVersion: cert-manager.io/v1alpha2 kind: Certificate metadata: name: minio-credential-injector - namespace: daaas + namespace: daaas-system labels: apps.kubernetes.io/name: minio-credential-injector spec: secretName: minio-credential-injector-tls - commonName: "minio-credential-injector.daaas.svc.cluster.local" + commonName: "minio-credential-injector.daaas-system.svc.cluster.local" dnsNames: - minio-credential-injector - - minio-credential-injector.daaas - - minio-credential-injector.daaas.svc - - minio-credential-injector.daaas.svc.cluster + - minio-credential-injector.daaas-system + - minio-credential-injector.daaas-system.svc + - minio-credential-injector.daaas-system.svc.cluster isCA: true duration: 8760h issuerRef: @@ -41,7 +41,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: minio-credential-injector - namespace: daaas + namespace: daaas-system labels: apps.kubernetes.io/name: minio-credential-injector spec: @@ -56,11 +56,9 @@ spec: sidecar.istio.io/inject: 'false' spec: serviceAccountName: minio-credential-injector - imagePullSecrets: - - name: k8scc01covidacr-registry-connection containers: - name: minio-credential-injector - image: k8scc01covidacr.azurecr.io/minio-credential-injector:dd7e608149021e79ae97bac99f89dbaceb670e11 + image: k8scc01covidacr.azurecr.io/minio-credential-injector:06981fe1fd26258fb319943237bb2e1ed76b5181 resources: limits: memory: "128Mi" @@ -81,7 +79,7 @@ apiVersion: v1 kind: Service metadata: name: minio-credential-injector - namespace: daaas + namespace: daaas-system labels: apps.kubernetes.io/name: minio-credential-injector spec: @@ -96,7 +94,7 @@ apiVersion: admissionregistration.k8s.io/v1beta1 kind: MutatingWebhookConfiguration metadata: annotations: - cert-manager.io/inject-ca-from: daaas/minio-credential-injector + cert-manager.io/inject-ca-from: daaas-system/minio-credential-injector labels: apps.kubernetes.io/name: minio-credential-injector name: minio-credential-injector @@ -106,7 +104,7 @@ webhooks: clientConfig: service: name: minio-credential-injector - namespace: daaas + namespace: daaas-system path: /mutate port: 443 failurePolicy: Ignore diff --git a/mutate.go b/mutate.go index bc37dd9..bc4ae3b 100644 --- a/mutate.go +++ b/mutate.go @@ -50,7 +50,6 @@ func mutate(request v1beta1.AdmissionRequest) (v1beta1.AdmissionResponse, error) shouldInject = true } - if shouldInject { patch := v1beta1.PatchTypeJSONPatch response.PatchType = &patch @@ -80,114 +79,6 @@ func mutate(request v1beta1.AdmissionRequest) (v1beta1.AdmissionResponse, error) "value": roleName, }, - { - "op": "add", - "path": "/metadata/annotations/vault.hashicorp.com~1agent-inject-secret-minio-minimal-tenant1", - "value": "minio_minimal_tenant1/keys/" + roleName, - }, - - { - "op": "add", - "path": "/metadata/annotations/vault.hashicorp.com~1agent-inject-template-minio-minimal-tenant1", - "value": fmt.Sprintf(` -{{- with secret "minio_minimal_tenant1/keys/%s" }} -export MINIO_URL="http://minimal-tenant1-minio.minio:9000" -export MINIO_ACCESS_KEY="{{ .Data.accessKeyId }}" -export MINIO_SECRET_KEY="{{ .Data.secretAccessKey }}" -export AWS_ACCESS_KEY_ID="{{ .Data.accessKeyId }}" -export AWS_SECRET_ACCESS_KEY="{{ .Data.secretAccessKey }}" -{{- end }} - `, roleName), - }, - - { - "op": "add", - "path": "/metadata/annotations/vault.hashicorp.com~1agent-inject-secret-minio-minimal-tenant1.json", - "value": "minio_minimal_tenant1/keys/" + roleName, - }, - - { - "op": "add", - "path": "/metadata/annotations/vault.hashicorp.com~1agent-inject-template-minio-minimal-tenant1.json", - "value": fmt.Sprintf(` -{{- with secret "minio_minimal_tenant1/keys/%s" }} -{"MINIO_URL":"http://minimal-tenant1-minio.minio:9000","MINIO_ACCESS_KEY":"{{ .Data.accessKeyId }}","MINIO_SECRET_KEY":"{{ .Data.secretAccessKey }}","AWS_ACCESS_KEY_ID":"{{ .Data.accessKeyId }}","AWS_SECRET_ACCESS_KEY":"{{ .Data.secretAccessKey }}"} -{{- end }} - `, roleName), - }, - - { - "op": "add", - "path": "/metadata/annotations/vault.hashicorp.com~1agent-inject-secret-minio-pachyderm-tenant1", - "value": "minio_pachyderm_tenant1/keys/" + roleName, - }, - - { - "op": "add", - "path": "/metadata/annotations/vault.hashicorp.com~1agent-inject-template-minio-pachyderm-tenant1", - "value": fmt.Sprintf(` -{{- with secret "minio_pachyderm_tenant1/keys/%s" }} -export MINIO_URL="http://pachyderm-tenant1-minio.minio:9000" -export MINIO_ACCESS_KEY="{{ .Data.accessKeyId }}" -export MINIO_SECRET_KEY="{{ .Data.secretAccessKey }}" -export AWS_ACCESS_KEY_ID="{{ .Data.accessKeyId }}" -export AWS_SECRET_ACCESS_KEY="{{ .Data.secretAccessKey }}" -{{- end }} - `, roleName), - }, - - { - "op": "add", - "path": "/metadata/annotations/vault.hashicorp.com~1agent-inject-secret-minio-pachyderm-tenant1.json", - "value": "minio_pachyderm_tenant1/keys/" + roleName, - }, - - { - "op": "add", - "path": "/metadata/annotations/vault.hashicorp.com~1agent-inject-template-minio-pachyderm-tenant1.json", - "value": fmt.Sprintf(` -{{- with secret "minio_pachyderm_tenant1/keys/%s" }} -{"MINIO_URL":"http://pachyderm-tenant1-minio.minio:9000","MINIO_ACCESS_KEY":"{{ .Data.accessKeyId }}","MINIO_SECRET_KEY":"{{ .Data.secretAccessKey }}","AWS_ACCESS_KEY_ID":"{{ .Data.accessKeyId }}","AWS_SECRET_ACCESS_KEY":"{{ .Data.secretAccessKey }}"} -{{- end }} - `, roleName), - }, - - { - "op": "add", - "path": "/metadata/annotations/vault.hashicorp.com~1agent-inject-secret-minio-premium-tenant1", - "value": "minio_premium_tenant1/keys/" + roleName, - }, - - { - "op": "add", - "path": "/metadata/annotations/vault.hashicorp.com~1agent-inject-template-minio-premium-tenant1", - "value": fmt.Sprintf(` -{{- with secret "minio_premium_tenant1/keys/%s" }} -export MINIO_URL="http://premium-tenant1-minio.minio:9000" -export MINIO_ACCESS_KEY="{{ .Data.accessKeyId }}" -export MINIO_SECRET_KEY="{{ .Data.secretAccessKey }}" -export AWS_ACCESS_KEY_ID="{{ .Data.accessKeyId }}" -export AWS_SECRET_ACCESS_KEY="{{ .Data.secretAccessKey }}" -{{- end }} - `, roleName), - }, - - { - "op": "add", - "path": "/metadata/annotations/vault.hashicorp.com~1agent-inject-secret-minio-premium-tenant1.json", - "value": "minio_premium_tenant1/keys/" + roleName, - }, - - { - "op": "add", - "path": "/metadata/annotations/vault.hashicorp.com~1agent-inject-template-minio-premium-tenant1.json", - "value": fmt.Sprintf(` -{{- with secret "minio_premium_tenant1/keys/%s" }} -{"MINIO_URL":"http://premium-tenant1-minio.minio:9000","MINIO_ACCESS_KEY":"{{ .Data.accessKeyId }}","MINIO_SECRET_KEY":"{{ .Data.secretAccessKey }}","AWS_ACCESS_KEY_ID":"{{ .Data.accessKeyId }}","AWS_SECRET_ACCESS_KEY":"{{ .Data.secretAccessKey }}"} -{{- end }} - `, roleName), - }, - { "op": "add", "path": "/metadata/annotations/vault.hashicorp.com~1agent-inject-secret-minio-premium-tenant-1", @@ -199,7 +90,7 @@ export AWS_SECRET_ACCESS_KEY="{{ .Data.secretAccessKey }}" "path": "/metadata/annotations/vault.hashicorp.com~1agent-inject-template-minio-premium-tenant-1", "value": fmt.Sprintf(` {{- with secret "minio_premium_tenant_1/keys/%s" }} - export MINIO_URL="http://minio.minio-premium-tenant-1" + export MINIO_URL="https://minio-premium-tenant-1.covid.cloud.statcan.ca" export MINIO_ACCESS_KEY="{{ .Data.accessKeyId }}" export MINIO_SECRET_KEY="{{ .Data.secretAccessKey }}" export AWS_ACCESS_KEY_ID="{{ .Data.accessKeyId }}" @@ -219,7 +110,7 @@ export AWS_SECRET_ACCESS_KEY="{{ .Data.secretAccessKey }}" "path": "/metadata/annotations/vault.hashicorp.com~1agent-inject-template-minio-premium-tenant-1.json", "value": fmt.Sprintf(` {{- with secret "minio_premium_tenant_1/keys/%s" }} - {"MINIO_URL":"http://minio.minio-premium-tenant-1","MINIO_ACCESS_KEY":"{{ .Data.accessKeyId }}","MINIO_SECRET_KEY":"{{ .Data.secretAccessKey }}","AWS_ACCESS_KEY_ID":"{{ .Data.accessKeyId }}","AWS_SECRET_ACCESS_KEY":"{{ .Data.secretAccessKey }}"} + {"MINIO_URL":"https://minio-premium-tenant-1.covid.cloud.statcan.ca","MINIO_ACCESS_KEY":"{{ .Data.accessKeyId }}","MINIO_SECRET_KEY":"{{ .Data.secretAccessKey }}","AWS_ACCESS_KEY_ID":"{{ .Data.accessKeyId }}","AWS_SECRET_ACCESS_KEY":"{{ .Data.secretAccessKey }}"} {{- end }} `, roleName), }, @@ -235,7 +126,7 @@ export AWS_SECRET_ACCESS_KEY="{{ .Data.secretAccessKey }}" "path": "/metadata/annotations/vault.hashicorp.com~1agent-inject-template-minio-standard-tenant-1", "value": fmt.Sprintf(` {{- with secret "minio_standard_tenant_1/keys/%s" }} - export MINIO_URL="http://minio.minio-standard-tenant-1" + export MINIO_URL="https://minio-standard-tenant-1.covid.cloud.statcan.ca" export MINIO_ACCESS_KEY="{{ .Data.accessKeyId }}" export MINIO_SECRET_KEY="{{ .Data.secretAccessKey }}" export AWS_ACCESS_KEY_ID="{{ .Data.accessKeyId }}" @@ -255,7 +146,7 @@ export AWS_SECRET_ACCESS_KEY="{{ .Data.secretAccessKey }}" "path": "/metadata/annotations/vault.hashicorp.com~1agent-inject-template-minio-standard-tenant-1.json", "value": fmt.Sprintf(` {{- with secret "minio_standard_tenant_1/keys/%s" }} - {"MINIO_URL":"http://minio.minio-standard-tenant-1","MINIO_ACCESS_KEY":"{{ .Data.accessKeyId }}","MINIO_SECRET_KEY":"{{ .Data.secretAccessKey }}","AWS_ACCESS_KEY_ID":"{{ .Data.accessKeyId }}","AWS_SECRET_ACCESS_KEY":"{{ .Data.secretAccessKey }}"} + {"MINIO_URL":"https://minio-standard-tenant-1.covid.cloud.statcan.ca","MINIO_ACCESS_KEY":"{{ .Data.accessKeyId }}","MINIO_SECRET_KEY":"{{ .Data.secretAccessKey }}","AWS_ACCESS_KEY_ID":"{{ .Data.accessKeyId }}","AWS_SECRET_ACCESS_KEY":"{{ .Data.secretAccessKey }}"} {{- end }} `, roleName), },