Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[vault-secrets-webhook] use kubernetes Server-Side Apply (SSA) and set a FieldManager on inline-mutated fields #346

Open
jkirkham-ratehub opened this issue May 18, 2022 · 2 comments
Open

[vault-secrets-webhook] use kubernetes Server-Side Apply (SSA) and set a FieldManager on inline-mutated fields #346

jkirkham-ratehub opened this issue May 18, 2022 · 2 comments
Labels
kind/enhancement Categorizes issue or PR as related to an improvement.

Comments

@jkirkham-ratehub
Copy link

Is your feature request related to a problem? Please describe.

When using ArgoCD (or similar) GitOps deployment tools, a lot of extra work needs to be done to set ignoreRules for each mutated resource (in particular inline mutated Secrets). Without the ignoreRules set on mutated fields ArgoCD will have issue syncing the resource since both it and VSWH are trying to modify it.
If instead SSA was used, a custom FieldManager could be set on mutated fields. This would make it easier for ArgoCD to automatically detect changes "externally" managed by VSWH.

Describe the solution you'd like

Use kubernetes SSA and set the FieldManager to something like vault-secrets-webhook for mutated fields. There is a simple example described here.

Describe alternatives you've considered

The alternative is to manually manage ignoreRules for each mutated field in resources mutated by VSWH.

Additional context

Note that this does not affect Deployment (or similar application resources). ArgoCd manages the Deployment resource, but not the actual Pod resources so when they are created and mutated by VSWH there are no sync issues. This likely only applies to resources that are modified with "inline mutation".
SSA is GA (considered "stable") in kubernetes 1.22 and later.
@github-actions github-actions bot added the lifecycle/stale Denotes an issue or PR that has become stale and will be auto-closed. label Feb 18, 2024
@akijakya akijakya transferred this issue from bank-vaults/bank-vaults Feb 20, 2024
@akijakya akijakya removed the lifecycle/stale Denotes an issue or PR that has become stale and will be auto-closed. label Feb 20, 2024
@github-actions github-actions bot added the lifecycle/stale Denotes an issue or PR that has become stale and will be auto-closed. label Apr 21, 2024
@csatib02 csatib02 removed the lifecycle/stale Denotes an issue or PR that has become stale and will be auto-closed. label Apr 21, 2024
@github-actions github-actions bot added the lifecycle/stale Denotes an issue or PR that has become stale and will be auto-closed. label Jun 23, 2024
@bank-vaults bank-vaults deleted a comment from github-actions bot Jun 23, 2024
@bank-vaults bank-vaults deleted a comment from github-actions bot Jun 23, 2024
@csatib02 csatib02 added the kind/enhancement Categorizes issue or PR as related to an improvement. label Jun 23, 2024
@github-actions github-actions bot removed the lifecycle/stale Denotes an issue or PR that has become stale and will be auto-closed. label Jun 30, 2024
@github-actions github-actions bot added the lifecycle/stale Denotes an issue or PR that has become stale and will be auto-closed. label Sep 1, 2024
@bank-vaults bank-vaults deleted a comment from github-actions bot Sep 1, 2024
@github-actions github-actions bot removed the lifecycle/stale Denotes an issue or PR that has become stale and will be auto-closed. label Sep 8, 2024
@thekoma
Copy link

thekoma commented Sep 10, 2024

any update on that?

@github-actions github-actions bot added the lifecycle/stale Denotes an issue or PR that has become stale and will be auto-closed. label Nov 10, 2024
@thekoma
Copy link

thekoma commented Nov 10, 2024

/unstale

@csatib02 csatib02 removed the lifecycle/stale Denotes an issue or PR that has become stale and will be auto-closed. label Nov 10, 2024
@bank-vaults bank-vaults deleted a comment from github-actions bot Nov 10, 2024
@bank-vaults bank-vaults deleted a comment from github-actions bot Nov 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/enhancement Categorizes issue or PR as related to an improvement.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@thekoma @akijakya @jkirkham-ratehub @csatib02