Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make the medium for the vault-env volume configurable #403

Open
2 tasks done
carsonoid opened this issue Apr 22, 2024 · 1 comment
Open
2 tasks done

Make the medium for the vault-env volume configurable #403

carsonoid opened this issue Apr 22, 2024 · 1 comment
Labels
good first issue Good for newcomers kind/enhancement Categorizes issue or PR as related to an improvement. lifecycle/keep Denotes an issue or PR that should be preserved from going stale. triage/accepted Indicates an issue or PR is ready to be actively worked on.

Comments

@carsonoid
Copy link

Preflight Checklist

  • I have searched the issue tracker for an issue that matches the one I want to file, without success.
  • I agree to follow the Code of Conduct.

Problem Description

The medium for the vault-env volume is currently hard-coded to be Memory. This seems to have always been the case for the webhook.

Using Memory as the medium means that the ~26mb for the vault-env binary counts against the container memory limit. I can't see a reason for this as the default over a normal emptyDir.

This may not seem like much but if you have a node maxed out at 110 pods and each of them is using a tempfs backed volume for vault-env then that is 2,860 mb of ram being used that could have easily been on disk with no real performance or stability impact that I am aware of.

Proposed Solution

  1. A top-level configuration that tells the webhook to not set medium: Memory for a by default.
  2. A per-pod annotation that tells the webhook to not set medium: Memory for a specific pod.

Alternatives Considered

No response

Additional Information

No response
@carsonoid carsonoid added the kind/enhancement Categorizes issue or PR as related to an improvement. label Apr 22, 2024
@github-actions github-actions bot added the lifecycle/stale Denotes an issue or PR that has become stale and will be auto-closed. label Jun 23, 2024
@bank-vaults bank-vaults deleted a comment from github-actions bot Jun 23, 2024
@csatib02 csatib02 removed the lifecycle/stale Denotes an issue or PR that has become stale and will be auto-closed. label Jun 23, 2024
@csatib02
Copy link
Member

Hey @carsonoid,

This looks like a straightforward and beneficial enhancement. If someone is planning to work on it, please ensure the changes are added to our new webhook repository: https://github.com/bank-vaults/secrets-webhook.

@github-actions github-actions bot added the lifecycle/stale Denotes an issue or PR that has become stale and will be auto-closed. label Aug 25, 2024
@bank-vaults bank-vaults deleted a comment from github-actions bot Aug 25, 2024
@csatib02 csatib02 added good first issue Good for newcomers area/provider/vault and removed lifecycle/stale Denotes an issue or PR that has become stale and will be auto-closed. area/provider/vault labels Aug 25, 2024
@github-actions github-actions bot added the lifecycle/stale Denotes an issue or PR that has become stale and will be auto-closed. label Oct 27, 2024
@bank-vaults bank-vaults deleted a comment from github-actions bot Oct 27, 2024
@csatib02 csatib02 added lifecycle/keep Denotes an issue or PR that should be preserved from going stale. triage/accepted Indicates an issue or PR is ready to be actively worked on. and removed lifecycle/stale Denotes an issue or PR that has become stale and will be auto-closed. labels Oct 27, 2024
@csatib02 csatib02 moved this from 🆕 New to 🔖 Ready for work in Project backlog Oct 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
good first issue Good for newcomers kind/enhancement Categorizes issue or PR as related to an improvement. lifecycle/keep Denotes an issue or PR that should be preserved from going stale. triage/accepted Indicates an issue or PR is ready to be actively worked on.
Projects
Project backlog
Status: 🔖 Ready for work
Milestone
No milestone
Development

No branches or pull requests
2 participants
@carsonoid @csatib02