-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[refresh-credential] rotate the AWS ECR credential by schedule #15313
Changes from 1 commit
db80e26
4762c65
101469b
42c5372
8c15093
2f7ebf9
3ebe4f9
329f631
d0d0cb4
fe1542d
ae4f39d
397b18d
c09d2f9
7aedf1c
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
According to Kubernetes doc, a container using a Secret as a subPath volume mount will not receive Secret updates. Signed-off-by: JenTing Hsiao <hsiaoairplane@gmail.com>
- Loading branch information
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -81,6 +81,7 @@ func deployment(ctx *common.RenderContext) ([]runtime.Object, error) { | |
VolumeSource: corev1.VolumeSource{ | ||
Secret: &corev1.SecretVolumeSource{ | ||
SecretName: secretName, | ||
Items: []corev1.KeyToPath{{Key: ".dockerconfigjson", Path: "pull-secret.json"}}, | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. nit: Is There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. The name is |
||
}, | ||
}, | ||
}, | ||
|
@@ -100,8 +101,7 @@ func deployment(ctx *common.RenderContext) ([]runtime.Object, error) { | |
}, | ||
{ | ||
Name: "pull-secret", | ||
MountPath: PullSecretFile, | ||
SubPath: ".dockerconfigjson", | ||
MountPath: "/config/pull-secret", | ||
}, | ||
} | ||
if vol, mnt, _, ok := common.CustomCACertVolume(ctx); ok { | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I forget, but, nesting the secret within a sub-directory was necessary, so that we can watch it for changes, right?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You're right 💯
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
FYR https://kubernetes.io/docs/concepts/configuration/secret/#:~:text=A%20container%20using%20a%20Secret%20as%20a%20subPath%20volume%20mount%20does%20not%20receive%20automated%20Secret%20updates