Skip to content

controller: adds secret watcher to trigger extproc config updates#219

Merged
mathetake merged 3 commits intomainfrom
secretwatcher
Jan 29, 2025
Merged

controller: adds secret watcher to trigger extproc config updates#219
mathetake merged 3 commits intomainfrom
secretwatcher

Conversation

@mathetake
Copy link
Copy Markdown
Member

@mathetake mathetake commented Jan 29, 2025
edited
Loading

Commit Message:

This adds a secret watcher controller that enables the
hot reload of any secret referenced by backendTrafficPolicy.

Related Issues/PRs (if applicable):

Follow up on #43 #106 #161
Supersede #185

mathetake
mathetake commented Jan 29, 2025
View reviewed changes
internal/controller/controller.go
if awsCreds.CredentialsFile != nil {
key = getSecretNameAndNamespace(awsCreds.CredentialsFile.SecretRef, backendSecurityPolicy.Namespace)
}
// TODO: OIDC.
Copy link
Copy Markdown
Member Author

@mathetake mathetake Jan 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@aabchoo TODO left to you here!

Copy link
Copy Markdown
Contributor

@aabchoo aabchoo Jan 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the heads up!

@mathetake
comments
61120c2 
Signed-off-by: Takeshi Yoneda <[email protected]>
@mathetake mathetake marked this pull request as ready for review January 29, 2025 18:41
@mathetake mathetake requested a review from a team as a code owner January 29, 2025 18:41
@mathetake
Copy link
Copy Markdown
Member Author

mathetake commented Jan 29, 2025

this is a core code addition but i want to unblock Aaron and the doc change (left as TODO in #214) relying on this, so i am merging. Anyone feel free to leave comments even after the merge...

@mathetake mathetake merged commit a3b6aa6 into main Jan 29, 2025
@mathetake mathetake deleted the secretwatcher branch January 29, 2025 18:44
@mathetake
Copy link
Copy Markdown
Member Author

mathetake commented Jan 29, 2025

i am adding an e2e test for this now... maybe there's some bug

@mathetake mathetake mentioned this pull request Jan 29, 2025
Merged
mathetake added a commit that referenced this pull request Jan 29, 2025
@mathetake
controller: annotate extproc pods with uuid for faster refresh (#224)
3f99932 
**Commit Message**:

Without triggering pods into the reconcile loop of k8s server,
the config map updates will take a few minutes to be picked up
and reflected on the actual file of the pod [^1].

This commit changes the config sink so that it will add the config
uuid to the extproc pods annotations.

[^1]:
https://neonmirrors.net/post/2022-12/reducing-pod-volume-update-times/


**Related Issues/PRs (if applicable)**:

Follow up on #219

---------

Signed-off-by: Takeshi Yoneda <[email protected]>
@mathetake mathetake mentioned this pull request Jan 29, 2025
Merged
mathetake added a commit that referenced this pull request Jan 29, 2025
@mathetake
docs: removes the instruction to restart extproc (#227)
23c93ee 
**Commit Message**:

This was necessary before #219 and #224 landed
the main branch. Now the secret updates will be 
automatically picked up by the extproc without restarts.
This behavior is already being tested in an e2e test.

Signed-off-by: Takeshi Yoneda <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aabchoo aabchoo aabchoo left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mathetake @aabchoo