You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Nov 28, 2022. It is now read-only.
Description
I have a custom annotation on the pod template of a deployment that utilizes the Talend Vault sidecar injector. When using the sidecar annotations to inject static secrets as environment variables, the pod loses the custom annotation.
Reproduction
Create a basic deployment with Vault sidecar injection enabled from static secrets using the environment variable (env) injection method and a custom, unrelated annotation on the pod template metadata. The unrelated annotation will not exist on the pod. Switch the sidecar.vault.talend.org/inject annotation to false and redeploy and the resultant pod will have the unrelated annotation.
Expected Behavior
I would expect unrelated annotations to be preserved on the pod.
Environment:
Kubernetes
cluster: EKS
v1.20
Vault Sidecar Injector
version: 7.2.1
chart version: 4.3.1
Logs of Vault Sidecar Injector pod(s)
I'm assuming this is due to the MutatingWebhook, as it seems the patch operation might be replacing all annotations from this line I found in the logs of the Vault sidecar injector:
This type of patch operation removes all annotations and adds in just the one specified. I'd recommend changing it to one that just adds the single annotation you're interested in:
Description
I have a custom annotation on the pod template of a deployment that utilizes the Talend Vault sidecar injector. When using the sidecar annotations to inject static secrets as environment variables, the pod loses the custom annotation.
Reproduction
Create a basic deployment with Vault sidecar injection enabled from static secrets using the environment variable (
env
) injection method and a custom, unrelated annotation on the pod template metadata. The unrelated annotation will not exist on the pod. Switch thesidecar.vault.talend.org/inject
annotation tofalse
and redeploy and the resultant pod will have the unrelated annotation.Expected Behavior
I would expect unrelated annotations to be preserved on the pod.
Environment:
Logs of Vault Sidecar Injector pod(s)
I'm assuming this is due to the MutatingWebhook, as it seems the patch operation might be replacing all annotations from this line I found in the logs of the Vault sidecar injector:
{"op":"add","path":"/metadata/annotations","value":{"sidecar.vault.talend.org/status":"injected"}}
This type of patch operation removes all annotations and adds in just the one specified. I'd recommend changing it to one that just adds the single annotation you're interested in:
{"op":"add","path":"/metadata/annotations/sidecar.vault.talend.org~1status","value":"injected"}
The text was updated successfully, but these errors were encountered: