Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

controller: adds secret watcher to trigger extproc config updates #219

Merged
merged 3 commits into from
Jan 29, 2025
Merged

controller: adds secret watcher to trigger extproc config updates #219

merged 3 commits into from
Jan 29, 2025

Conversation

mathetake
Copy link
Member

@mathetake mathetake commented Jan 29, 2025
edited
Loading

Commit Message:

This adds a secret watcher controller that enables the
hot reload of any secret referenced by backendTrafficPolicy.

Related Issues/PRs (if applicable):

Follow up on #43 #106 #161
Supersede #185

@mathetake
feat: adds secret watcher to trigger extproc config updates
c192b64 
Signed-off-by: Takeshi Yoneda <t.y.mathetake@gmail.com>
@mathetake
comments
c90d759 
Signed-off-by: Takeshi Yoneda <t.y.mathetake@gmail.com>
mathetake
mathetake commented Jan 29, 2025
View reviewed changes
internal/controller/controller.go
if awsCreds.CredentialsFile != nil {
key = getSecretNameAndNamespace(awsCreds.CredentialsFile.SecretRef, backendSecurityPolicy.Namespace)
}
// TODO: OIDC.
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@aabchoo TODO left to you here!

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the heads up!

@mathetake
comments
61120c2 
Signed-off-by: Takeshi Yoneda <t.y.mathetake@gmail.com>
@mathetake mathetake marked this pull request as ready for review January 29, 2025 18:41
@mathetake mathetake requested a review from a team as a code owner January 29, 2025 18:41
@mathetake
Copy link
Member Author

this is a core code addition but i want to unblock Aaron and the doc change (left as TODO in #214) relying on this, so i am merging. Anyone feel free to leave comments even after the merge...

@mathetake mathetake merged commit a3b6aa6 into main Jan 29, 2025
18 checks passed
@mathetake mathetake deleted the secretwatcher branch January 29, 2025 18:44
@mathetake
Copy link
Member Author

i am adding an e2e test for this now... maybe there's some bug

@mathetake mathetake mentioned this pull request Jan 29, 2025
Merged
mathetake added a commit that referenced this pull request Jan 29, 2025
@mathetake
controller: annotate extproc pods with uuid for faster refresh (#224)
3f99932 
**Commit Message**:

Without triggering pods into the reconcile loop of k8s server,
the config map updates will take a few minutes to be picked up
and reflected on the actual file of the pod [^1].

This commit changes the config sink so that it will add the config
uuid to the extproc pods annotations.

[^1]:
https://neonmirrors.net/post/2022-12/reducing-pod-volume-update-times/


**Related Issues/PRs (if applicable)**:

Follow up on #219

---------

Signed-off-by: Takeshi Yoneda <t.y.mathetake@gmail.com>
@mathetake mathetake mentioned this pull request Jan 29, 2025
Merged
mathetake added a commit that referenced this pull request Jan 29, 2025
@mathetake
docs: removes the instruction to restart extproc (#227)
23c93ee 
**Commit Message**:

This was necessary before #219 and #224 landed
the main branch. Now the secret updates will be 
automatically picked up by the extproc without restarts.
This behavior is already being tested in an e2e test.

Signed-off-by: Takeshi Yoneda <t.y.mathetake@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aabchoo aabchoo aabchoo left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mathetake @aabchoo