search

1Password / kubernetes-secrets-injector

MIT License
53 stars 7 forks source link

Fix/22/volume mounts override #24

Closed volodymyrZotov closed 1 year ago

volodymyrZotov commented 1 year ago

Resolves #22

This PR fixes the issue with overriding volumeMounts for containers which are used op-cli to inject secrets.

Instead of applying only op volumeMount to the mutated container, it appends it to the existing volumeMounts.

Test steps:

  1. Deploy injector, connect and you application pod (make sure application pod has mounted volumes for example redis. You can grab the app pod spec from the issue description
  2. Verify that the secrets are injected into you application pod successfully (if you used the pod spec from the issue description just run kubectl logs app-example-podname --namespace <namespace> the logs should print <Concealed by 1Password>).
  3. Run kubectl describe pod <pod-name> --namespace <namespace> and check Mounts section. It should contain op mount along with redis. Something like 
    Mounts:
  /etc/redis from redis (rw)
  /op/bin/ from op-bin (ro)
  /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-nmcmv (ro)

    Note that before that fix, there were no redis entry in the Mounts.

volodymyrZotov commented 1 year ago

@edif2008 I added steps to verify the fix in the PR description.

edif2008 commented 1 year ago

Performed functional testing and it does fix the bug 🎉