search

1Password / kubernetes-secrets-injector

MIT License
53 stars 7 forks source link

Deployment requires annotation, not label, to trigger injection #33

Closed alexnederlof closed 1 year ago

alexnederlof commented 1 year ago

Your environment

Secret Injector Version: 1.0.1

1Password CLI Version:

What happened?

Injector said the pod did not need injection, while it does:

 I0530 20:06:17.573064       1 webhook.go:98] Pod  at namespace optest. Secret injection status:  Secret Injection Enabled:false

While it had the following meta data:

metadata:
      labels:
        app.kubernetes.io/name: tester
        operator.1password.io/inject: "exporter"

But it seems from the code, that it does not check the label (as the docs claim but it checks the label. So if you change it to:

metadata:
      labels:
        app.kubernetes.io/name: tester
        operator.1password.io/inject: "exporter"
      annotations:
        operator.1password.io/inject: "exporter"

It does work.

So either the code or the docs need updating I guess?

alexnederlof commented 1 year ago

Misread the docs, never mind!