wait for reconfigure

[saksmt]

Preflight Checklist

• [X] I have searched the issue tracker for an issue that matches the one I want to file, without success.
• [X] I agree to follow the Code of Conduct.

Problem Description

Currently there is no way to know if config-map for vault (the one with vault_cr) is applied, so there is no way to programmatically wait for it to apply (other than probably polling vault for required changes to be present)

Proposed Solution

Add a label or annotation to already applied config maps after vault-configurer is done with them. Would also be nice to have errors present there instead of configurer logs if feasible.

Alternatives Considered

Full-blown CRD for dynamic vault configuration with proper lifecycle in events instead of labeled (hardcodedly so) config maps.

Additional Information

Example:

For example we want to create secret store and then add some app depending on it to be present

vault-secrets.yaml

apiVersion: v1
kind: ConfigMap
metadata:
  labels:
    app.kubernetes.io/name: vault-configurator
    vault_cr: vault
  name: platform-kv-secrets
  namespace: security-vault
data:
  vault-config.yml: |
    secrets:
      - type: kv
        options:
          version: "2"
        path: platform/secrets

something.yaml

apiVersion: v1
kind: ...

auto-apply.sh

# this may be somewhere in CI or something

kubectl apply -f vault-secrets.yaml

kubectl wait ???

kubectl apply -f something.yaml

This may not seem like very critical issue, that is until content of something is a one-shot job, for example to populate newly created secret engine in atomic and idempotent way (CAS and all)

[github-actions[bot]]

Thank you for your contribution! This issue has been automatically marked as stale because it has no recent activity in the last 60 days. It will be closed in 20 days, if no further activity occurs. If this issue is still relevant, please leave a comment to let us know, and the stale label will be automatically removed.