search

cyberark / secrets-provider-for-k8s

Cyberark secrets provider for k8s
Apache License 2.0
26 stars 11 forks source link

retryCountLimit not evaluated in helm deployment #530

Open derTille opened 1 year ago

derTille commented 1 year ago

Summary

When using the secret provider helm chart, values for retryCountLimit and retryIntervalSec are set but only retryCountLimit is evaluated correctly and written to ENV.

We are using terraform with helm provider.

  set {
    name  = "environment.conjur.retryCountLimit"
    value = 10
  }

  set {
    name  = "environment.conjur.retryIntervalSec"
    value = 5
  }

I suspect that this is not being evaluated correctly

{{- if kindIs "float64" .Values.environment.conjur.retryCountLimit }}
        - name: RETRY_COUNT_LIMIT
          value: {{ .Values.environment.conjur.retryCountLimit | quote }}
        {{- end }}

https://github.com/cyberark/secrets-provider-for-k8s/blob/main/helm/secrets-provider/templates/secrets-provider.yaml

Steps to Reproduce

  1. Use TF provider hashicorp/helm versions matching ">= 2.1.0"
  2. Set values for retryCountLimit and retryIntervalSec as specified above
  3. Make sure a retry is triggered during deployment by changing the URL in the conjur-connect cm temporarily
  4. Check the resulting pod in Kubernetes (in our case GKE 1.25)

Expected Results

There are 10 retries with 5 second delay between retries.

Actual Results

There are 5 retries (default) with 5 seconds delay in between

Reproducible

Version/Tag number

Conjur V13.0 secrets-provider-for-k8s:1.5.0

Environment setup

GKE with K8S v1.25 Terraform with helm provider >= 2.1.0

Additional Information

n/a