search

hashicorp / consul-template

Template rendering, notifier, and supervisor for @HashiCorp Consul and Vault data.
https://www.hashicorp.com/
Mozilla Public License 2.0
4.76k stars 781 forks source link

Vault can not re-render template when configmap updated in K8s #1401

Open woosley opened 4 years ago

woosley commented 4 years ago

This is a reference ticket to https://github.com/hashicorp/vault/issues/8620

Consul Template version

Vault 1.2 is being used

Configuration

vault-agent-config.hcl: |2

    pid_file = "/home/vault/pidfile"
    log_level = "Debug"

    auto_auth {
        method "kubernetes" {
            mount_path = "auth/kubernetes/shared/qa/"
            config = {
                role = "shared-qa-qa-paas-sre-default"
            }
        }

        sink "file" {
            config = {
                path = "/home/vault/.vault-token"
            }
        }
    }
    template {
        destination = "/etc/secrets/settings.json"
        source = "/etc/template-files/settings.json"
    }

Expected Behavior

updated configmap template can be re-rendered by vault

Debug output

image

however, highlighted line is not removed.

image

eikenb commented 4 years ago

Thanks @woosley for reporting this issue.

I'm currently in the process of rewriting the core of consul-template as a proper library that should make this easier to address as it will give more control over the flow to the application vs. the current all-in-one implementation (consul-template was an application that got hacked/converted into a library after the fact and it has issues).

aeb-dev commented 1 year ago

Is there any progress on this?