Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support env in CredentialProviderConfig #2602

Closed
samjo-nyang opened this issue Nov 22, 2022 · 1 comment · Fixed by #2934
Closed

Support env in CredentialProviderConfig #2602

samjo-nyang opened this issue Nov 22, 2022 · 1 comment · Fixed by #2934
Assignees
@stmcginnis
Labels
area/settings Issues related to our settings handling status/in-progress This issue is currently being worked on type/enhancement New feature or request

Comments

@samjo-nyang
Copy link
Contributor

What I'd like:
Hi, I'd like to add some custom environment variables to the credential provider config, such as

[settings.kubernetes.credential-providers.samjo-credential-provider]
enabled = true
cache-duration = "30m"
image-patterns = ["samjo.private.registry"]

[settings.kubernetes.credential-providers.samjo-credential-provider.env]
my-env = "1"

and it transforms into the following.

apiVersion: kubelet.config.k8s.io/v1alpha1
kind: CredentialProviderConfig
providers:
  - name: samjo-credential-provider
    matchImages:
      - "samjo.private.registry"
    defaultCacheDuration: "30m"
    apiVersion: credentialprovider.kubelet.k8s.io/v1alpha1
    env:
      - name: MY_ENV
        value: "1"

Also, I have a question of the following line - how does this work?
https://github.com/bottlerocket-os/bottlerocket/blame/develop/packages/kubernetes-1.24/credential-provider-config-yaml#L18

Since the line is in the "#each" context on line 5, should it be ../settings.aws.profile?

Any alternatives you've considered: (nothing)
@stmcginnis
Copy link
Contributor

stmcginnis commented Nov 22, 2022
edited
Loading

Regarding this part:

Also, I have a question of the following line - how does this work?

These don't end up being relative references, but are actually resolved to objects. So inside an #each block you can refer to the currently iterating item using this, but you can also refer to specific settings objects as is being done with the settings.aws.profile piece. Now I see what you were saying! Luckily that's been fixed.

Just to make sure I understand the background of the request - you're looking at adding another credential provider, but this provider has additional settings that would need to be passed in via environment variables, correct?

If so, it shouldn't be too difficult to extend the CredentialProvider struct that defines those settings to include an optional set of values. Something like:

# Probably define a new struct to simplify the Vec<HashMap<String, String>> type
env: Vec<HashMap<String, String>>,

Then in the templates there would need to be an #each loop through each of the env values to populate them in the CredentialProviderConfig settings.

I can't give any kind of timeline on when someone on the team here could get to it, but contributions definitely welcome if you want to propose this addition. :)

@stmcginnis stmcginnis added the status/needs-triage Pending triage or re-evaluation label Dec 1, 2022
@stmcginnis stmcginnis added type/enhancement New feature or request help wanted Denotes an issue that needs help from a contributor status/icebox Things we think would be nice but are not prioritized area/settings Issues related to our settings handling and removed status/needs-triage Pending triage or re-evaluation labels Mar 2, 2023
@stmcginnis stmcginnis self-assigned this Mar 21, 2023
@stmcginnis stmcginnis mentioned this issue Mar 23, 2023
Merged
@stmcginnis stmcginnis added status/in-progress This issue is currently being worked on and removed help wanted Denotes an issue that needs help from a contributor status/icebox Things we think would be nice but are not prioritized labels Mar 23, 2023
@github-project-automation github-project-automation bot moved this from In Progress to Done in Bottlerocket Engineering Roadmap Apr 10, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@stmcginnis stmcginnis

Labels
area/settings Issues related to our settings handling status/in-progress This issue is currently being worked on type/enhancement New feature or request
Projects
Bottlerocket Engineering Roadmap
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Enable environment variables for Kubernetes credential providers stmcginnis/bottlerocket
2 participants
@samjo-nyang @stmcginnis