mirror of
https://github.com/external-secrets/external-secrets.git
synced 2024-12-14 11:57:59 +00:00
update
This commit is contained in:
Alberto Llamas
parent
c3335907ac
commit
5ec222dfd0
8 changed files with 16 additions and 26 deletions
|
|
@ -73,9 +73,4 @@ type AWSProvider struct {
|
||||||
|
|
||||||
// AWS Region to be used for the provider
|
// AWS Region to be used for the provider
|
||||||
Region string `json:"region"`
|
Region string `json:"region"`
|
||||||
|
|
||||||
// SessionCache defines if the AWS session should be reused,
|
|
||||||
// if not set the operator will issues a fresh session for each request.
|
|
||||||
// +optional
|
|
||||||
SessionCache bool `json:"sessionCache,omitempty"`
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -38,6 +38,7 @@ import (
|
||||||
"github.com/external-secrets/external-secrets/pkg/controllers/clusterexternalsecret"
|
"github.com/external-secrets/external-secrets/pkg/controllers/clusterexternalsecret"
|
||||||
"github.com/external-secrets/external-secrets/pkg/controllers/externalsecret"
|
"github.com/external-secrets/external-secrets/pkg/controllers/externalsecret"
|
||||||
"github.com/external-secrets/external-secrets/pkg/controllers/secretstore"
|
"github.com/external-secrets/external-secrets/pkg/controllers/secretstore"
|
||||||
|
awsauth "github.com/external-secrets/external-secrets/pkg/provider/aws/auth"
|
||||||
)
|
)
|
||||||
|
|
||||||
var (
|
var (
|
||||||
|
|
@ -61,6 +62,7 @@ var (
|
||||||
secretName, secretNamespace string
|
secretName, secretNamespace string
|
||||||
crdRequeueInterval time.Duration
|
crdRequeueInterval time.Duration
|
||||||
certCheckInterval time.Duration
|
certCheckInterval time.Duration
|
||||||
|
enableAWSSession bool
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
|
|
@ -159,6 +161,9 @@ var rootCmd = &cobra.Command{
|
||||||
os.Exit(1)
|
os.Exit(1)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
if enableAWSSession {
|
||||||
|
awsauth.EnableCache = true
|
||||||
|
}
|
||||||
setupLog.Info("starting manager")
|
setupLog.Info("starting manager")
|
||||||
if err := mgr.Start(ctrl.SetupSignalHandler()); err != nil {
|
if err := mgr.Start(ctrl.SetupSignalHandler()); err != nil {
|
||||||
setupLog.Error(err, "problem running manager")
|
setupLog.Error(err, "problem running manager")
|
||||||
|
|
@ -185,4 +190,5 @@ func init() {
|
||||||
rootCmd.Flags().BoolVar(&enableClusterExternalSecretReconciler, "enable-cluster-external-secret-reconciler", true, "Enable cluster external secret reconciler.")
|
rootCmd.Flags().BoolVar(&enableClusterExternalSecretReconciler, "enable-cluster-external-secret-reconciler", true, "Enable cluster external secret reconciler.")
|
||||||
rootCmd.Flags().DurationVar(&storeRequeueInterval, "store-requeue-interval", time.Minute*5, "Default Time duration between reconciling (Cluster)SecretStores")
|
rootCmd.Flags().DurationVar(&storeRequeueInterval, "store-requeue-interval", time.Minute*5, "Default Time duration between reconciling (Cluster)SecretStores")
|
||||||
rootCmd.Flags().BoolVar(&enableFloodGate, "enable-flood-gate", true, "Enable flood gate. External secret will be reconciled only if the ClusterStore or Store have an healthy or unknown state.")
|
rootCmd.Flags().BoolVar(&enableFloodGate, "enable-flood-gate", true, "Enable flood gate. External secret will be reconciled only if the ClusterStore or Store have an healthy or unknown state.")
|
||||||
|
rootCmd.Flags().BoolVar(&enableAWSSession, "experimental-enable-aws-session-cache", false, "Enable experimental AWS session cache. External secret will reuse the AWS session without creating a new one on each request.")
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1665,11 +1665,6 @@ spec:
|
||||||
- SecretsManager
|
- SecretsManager
|
||||||
- ParameterStore
|
- ParameterStore
|
||||||
type: string
|
type: string
|
||||||
sessionCache:
|
|
||||||
description: SessionCache defines if the AWS session should
|
|
||||||
be reused, if not set the operator will issues a fresh session
|
|
||||||
for each request.
|
|
||||||
type: boolean
|
|
||||||
required:
|
required:
|
||||||
- region
|
- region
|
||||||
- service
|
- service
|
||||||
|
|
|
||||||
|
|
@ -1668,11 +1668,6 @@ spec:
|
||||||
- SecretsManager
|
- SecretsManager
|
||||||
- ParameterStore
|
- ParameterStore
|
||||||
type: string
|
type: string
|
||||||
sessionCache:
|
|
||||||
description: SessionCache defines if the AWS session should
|
|
||||||
be reused, if not set the operator will issues a fresh session
|
|
||||||
for each request.
|
|
||||||
type: boolean
|
|
||||||
required:
|
required:
|
||||||
- region
|
- region
|
||||||
- service
|
- service
|
||||||
|
|
|
||||||
|
|
@ -69,6 +69,9 @@ spec:
|
||||||
{{- if .Values.concurrent }}
|
{{- if .Values.concurrent }}
|
||||||
- --concurrent={{ .Values.concurrent }}
|
- --concurrent={{ .Values.concurrent }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
{{- if .Values.enableAWSSession }}
|
||||||
|
- --experimental-enable-aws-session-cache={{ .Values.enableAWSSession }}
|
||||||
|
{{- end }}
|
||||||
{{- range $key, $value := .Values.extraArgs }}
|
{{- range $key, $value := .Values.extraArgs }}
|
||||||
{{- if $value }}
|
{{- if $value }}
|
||||||
- --{{ $key }}={{ $value }}
|
- --{{ $key }}={{ $value }}
|
||||||
|
|
|
||||||
|
|
@ -48,6 +48,9 @@ createOperator: true
|
||||||
# a time.
|
# a time.
|
||||||
concurrent: 1
|
concurrent: 1
|
||||||
|
|
||||||
|
# -- If set External secret will reuse the AWS session without creating a new one on each request.
|
||||||
|
enableAWSSession: false
|
||||||
|
|
||||||
serviceAccount:
|
serviceAccount:
|
||||||
# -- Specifies whether a service account should be created.
|
# -- Specifies whether a service account should be created.
|
||||||
create: true
|
create: true
|
||||||
|
|
|
||||||
|
|
@ -1557,9 +1557,6 @@ spec:
|
||||||
- SecretsManager
|
- SecretsManager
|
||||||
- ParameterStore
|
- ParameterStore
|
||||||
type: string
|
type: string
|
||||||
sessionCache:
|
|
||||||
description: SessionCache defines if the AWS session should be reused, if not set the operator will issues a fresh session for each request.
|
|
||||||
type: boolean
|
|
||||||
required:
|
required:
|
||||||
- region
|
- region
|
||||||
- service
|
- service
|
||||||
|
|
@ -4232,9 +4229,6 @@ spec:
|
||||||
- SecretsManager
|
- SecretsManager
|
||||||
- ParameterStore
|
- ParameterStore
|
||||||
type: string
|
type: string
|
||||||
sessionCache:
|
|
||||||
description: SessionCache defines if the AWS session should be reused, if not set the operator will issues a fresh session for each request.
|
|
||||||
type: boolean
|
|
||||||
required:
|
required:
|
||||||
- region
|
- region
|
||||||
- service
|
- service
|
||||||
|
|
|
||||||
|
|
@ -52,8 +52,9 @@ type SessionCache struct {
|
||||||
}
|
}
|
||||||
|
|
||||||
var (
|
var (
|
||||||
log = ctrl.Log.WithName("provider").WithName("aws")
|
log = ctrl.Log.WithName("provider").WithName("aws")
|
||||||
sessions = make(map[SessionCache]*session.Session)
|
sessions = make(map[SessionCache]*session.Session)
|
||||||
|
EnableCache bool
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
|
|
@ -242,9 +243,7 @@ func DefaultSTSProvider(sess *session.Session) stsiface.STSAPI {
|
||||||
// getAWSSession check if an AWS session should be reused
|
// getAWSSession check if an AWS session should be reused
|
||||||
// it returns the aws session or an error.
|
// it returns the aws session or an error.
|
||||||
func getAWSSession(config *aws.Config, prov *esv1beta1.AWSProvider, store esv1beta1.GenericStore, namespace string) (*session.Session, error) {
|
func getAWSSession(config *aws.Config, prov *esv1beta1.AWSProvider, store esv1beta1.GenericStore, namespace string) (*session.Session, error) {
|
||||||
sessionCache := prov.SessionCache
|
if EnableCache {
|
||||||
|
|
||||||
if sessionCache {
|
|
||||||
tmpSession := SessionCache{
|
tmpSession := SessionCache{
|
||||||
Name: store.GetObjectMeta().Name,
|
Name: store.GetObjectMeta().Name,
|
||||||
Namespace: namespace,
|
Namespace: namespace,
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue