-
Notifications
You must be signed in to change notification settings - Fork 68
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Init cotainer injection #155
Comments
Alternate proposal. You could write a CSI Ephemeral driver (https://github.com/kubernetes/enhancements/blob/master/keps/sig-storage/20190122-csi-inline-volumes.md). We're still on track I think to have it beta in 1.16. The user facing api would then be something like: apiVersion: v1
kind: Pod
metadata:
name: some-pod
spec:
containers:
...
volumes:
- name: myvol
csi:
driver: kamus
volumeAttributes:
secretName: foo It would essentially work the same way as the init container, except do it at volumemount time instead. The api would be much cleaner too. |
Yep, that what I was also thinking about. Maybe something more like : apiVersion: v1
kind: Pod
metadata:
name: some-pod
spec:
containers:
...
volumes:
- name: myvol
csi:
driver: kamus
volumeAttributes:
key: <encryptedValue> |
Or the api's flexible enough to even support both. |
Yep, sounds good. I'll be happy to see a PR, and will be happy to help... |
Leverage mutation webhook to inject init container to pods instead of adding them in the deployment manifest. This will make using the init container a bit easier.
The text was updated successfully, but these errors were encountered: