Allow Optional ConfigMap and Secrets
- ConfigMaps and Secrets for Env or Volumes are allowed to be optional
This commit is contained in:
Michael Fraenkel
@@ -33,6 +33,7 @@ import (
|
||||
"time"
|
||||
|
||||
"github.com/golang/glog"
|
||||
"k8s.io/apimachinery/pkg/api/errors"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/labels"
|
||||
"k8s.io/apimachinery/pkg/types"
|
||||
@@ -427,14 +428,20 @@ func (kl *Kubelet) makeEnvironmentVariables(pod *v1.Pod, container *v1.Container
|
||||
for _, envFrom := range container.EnvFrom {
|
||||
switch {
|
||||
case envFrom.ConfigMapRef != nil:
|
||||
name := envFrom.ConfigMapRef.Name
|
||||
cm := envFrom.ConfigMapRef
|
||||
name := cm.Name
|
||||
configMap, ok := configMaps[name]
|
||||
if !ok {
|
||||
if kl.kubeClient == nil {
|
||||
return result, fmt.Errorf("Couldn't get configMap %v/%v, no kubeClient defined", pod.Namespace, name)
|
||||
}
|
||||
optional := cm.Optional != nil && *cm.Optional
|
||||
configMap, err = kl.kubeClient.Core().ConfigMaps(pod.Namespace).Get(name, metav1.GetOptions{})
|
||||
if err != nil {
|
||||
if errors.IsNotFound(err) && optional {
|
||||
// ignore error when marked optional
|
||||
continue
|
||||
}
|
||||
return result, err
|
||||
}
|
||||
configMaps[name] = configMap
|
||||
@@ -450,14 +457,20 @@ func (kl *Kubelet) makeEnvironmentVariables(pod *v1.Pod, container *v1.Container
|
||||
tmpEnv[k] = v
|
||||
}
|
||||
case envFrom.SecretRef != nil:
|
||||
name := envFrom.SecretRef.Name
|
||||
s := envFrom.SecretRef
|
||||
name := s.Name
|
||||
secret, ok := secrets[name]
|
||||
if !ok {
|
||||
if kl.kubeClient == nil {
|
||||
return result, fmt.Errorf("Couldn't get secret %v/%v, no kubeClient defined", pod.Namespace, name)
|
||||
}
|
||||
optional := s.Optional != nil && *s.Optional
|
||||
secret, err = kl.kubeClient.Core().Secrets(pod.Namespace).Get(name, metav1.GetOptions{})
|
||||
if err != nil {
|
||||
if errors.IsNotFound(err) && optional {
|
||||
// ignore error when marked optional
|
||||
continue
|
||||
}
|
||||
return result, err
|
||||
}
|
||||
secrets[name] = secret
|
||||
@@ -510,8 +523,10 @@ func (kl *Kubelet) makeEnvironmentVariables(pod *v1.Pod, container *v1.Container
|
||||
return result, err
|
||||
}
|
||||
case envVar.ValueFrom.ConfigMapKeyRef != nil:
|
||||
name := envVar.ValueFrom.ConfigMapKeyRef.Name
|
||||
key := envVar.ValueFrom.ConfigMapKeyRef.Key
|
||||
cm := envVar.ValueFrom.ConfigMapKeyRef
|
||||
name := cm.Name
|
||||
key := cm.Key
|
||||
optional := cm.Optional != nil && *cm.Optional
|
||||
configMap, ok := configMaps[name]
|
||||
if !ok {
|
||||
if kl.kubeClient == nil {
|
||||
@@ -519,17 +534,26 @@ func (kl *Kubelet) makeEnvironmentVariables(pod *v1.Pod, container *v1.Container
|
||||
}
|
||||
configMap, err = kl.kubeClient.Core().ConfigMaps(pod.Namespace).Get(name, metav1.GetOptions{})
|
||||
if err != nil {
|
||||
if errors.IsNotFound(err) && optional {
|
||||
// ignore error when marked optional
|
||||
continue
|
||||
}
|
||||
return result, err
|
||||
}
|
||||
configMaps[name] = configMap
|
||||
}
|
||||
runtimeVal, ok = configMap.Data[key]
|
||||
if !ok {
|
||||
if optional {
|
||||
continue
|
||||
}
|
||||
return result, fmt.Errorf("Couldn't find key %v in ConfigMap %v/%v", key, pod.Namespace, name)
|
||||
}
|
||||
case envVar.ValueFrom.SecretKeyRef != nil:
|
||||
name := envVar.ValueFrom.SecretKeyRef.Name
|
||||
key := envVar.ValueFrom.SecretKeyRef.Key
|
||||
s := envVar.ValueFrom.SecretKeyRef
|
||||
name := s.Name
|
||||
key := s.Key
|
||||
optional := s.Optional != nil && *s.Optional
|
||||
secret, ok := secrets[name]
|
||||
if !ok {
|
||||
if kl.kubeClient == nil {
|
||||
@@ -537,17 +561,30 @@ func (kl *Kubelet) makeEnvironmentVariables(pod *v1.Pod, container *v1.Container
|
||||
}
|
||||
secret, err = kl.secretManager.GetSecret(pod.Namespace, name)
|
||||
if err != nil {
|
||||
if errors.IsNotFound(err) && optional {
|
||||
// ignore error when marked optional
|
||||
continue
|
||||
}
|
||||
return result, err
|
||||
}
|
||||
secrets[name] = secret
|
||||
}
|
||||
runtimeValBytes, ok := secret.Data[key]
|
||||
if !ok {
|
||||
if optional {
|
||||
continue
|
||||
}
|
||||
return result, fmt.Errorf("Couldn't find key %v in Secret %v/%v", key, pod.Namespace, name)
|
||||
}
|
||||
runtimeVal = string(runtimeValBytes)
|
||||
}
|
||||
}
|
||||
// Accesses apiserver+Pods.
|
||||
// So, the master may set service env vars, or kubelet may. In case both are doing
|
||||
// it, we delete the key from the kubelet-generated ones so we don't have duplicate
|
||||
// env vars.
|
||||
// TODO: remove this next line once all platforms use apiserver+Pods.
|
||||
delete(serviceEnv, envVar.Name)
|
||||
|
||||
tmpEnv[envVar.Name] = runtimeVal
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user