Comments (11)
Some k8s tools upgraded to go 1.17 without a regard for backwards compat, which is making this impossible to deploy to Cloud Functions right now, since the latest available version there is 1.16.
#180 is the update PR. You can put it in a container and run it on Cloud Run, but there's no way to run it on Cloud Functions right now.
from berglas.
Right - you can do this without the webhook. The webhook just automates the steps you described above (although it uses a sidecar instead).
from berglas.
if I understand correctly, the changes in #180 can be used with Cloud Run, as the Dockerfile/build can use the latest go (1.17) version?
Will try it also in few weeks/months also.
from berglas.
ping! No auto close please :-)
from berglas.
Also interested in the response here, I have never worked on kubernetes things before but we would like to upgrade our cluster to 1.22 (currently on 1.21) and the MutatingWebhookConfiguration beta api "will no longer be served". Happy users of Berglas, but not sure how to make this fix ourselves.
from berglas.
@sethvargo thank you for the explanation, and for having already fixed this and gotten it ready to go in your PR! I see that you are a member of Google Cloud Platform and work at Google -- is there anything I can do to help request that Cloud Functions add a go1.17/go1.18 runtime? I don't know if you're directly involved, but maybe there's a better place to ask than here? Thank you again for your time and for maintaining Berglas, it's been a wonderfully simple solution that's let us use the Google Cloud Secrets Manager for everything both inside k8s and outside.
from berglas.
I don't have any control over that, sorry.
from berglas.
No problem. We'll just deploy the Cloud Run container instead. Thank you again for your support.
from berglas.
Correct - you can use Cloud Run. I didn't want to switch to Cloud Run because it introduces complexity that folks who aren't familiar with Docker or containers might not want to take on.
from berglas.
After looking at the gcloud run samples, my current solution for "typical" kubernetes deployments without using the kubernetes webhook approach:
- Add this line in the Dockerfile to add the berglas binary:
COPY --from=us-docker.pkg.dev/berglas/berglas/berglas:latest /bin/berglas /bin/berglas
- In the deployment container spec, set a command line (example with python):
command: ["/bin/berglas", "exec", "--", "python", "server.py"]
- Ensure to have a proper kubernetes service account in the namespace.
The remaining thing is to make it work for helm charts, which do not have the /bin/berglas binary. Many helms allow to pass a command
, so this part is fine. For the /bin/berglas binary, I guess you could inject it using an initContainer and mount a volume if the helm has initContainer parameters. But if it does not have initContainer parameters, not sure how it can be done. Any ideas?
from berglas.
This issue is stale because it has been open for 14 days with no
activity. It will automatically close after 7 more days of inactivity.
from berglas.
Related Issues (20)
- berglas: cannot execute binary file: Exec format error HOT 1
- Checksum in sum.golang.org is different from download without proxy/checksum database (GOPRIVATE=*) HOT 7
- Download berglas seems to be broken with exec format error: HOT 1
- Berglas interacts badly with tools that rely on process wrapping like Argo-workflows HOT 3
- About the latest release HOT 2
- 1.0.0 image breaks kubernetes integration HOT 6
- New version not published to https://storage.googleapis.com/berglas HOT 1
- using secret account credentials.json instead of workflow identity HOT 1
- CrashLoopBackOff when setting command in my deployments HOT 2
- version only shows as "source" if i go install HOT 3
- I would like a new release. HOT 1
- Setting KMS key location for golang library
- Mutating webhook does not run if secrets are only set through a configMap HOT 1
- Multiple CVEs in docker image HOT 4
- Please provide new release with newest go version HOT 3
- Support rich JSON secrets
- invalid value "fatal" for log level: no such level "fatal"
- Mutating Webhook setup for K8S is missing HOT 1
- Can't upgrade to version 2.X.X HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from berglas.