d8dfun/virtual-kubelet
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

use secure value in ACI for secrets (#276)

Browse Source 
* use secure value in ACI for secrets

* add tests for env variable conversion
This commit is contained in:
Rohan Chakravarthy
2018-07-30 11:44:41 -07:00
committed by Robbie Zhang
parent ef6ae9ecf4
commit 13fbd5c38e
2 changed files with 71 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
providers/azure/aci.go
View File

@@ -676,10 +676,8 @@ func (p *ACIProvider) getContainers(pod *v1.Pod) ([]aci.Container, error) {
c.EnvironmentVariables = make([]aci.EnvironmentVariable, 0, len(container.Env))
for _, e := range container.Env {
c.EnvironmentVariables = append(c.EnvironmentVariables, aci.EnvironmentVariable{
Name: e.Name,
Value: e.Value,
})
envVar := getACIEnvVar(e)
c.EnvironmentVariables = append(c.EnvironmentVariables, envVar)
}
// NOTE(robbiezhang): ACI CPU request must be times of 10m
@@ -1058,3 +1056,20 @@ func filterServiceAccountSecretVolume(osType string, containerGroup *aci.Contain
containerGroup.ContainerGroupProperties.Volumes = volumes
}
}
func getACIEnvVar(e v1.EnvVar) aci.EnvironmentVariable {
var envVar aci.EnvironmentVariable
// If the variable is a secret, use SecureValue
if e.ValueFrom.SecretKeyRef != nil {
envVar = aci.EnvironmentVariable{
Name: e.Name,
SecureValue: e.Value,
}
} else {
envVar = aci.EnvironmentVariable{
Name: e.Name,
Value: e.Value,
}
}
return envVar
}