Merge pull request #62 from patoarvizu/parameterize_sync_time

Parameterize sync time
patoarvizu · Jul 19, 2020 · 0479af6 · 0479af6
2 parents fd40517 + 6d6d069
commit 0479af6
Show file tree

Hide file tree

Showing 6 changed files with 13 additions and 3 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -49,7 +49,7 @@ jobs:
       - run:
           name: Install k3d
           command: |
-            wget -q -O - https://raw.githubusercontent.com/rancher/k3d/v1.6.0/install.sh | bash
+            wget -q -O - https://raw.githubusercontent.com/rancher/k3d/main/install.sh | TAG=v1.6.0 bash
       - save_cache:
           key: kms-vault-operator-golang-cache-{{ checksum "go.sum" }}
           paths:

diff --git a/README.md b/README.md
@@ -16,6 +16,7 @@
             - [Vault approle authentication method (`--vault-authentication-method=approle`)](#vault-approle-authentication-method---vault-authentication-methodapprole)
             - [Vault github authentication method (`--vault-authentication-method=github`)](#vault-github-authentication-method---vault-authentication-methodgithub)
             - [Vault iam authentication method (`--vault-authentication-method=iam`)](#vault-iam-authentication-method---vault-authentication-methodiam)
+        - [Command-line flags](#command-line-flags)
         - [Deploying the operator](#deploying-the-operator)
         - [Creating a secret](#creating-a-secret)
         - [Partial secrets](#partial-secrets)
@@ -125,6 +126,13 @@ Environment variable | Required? | Default | Description
 
 **NOTE:** the remote Vault instance will also require runtime permissions to perform the IAM validation actions. Those credentials cannot be set by the operator and must be set directly in the target Vault cluster by other means. Refer to the official Vault [documentation](https://www.vaultproject.io/docs/auth/aws#recommended-vault-iam-policy) for the recommended IAM policy.
 
+### Command-line flags
+
+Flag | Default | Description
+-----|---------|------------
+`--vault-authentication-method` | `token` | Method to be used for the controller to authenticate with Vault.
+`--sync-period-seconds` | 120 | Amount of time in seconds to wait between before syncing the secret to Vault
+
 ### Deploying the operator
 
 The `deploy/` directory has some statically defined manifests that you can modify to configure your own keys and deploy. However, this repo also provides a [Helm](https://helm.sh/) template in the `helm/kms-vault-operator` directory, as well as a sample Helm values file for each authentication method above under `deploy/helm-values`. Please note that some of the values assume you have previously created the [Kubernetes secrets](https://kubernetes.io/docs/concepts/configuration/secret/) or other configuration they rely on.

diff --git a/build/Dockerfile b/build/Dockerfile
@@ -6,7 +6,7 @@ WORKDIR /go/src/github.com/patoarvizu/kms-vault-operator/
 
 RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o /kms-vault-validating-webhook /go/src/github.com/patoarvizu/kms-vault-operator/cmd/webhook/main.go
 
-FROM registry.access.redhat.com/ubi8/ubi-minimal:8.1
+FROM registry.access.redhat.com/ubi8/ubi-minimal:8.2
 
 ARG GIT_COMMIT="unspecified"
 LABEL GIT_COMMIT=$GIT_COMMIT

diff --git a/cmd/manager/main.go b/cmd/manager/main.go
@@ -56,6 +56,7 @@ func main() {
 	pflag.CommandLine.AddGoFlagSet(flag.CommandLine)
 
 	pflag.StringVar(&kmsvaultsecret.VaultAuthenticationMethod, "vault-authentication-method", "token", "Method to be used for the controller to authenticate with Vault")
+	pflag.IntVar(&kmsvaultsecret.SyncPeriodSeconds, "sync-period-seconds", 120, "Amount of time in seconds to wait between before syncing the secret to Vault")
 
 	pflag.Parse()
 

diff --git a/pkg/controller/kmsvaultsecret/config.go b/pkg/controller/kmsvaultsecret/config.go
@@ -2,4 +2,5 @@ package kmsvaultsecret
 
 var (
 	VaultAuthenticationMethod string
+	SyncPeriodSeconds         int
 )
diff --git a/pkg/controller/kmsvaultsecret/kmsvaultsecret_controller.go b/pkg/controller/kmsvaultsecret/kmsvaultsecret_controller.go
@@ -170,7 +170,7 @@ func (r *ReconcileKMSVaultSecret) Reconcile(request reconcile.Request) (reconcil
 		rec.Event(instance, corev1.EventTypeNormal, "SecretCreated", fmt.Sprintf("Wrote secret %s to %s", instance.Name, instance.Spec.Path))
 		r.client.Status().Update(context.TODO(), instance)
 	}
-	return reconcile.Result{RequeueAfter: time.Minute * 2}, nil
+	return reconcile.Result{RequeueAfter: time.Second * time.Duration(SyncPeriodSeconds)}, nil
 }
 
 func removeFinalizer(allFinalizers []string, finalizer string) []string {
-Original file line number
+Diff line change
@@ Expand Up / @@ -2,4 +2,5 @@ package kmsvaultsecret @@
     var (
     	VaultAuthenticationMethod string
+    	SyncPeriodSeconds         int
     )