Prototype implementation of mutating webhook injecting initContainer generating ephemeral Keystone application credentials to be used by main containers of Pods.
Deploy the app normally first. Then re-deploy with the following diff:
--- a/examples/demo-app/helm-charts/demo-app/templates/deployment.yaml
+++ b/examples/demo-app/helm-charts/demo-app/templates/deployment.yaml
@@ -14,11 +14,13 @@ spec:
metadata:
labels:
name: demo-app
- annotations: {}
+ annotations:
+ auth.openstack.org/inject-from-secret: os-auth
+ # auth.openstack.org/duration: 24h
spec:
containers:
- name: app
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
- envFrom:
- - secretRef:
- name: os-auth
+ # envFrom:
+ # - secretRef:
+ # name: os-auth
The change will cause the authenticator container to be injected, along with other related configuration.