flink-on-k8s-operator icon indicating copy to clipboard operation
flink-on-k8s-operator copied to clipboard

Published 20 hours ago verified publisher icon GoogleCloudPlatform

Add flinkPropertiesSecret for supporting secret properties

Open devholic opened this issue 4 years ago • 0 comments

Background

Add possibilities for mounting secret properties from Secret.

Resolves #383

Implementation strategy

As @shashken described at https://github.com/GoogleCloudPlatform/flink-on-k8s-operator/issues/383#issuecomment-747453395,

Use flinkPropertiesSecret option in CRD and mount the entire properties into a Secret like @functicons suggested.

  • If flinkPropertiesSecret set,
    • Create the config directory to be an emptyDir with a memory medium.
    • Create an init container that copies config files in ConfigMap to config directory since mounting specific file from emptyDir is not possible.
    • Write secrets to /opt/flink/conf/flink-conf.yaml
    • Config directory will be readonly mounted to main containers as same as current ConfigMap implementation.
  • Or not, mount ConfigMap as config volume like as-is.

Limitations

  • Config keys can be duplicated
  • As @chrispatmore mentioned (https://github.com/GoogleCloudPlatform/flink-on-k8s-operator/issues/383#issuecomment-747643831), we cannot react to ConfigMap updates without restarting the pod

devholic avatar May 12 '21 03:05 devholic