aws-ssm Update newer golang and k8s API. Also added WatchSecrets feature

Update newer golang and k8s API. Also added WatchSecrets feature

Open edify42 opened this issue 2 years ago • 1 comments

Hey @cmattoon

changes

Biggest change to mention is the WatchSecrets function which can be enabled by config.
Added a labelSelector so that we can filter early the secrets we want to be reading (standard k8s labels on secrets)
Updated the libraries to newer k8s API (1.22) - needed to pass a context to a few of the functions, update tests etc.
Update golang version

why we added the `watch` feature

We noticed when the number of secrets started to grow in our k8s cluster, the controller was a bit slow when making updates (loops through all secrets and calls SSM parameter store to fetch the value).

For a cluster with around 800 secrets, it was taking a few minutes to cycle through all of them, exceeding the default ticker interval as well (30 seconds).

When doing a new deployment (we use helm but it doesn't matter), we deploy our secrets first before deploying but as the secrets take so long to be properly populated with values from SSM, we generally see a CreateContainerConfigError on the pods.

Sep 09 '21 14:09 edify42

bump @cmattoon :)

Oct 11 '21 00:10 edify42

aws-ssm aws-ssm copied to clipboard

Update newer golang and k8s API. Also added WatchSecrets feature

changes

why we added the watch feature

aws-ssm
aws-ssm copied to clipboard

why we added the `watch` feature