aws-ssm
aws-ssm copied to clipboard
Update newer golang and k8s API. Also added WatchSecrets feature
Hey @cmattoon
changes
- Biggest change to mention is the
WatchSecrets
function which can be enabled by config. - Added a labelSelector so that we can filter early the secrets we want to be reading (standard k8s labels on secrets)
- Updated the libraries to newer k8s API (1.22) - needed to pass a context to a few of the functions, update tests etc.
- Update golang version
why we added the watch
feature
We noticed when the number of secrets started to grow in our k8s cluster, the controller was a bit slow when making updates (loops through all secrets and calls SSM parameter store to fetch the value).
For a cluster with around 800 secrets, it was taking a few minutes to cycle through all of them, exceeding the default ticker interval as well (30 seconds).
When doing a new deployment (we use helm but it doesn't matter), we deploy our secrets first before deploying but as the secrets take so long to be properly populated with values from SSM, we generally see a CreateContainerConfigError
on the pods.
bump @cmattoon :)