UNCLASSIFIED - NO CUI

Skip to content

add in ingress for web api and agent-injector

Michael Martin requested to merge add_network_policy_ingress into main

for https://repo1.dso.mil/platform-one/big-bang/bigbang/-/issues/943

Annotating external ports for vault agent inject requires pods in other namespaces have access to vault's server and injector ports.

Several fixes to the init process. Added some logic to handle some race conditions I saw and file permission errors. Now, the full output of the init process is store in a k8s secret. This way, we have all the keys and admin token saved in case we need them for recovery/unsealing the server.

Note: Upgrades are broken, and @trkdashin ran into upgrade issues too with his ticket. I think we're working on an upgrade hook to delete the job or handle it, so the upgrades work.

Edited by Michael Martin

Merge request reports