Skip to content

Commit

Permalink
Merge pull request #1365 from esmet/no-secrets
Browse files Browse the repository at this point in the history 
Support AMBASSADOR_NO_SECRETS to prevent Ambassador from reading secrets objects
  • Loading branch information
@kflynn
kflynn authored Mar 26, 2019
2 parents 3086bd5 + 907141d commit 1165dbc
Showing 1 changed file with 7 additions and 1 deletion.
8 changes: 7 additions & 1 deletion ambassador/entrypoint.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -227,8 +227,14 @@ if [ -z "${AMBASSADOR_NO_KUBEWATCH}" ]; then
KUBEWATCH_ENDPOINTS_ARG="endpoints"
fi

KUBEWATCH_SYNC_KINDS="secrets services"

if [ -n "$AMBASSADOR_NO_SECRETS" ]; then
KUBEWATCH_SYNC_KINDS="services"
fi

set -x
"kubewatch" ${KUBEWATCH_NAMESPACE_ARG} --sync "$KUBEWATCH_SYNC_CMD" --warmup-delay 10s secrets services $KUBEWATCH_ENDPOINTS_ARG &
"kubewatch" ${KUBEWATCH_NAMESPACE_ARG} --sync "$KUBEWATCH_SYNC_CMD" --warmup-delay 10s $KUBEWATCH_SYNC_KINDS $KUBEWATCH_ENDPOINTS_ARG &
set +x
pids="${pids:+${pids} }$!:kubewatch"
fi
Expand Down

0 comments on commit 1165dbc

Please sign in to comment.