Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support disable_keep_alives #376

Merged
merged 3 commits into from Jul 28, 2022
Merged

Support disable_keep_alives #376

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
cdf471f
Support disable_keep_alives
Jul 28, 2022
925aa90
Update agent-inject/agent/agent.go
Jul 28, 2022
5a1d907
Add changelog entry
Jul 28, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
7 changes: 7 additions & 0 deletions agent-inject/agent/agent.go
View file
Open in desktop
Expand Up @@ -167,6 +167,9 @@ type Agent struct {
// DisableIdleConnections controls which Agent features have idle
// connections disabled
DisableIdleConnections []string

// DisableKeepAlives controls which Agent features have keep-alives disables.
swenson marked this conversation as resolved.
Show resolved Hide resolved
DisableKeepAlives []string
}

type ServiceAccountTokenVolume struct {
Expand Down Expand Up @@ -471,6 +474,10 @@ func New(pod *corev1.Pod, patches []*jsonpatch.JsonPatchOperation) (*Agent, erro
agent.DisableIdleConnections = strings.Split(pod.Annotations[AnnotationAgentDisableIdleConnections], ",")
}

if pod.Annotations[AnnotationAgentDisableKeepAlives] != "" {
agent.DisableKeepAlives = strings.Split(pod.Annotations[AnnotationAgentDisableKeepAlives], ",")
}

return agent, nil
}

Expand Down
10 changes: 10 additions & 0 deletions agent-inject/agent/annotations.go
View file
Open in desktop
Expand Up @@ -276,6 +276,11 @@ const (
// features in Vault Agent. Comma-separated string, with valid values auto-auth, caching,
// templating.
AnnotationAgentDisableIdleConnections = "vault.hashicorp.com/agent-disable-idle-connections"

// AnnotationAgentDisableKeepAlives specifies disabling keep-alives for various
// features in Vault Agent. Comma-separated string, with valid values auto-auth, caching,
// templating.
AnnotationAgentDisableKeepAlives = "vault.hashicorp.com/agent-disable-keep-alives"
)

type AgentConfig struct {
Expand All @@ -301,6 +306,7 @@ type AgentConfig struct {
AuthMinBackoff string
AuthMaxBackoff string
DisableIdleConnections string
DisableKeepAlives string
}

// Init configures the expected annotations required to create a new instance
Expand Down Expand Up @@ -501,6 +507,10 @@ func Init(pod *corev1.Pod, cfg AgentConfig) error {
pod.ObjectMeta.Annotations[AnnotationAgentDisableIdleConnections] = cfg.DisableIdleConnections
}

if _, ok := pod.ObjectMeta.Annotations[AnnotationAgentDisableKeepAlives]; !ok {
pod.ObjectMeta.Annotations[AnnotationAgentDisableKeepAlives] = cfg.DisableKeepAlives
}

return nil
}

Expand Down
36 changes: 36 additions & 0 deletions agent-inject/agent/annotations_test.go
View file
Open in desktop
Expand Up @@ -1189,3 +1189,39 @@ func TestDisableIdleConnections(t *testing.T) {
})
}
}

func TestDisableKeepAlives(t *testing.T) {
tests := map[string]struct {
annotations map[string]string
expectedValue []string
}{
"full list": {
annotations: map[string]string{
"vault.hashicorp.com/agent-disable-keep-alives": "auto-auth,caching,templating",
},
expectedValue: []string{"auto-auth", "caching", "templating"},
},
"one": {
annotations: map[string]string{
"vault.hashicorp.com/agent-disable-keep-alives": "auto-auth",
},
expectedValue: []string{"auto-auth"},
},
"none": {
annotations: map[string]string{},
expectedValue: nil,
},
}
for name, tc := range tests {
t.Run(name, func(t *testing.T) {
pod := testPod(tc.annotations)
agentConfig := basicAgentConfig()
err := Init(pod, agentConfig)
require.NoError(t, err)
agent, err := New(pod, nil)
require.NoError(t, err)

assert.Equal(t, tc.expectedValue, agent.DisableKeepAlives)
})
}
}
2 changes: 2 additions & 0 deletions agent-inject/agent/config.go
View file
Open in desktop
Expand Up @@ -28,6 +28,7 @@ type Config struct {
Cache *Cache `json:"cache,omitempty"`
TemplateConfig *TemplateConfig `json:"template_config,omitempty"`
DisableIdleConnections []string `json:"disable_idle_connections,omitempty"`
DisableKeepAlives []string `json:"disable_keep_alives,omitempty"`
}

// Vault contains configuration for connecting to Vault servers
Expand Down Expand Up @@ -192,6 +193,7 @@ func (a *Agent) newConfig(init bool) ([]byte, error) {
StaticSecretRenderInterval: a.VaultAgentTemplateConfig.StaticSecretRenderInterval,
},
DisableIdleConnections: a.DisableIdleConnections,
DisableKeepAlives: a.DisableKeepAlives,
}

if a.InjectToken {
Expand Down
2 changes: 2 additions & 0 deletions agent-inject/handler.go
View file
Open in desktop
Expand Up @@ -69,6 +69,7 @@ type Handler struct {
AuthMinBackoff string
AuthMaxBackoff string
DisableIdleConnections string
DisableKeepAlives string
}

// Handle is the http.HandlerFunc implementation that actually handles the
Expand Down Expand Up @@ -204,6 +205,7 @@ func (h *Handler) Mutate(req *admissionv1.AdmissionRequest) *admissionv1.Admissi
AuthMinBackoff: h.AuthMinBackoff,
AuthMaxBackoff: h.AuthMaxBackoff,
DisableIdleConnections: h.DisableIdleConnections,
DisableKeepAlives: h.DisableKeepAlives,
}
err = agent.Init(&pod, cfg)
if err != nil {
Expand Down
2 changes: 2 additions & 0 deletions subcommand/injector/command.go
View file
Open in desktop
Expand Up @@ -72,6 +72,7 @@ type Command struct {
flagAuthMinBackoff string // Auth min backoff on failure
flagAuthMaxBackoff string // Auth min backoff on failure
flagDisableIdleConnections string // Idle connections control
flagDisableKeepAlives string // Keep-alives control

flagSet *flag.FlagSet

Expand Down Expand Up @@ -209,6 +210,7 @@ func (c *Command) Run(args []string) int {
AuthMinBackoff: c.flagAuthMinBackoff,
AuthMaxBackoff: c.flagAuthMaxBackoff,
DisableIdleConnections: c.flagDisableIdleConnections,
DisableKeepAlives: c.flagDisableKeepAlives,
}

mux := http.NewServeMux()
Expand Down
9 changes: 9 additions & 0 deletions subcommand/injector/flags.go
View file
Open in desktop
Expand Up @@ -122,6 +122,9 @@ type Specification struct {

// DisableIdleConnections is the AGENT_INJECT_DISABLE_IDLE_CONNECTIONS environment variable
DisableIdleConnections string `split_words:"true"`

// DisableKeepAlives is the AGENT_INJECT_DISABLE_KEEP_ALIVES environment variable
DisableKeepAlives string `split_words:"true"`
}

func (c *Command) init() {
Expand Down Expand Up @@ -188,6 +191,8 @@ func (c *Command) init() {
"Sets the maximum backoff on auto-auth failure. Default is 5m")
c.flagSet.StringVar(&c.flagDisableIdleConnections, "disable-idle-connections", "",
"Comma-separated list of Vault features where idle connections should be disabled.")
c.flagSet.StringVar(&c.flagDisableKeepAlives, "disable-keep-alives", "",
"Comma-separated list of Vault features where keep-alives should be disabled.")

tlsVersions := []string{}
for v := range tlsutil.TLSLookup {
Expand Down Expand Up @@ -389,5 +394,9 @@ func (c *Command) parseEnvs() error {
c.flagDisableIdleConnections = envs.DisableIdleConnections
}

if envs.DisableKeepAlives != "" {
c.flagDisableKeepAlives = envs.DisableKeepAlives
}

return nil
}
1 change: 1 addition & 0 deletions subcommand/injector/flags_test.go
View file
Open in desktop
Expand Up @@ -137,6 +137,7 @@ func TestCommandEnvs(t *testing.T) {
{env: "AGENT_INJECT_AUTH_MIN_BACKOFF", value: "5s", cmdPtr: &cmd.flagAuthMinBackoff},
{env: "AGENT_INJECT_AUTH_MAX_BACKOFF", value: "5s", cmdPtr: &cmd.flagAuthMaxBackoff},
{env: "AGENT_INJECT_DISABLE_IDLE_CONNECTIONS", value: "auto-auth,caching,templating", cmdPtr: &cmd.flagDisableIdleConnections},
{env: "AGENT_INJECT_DISABLE_KEEP_ALIVES", value: "auto-auth,caching,templating", cmdPtr: &cmd.flagDisableKeepAlives},
}

for _, tt := range tests {
Expand Down