0

I have the following (very basic) StatefulSet in Kubernetes:

apiVersion: v1
kind: Service
metadata:
  name: nginx
  labels:
    app: nginx
spec:
  ports:
  - port: 80
    name: web
  clusterIP: None
  selector:
    app: nginx
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: web
spec:
  serviceName: "nginx"
  replicas: 1
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      annotations:
        vault.security.banzaicloud.io/vault-addr: https://vault.default.svc.cluster.local:8200
        vault.security.banzaicloud.io/vault-tls-secret: vault-tls
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: registry.k8s.io/nginx-slim:0.8
        ports:
        - containerPort: 80
          name: web

When I apply this StatefulSet a Pod is being created, but the annotations are ignored (at least, the init-container vault is not being created:

Events:
  Type    Reason     Age   From               Message
  ----    ------     ----  ----               -------
  Normal  Scheduled  27s   default-scheduler  Successfully assigned namespace/web-0 to worker-1
  Normal  Pulled     24s   kubelet, worker-1  Container image "registry.k8s.io/nginx-slim:0.8" already present on machine
  Normal  Created    24s   kubelet, worker-1  Created container nginx
  Normal  Started    24s   kubelet, worker-1  Started container nginx

When I add the following to the StatefulSet manifest, the init-container for vault is being created:

spec:
  containers:
  - command:
    - /usr/sbin/nginx
    - -g
    - daemon off;

Resulting in:

Events:
  Type    Reason     Age   From               Message
  ----    ------     ----  ----               -------
  Normal  Scheduled  27s   default-scheduler  Successfully assigned keycloak/web-0 to worker-1
  Normal  Pulled     26s   kubelet, worker-1  Container image "banzaicloud/vault-env:1.4.2" already present on machine
  Normal  Created    26s   kubelet, worker-1  Created container copy-vault-env
  Normal  Started    25s   kubelet, worker-1  Started container copy-vault-env
  Normal  Pulled     24s   kubelet, worker-1  Container image "registry.k8s.io/nginx-slim:0.8" already present on machine
  Normal  Created    24s   kubelet, worker-1  Created container nginx
  Normal  Started    24s   kubelet, worker-1  Started container nginx

For nginx the workaround is simply to add the command in the manifest, but I have other images where I cannot (or I don't know which command) add a command, while I need the vault init-container being injected automatically.

C-nan
  • 131
  • 2

0 Answers0