[
https://issues.apache.org/jira/browse/KNOX-3364?focusedWorklogId=1027354&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-1027354
]
ASF GitHub Bot logged work on KNOX-3364:
----------------------------------------
Author: ASF GitHub Bot
Created on: 29/Jun/26 07:21
Start Date: 29/Jun/26 07:21
Worklog Time Spent: 10m
Work Description: smolnar82 commented on code in PR #1282:
URL: https://github.com/apache/knox/pull/1282#discussion_r3489926346
##########
gateway-docker/src/main/resources/docker/gateway-entrypoint.sh:
##########
@@ -92,6 +94,49 @@ saveAlias() {
fi
}
+## Helper function to load Knox aliases from labeled Kubernetes Secrets.
+loadAliasesFromK8sSecrets() {
+ local sa_token_file="/var/run/secrets/kubernetes.io/serviceaccount/token"
+ local sa_ca_file="/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"
+ local sa_ns_file="/var/run/secrets/kubernetes.io/serviceaccount/namespace"
+ local label="${KNOX_ALIAS_LABEL:-knox.apache.org/alias=true}"
+
+ if [[ ! -r ${sa_token_file} || ! -r ${sa_ca_file} || ! -r ${sa_ns_file} ]];
then
+ echo "ServiceAccount token not mounted; skipping k8s-sourced Knox aliases"
+ return 0
+ fi
+
+ echo "Loading Knox aliases from labeled k8s Secrets (label: ${label}) ..."
+ local namespace token resp_file http_code secret_names
+ namespace=$(/bin/cat "${sa_ns_file}")
+ token=$(/bin/cat "${sa_token_file}")
+ resp_file=$(mktemp)
+
+ http_code=$(curl -sS \
+ --cacert "${sa_ca_file}" \
+ -H "Authorization: Bearer ${token}" \
+ -o "${resp_file}" -w "%{http_code}" \
+
"https://kubernetes.default.svc/api/v1/namespaces/${namespace}/secrets?labelSelector=${label}")
|| http_code="000"
Review Comment:
nit: there's no explicit timeout on the curl call. If the k8s API is slow or
unreachable, this could stall container startup. Adding `--max-time 10` or
similar would make the failure path faster.
Issue Time Tracking
-------------------
Worklog Id: (was: 1027354)
Time Spent: 0.5h (was: 20m)
> Bootstrap Knox aliases from labeled Kubernetes Secrets on container startup
> ---------------------------------------------------------------------------
>
> Key: KNOX-3364
> URL: https://issues.apache.org/jira/browse/KNOX-3364
> Project: Apache Knox
> Issue Type: New Feature
> Components: docker, Startup Scripts
> Affects Versions: 2.1.0
> Reporter: Tamás Hanicz
> Assignee: Tamás Hanicz
> Priority: Major
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)