[ 
https://issues.apache.org/jira/browse/KNOX-3364?focusedWorklogId=1027354&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-1027354
 ]

ASF GitHub Bot logged work on KNOX-3364:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 29/Jun/26 07:21
            Start Date: 29/Jun/26 07:21
    Worklog Time Spent: 10m 
      Work Description: smolnar82 commented on code in PR #1282:
URL: https://github.com/apache/knox/pull/1282#discussion_r3489926346


##########
gateway-docker/src/main/resources/docker/gateway-entrypoint.sh:
##########
@@ -92,6 +94,49 @@ saveAlias() {
   fi
 }
 
+## Helper function to load Knox aliases from labeled Kubernetes Secrets.
+loadAliasesFromK8sSecrets() {
+  local sa_token_file="/var/run/secrets/kubernetes.io/serviceaccount/token"
+  local sa_ca_file="/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"
+  local sa_ns_file="/var/run/secrets/kubernetes.io/serviceaccount/namespace"
+  local label="${KNOX_ALIAS_LABEL:-knox.apache.org/alias=true}"
+
+  if [[ ! -r ${sa_token_file} || ! -r ${sa_ca_file} || ! -r ${sa_ns_file} ]]; 
then
+    echo "ServiceAccount token not mounted; skipping k8s-sourced Knox aliases"
+    return 0
+  fi
+
+  echo "Loading Knox aliases from labeled k8s Secrets (label: ${label}) ..."
+  local namespace token resp_file http_code secret_names
+  namespace=$(/bin/cat "${sa_ns_file}")
+  token=$(/bin/cat "${sa_token_file}")
+  resp_file=$(mktemp)
+
+  http_code=$(curl -sS \
+    --cacert "${sa_ca_file}" \
+    -H "Authorization: Bearer ${token}" \
+    -o "${resp_file}" -w "%{http_code}" \
+    
"https://kubernetes.default.svc/api/v1/namespaces/${namespace}/secrets?labelSelector=${label}";)
 || http_code="000"

Review Comment:
   nit: there's no explicit timeout on the curl call. If the k8s API is slow or 
unreachable, this could stall container startup. Adding `--max-time 10` or 
similar would make the failure path faster.





Issue Time Tracking
-------------------

    Worklog Id:     (was: 1027354)
    Time Spent: 0.5h  (was: 20m)

> Bootstrap Knox aliases from labeled Kubernetes Secrets on container startup
> ---------------------------------------------------------------------------
>
>                 Key: KNOX-3364
>                 URL: https://issues.apache.org/jira/browse/KNOX-3364
>             Project: Apache Knox
>          Issue Type: New Feature
>          Components: docker, Startup Scripts
>    Affects Versions: 2.1.0
>            Reporter: Tamás Hanicz
>            Assignee: Tamás Hanicz
>            Priority: Major
>          Time Spent: 0.5h
>  Remaining Estimate: 0h
>




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to