Comments (4)
munnerz
commented on May 23, 2024
1
There isn't a way that I'm aware of to do this listing for just metadata. There are references to PartialObjectMetadata in the Kubernetes code-base, but this is only utilised client-side from what I can see (specifically, as part of the garbage collector in kube-controller-manager which handles things like owner references).
In lieu of this, I think we'll need to just gather the full resource for now. You may want to ask over in #sig-api-machinery on slack.k8s.io to see if anyone has any more tips here, as I know there was some support for alternative output formats added to the apiserver a while ago (although I'm not sure how flexible this is).
from jetstack-secure.
wwwil
commented on May 23, 2024
I'm having a look into this now. The ideal solution would be if we can find a way to just List Secret metadata.
If that isn't possible we may have to fetch the Secret and have the data gatherer redact the data part. For users running the agent in cluster (which we expect will be most of them) this isn't too bad.
We should probably also have Preflight output a warning if it sees Secrets being gathered, both in the agent and any package development tools.
from jetstack-secure.
wwwil
commented on May 23, 2024
The response from #sig-api-machinery indicates we can't just fetch metadata so I'm going to work on the solution I described above where we fetch the full resource but remove the data and log a warning.
from jetstack-secure.
AkvileMar
commented on May 23, 2024
There is an open pull request that needs to be reviewed.
from jetstack-secure.
Related Issues (20)
- Rename repo to "jetstack-secure-agent" HOT 1
- The dependency chzyer/logex does not have a LICENSE file HOT 3
- Update agent run command example in the agent README
- Agent echo server fails handling requests from the agent
- Improve output of the echo server HOT 2
- Set a default period in the agent.yaml supplied in the repo
- Add `--compact` print flag to the echo server HOT 1
- Remove token auth support from echo command
- Generate RBAC based on the current config HOT 5
- SLSA Level 1 HOT 2
- trivy scan vulnerability results HOT 3
- Documentation Link 404
- feat: Add ability to input a completely custom agent configuration to chart
- feat: Add venafi enhanced issuer to chart
- TLSPK Agent / Jetstack Agent (Re-branding)
- Error in volume configMap
- Chart CI to identify issues before merging HOT 1
- No health endpoint
- Deprecated API versions
- Failing build: release-master: ERROR: Unable to validate cosign version: 'v1.13.1'
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from jetstack-secure.