Skip to content

Introduce a preStart lifecycle hook #132140

Open
@gallyamb

Description

@gallyamb

There are was already multiple issues requesting for such a feature: #96560 #4710 #140

But they are closed without any result. I'm opening a new issue to continue discussions about this topic

My own use case of preStart hook is following:

  • our organization uses Hashicorp Vault for secrets management
  • Hashicorp Vault is not synced with k8s secrets and there is no plans to integrate them, AFAIU, because of security reasons (it's worth to mention that Hashicorp Vault have an option to integrate with k8s secrets engine)
  • we're deploying open source solution - DataHub
  • DataHub fetches secrets from env vars
  • currently there is no way to expose env vars from Vault secrets, except writing your own entrypoint, where you fetch secrets (either directly from Vault or from file where initContainer with Vault fetcher placed the secrets) and export env vars
  • this approach forces us to modify docker images' default entrypoint, therefore we have to duplicate that default entrypoint to make it work. Entrypoint is not always just one script execution, though
  • entrypoint modification requires manual sync with changes from original Docker image. It's pretty much error prone

With preStart hook this flow really simplifies, because we won't need to modify entrypoint. We just define preStart hook (with Helm just add some values to generate that hook) and everything just work out of box

Metadata

Metadata

Assignees

No one assigned

    Labels

    needs-triageIndicates an issue or PR lacks a `triage/foo` label and requires one.sig/nodeCategorizes an issue or PR as relevant to SIG Node.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions