Home Explore Help
Sign In
logic855
/
helm-external-secrets
mirror of https://github.com/external-secrets/external-secrets
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

:bug: Fixing PushSecret CRD generation (#1967)

* Fixing PushSecret CRD generation

Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>

* fix: increase hashicorp vault cache size to prevent eviction

Also remove tiny cache size from e2e tests

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

---------

Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
Gustavo Fernandes de Carvalho 3 years ago
parent
322f61dbaa
commit
a1f8a8adc7
3 changed files with 4 additions and 7 deletions
Split View Show Diff Stats
  1. 0 4
      e2e/framework/addon/eso.go
  2. 2 2
      hack/helm.generate.sh
  3. 2 1
      pkg/provider/vault/vault.go

+ 0 - 4
e2e/framework/addon/eso.go
View File 

@@ -69,10 +69,6 @@ func NewESO(mutators ...MutationFunc) *ESO {
 
 					Key:   "extraArgs.experimental-enable-aws-session-cache",
 
 					Value: "true",
 
 				},
 
-				{
 
-					Key:   "extraArgs.experimental-vault-token-cache-size",
 
-					Value: "10",
 
-				},
 
 			},
 
 		},
 
 	}

+ 2 - 2
hack/helm.generate.sh
View File 

@@ -21,8 +21,8 @@ for i in "${HELM_DIR}"/templates/crds/*.yml; do
 
   cp "$i" "$i.bkp"
 
   if [[ "$CRDS_FLAG_NAME" == *"Cluster"* ]]; then
 
     echo "{{- if and (.Values.installCRDs) (.Values.crds.$CRDS_FLAG_NAME) }}" > "$i"
 
-  elif [[ "$$CRDS_FLAG_NAME" == *"PushSecret"* ]]; then 
-			echo "{{- if and (.Values.installCRDs) (.Values.crds.$$CRDS_FLAG_NAME) }}" > "$$i"
 
+  elif [[ "$CRDS_FLAG_NAME" == *"PushSecret"* ]]; then 
+			echo "{{- if and (.Values.installCRDs) (.Values.crds.$CRDS_FLAG_NAME) }}" > "$i"
 
   else
 
     echo "{{- if .Values.installCRDs }}" > "$i"
 
   fi

+ 2 - 1
pkg/provider/vault/vault.go
View File 

@@ -1400,7 +1400,8 @@ func init() {
 
 	var vaultTokenCacheSize int
 
 	fs := pflag.NewFlagSet("vault", pflag.ExitOnError)
 
 	fs.BoolVar(&enableCache, "experimental-enable-vault-token-cache", false, "Enable experimental Vault token cache. External secrets will reuse the Vault token without creating a new one on each request.")
 
-	fs.IntVar(&vaultTokenCacheSize, "experimental-vault-token-cache-size", 100, "Maximum size of Vault token cache. Only used if --experimental-enable-vault-token-cache is set.")
 
+	// max. 265k vault leases with 30bytes each ~= 7MB
 
+	fs.IntVar(&vaultTokenCacheSize, "experimental-vault-token-cache-size", 2<<17, "Maximum size of Vault token cache. When more tokens than Only used if --experimental-enable-vault-token-cache is set.")
 
 	lateInit := func() {
 
 		logger.Info("initializing vault cache with size=%d", vaultTokenCacheSize)
 
 		clientCache = cache.Must(vaultTokenCacheSize, func(client Client) {