Skip to content

Commit 4a3748c

Browse files
sharifelgamalsharifelgamal
authored
Merge pull request #14 from sharifelgamal/dont-override
do not override existing environment variables
2 parents 08136ca + 0396d3f commit 4a3748c

File tree

1 file changed

+64
-43
lines changed

1 file changed

+64
-43
lines changed

server.go

Lines changed: 64 additions & 43 deletions
Original file line numberDiff line numberDiff line change
@@ -90,6 +90,9 @@ func mutateHandler(w http.ResponseWriter, r *http.Request) {
9090
}
9191

9292
var patch []patchOperation
93+
var envVars []corev1.EnvVar
94+
95+
needsCreds := needsEnvVar(pod.Spec.Containers[0], "GOOGLE_APPLICATION_CREDENTIALS")
9396

9497
// Explicitly and silently exclude the kube-system namespace
9598
if pod.ObjectMeta.Namespace != metav1.NamespaceSystem {
@@ -117,59 +120,68 @@ func mutateHandler(w http.ResponseWriter, r *http.Request) {
117120
ReadOnly: true,
118121
}
119122

120-
// Define the env var
121-
e := corev1.EnvVar{
122-
Name: "GOOGLE_APPLICATION_CREDENTIALS",
123-
Value: "/google-app-creds.json",
123+
if needsCreds {
124+
// Define the env var
125+
e := corev1.EnvVar{
126+
Name: "GOOGLE_APPLICATION_CREDENTIALS",
127+
Value: "/google-app-creds.json",
128+
}
129+
envVars = append(envVars, e)
130+
131+
// add the volume in the list of patches
132+
patch = append(patch, patchOperation{
133+
Op: "add",
134+
Path: "/spec/volumes",
135+
Value: append(pod.Spec.Volumes, v),
136+
})
124137
}
125-
envVars := []corev1.EnvVar{e}
126138

127139
// If GOOGLE_CLOUD_PROJECT is set in the VM, set it for all GCP apps.
128140
if _, err := os.Stat("/var/lib/minikube/google_cloud_project"); err == nil {
129141
project, err := ioutil.ReadFile("/var/lib/minikube/google_cloud_project")
130142
if err == nil {
131143
// Set the project name for every variant of the project env var
132144
for _, a := range projectAliases {
133-
envVars = append(envVars, corev1.EnvVar{
134-
Name: a,
135-
Value: string(project),
136-
})
145+
if needsEnvVar(pod.Spec.Containers[0], a) {
146+
envVars = append(envVars, corev1.EnvVar{
147+
Name: a,
148+
Value: string(project),
149+
})
150+
}
137151
}
138152
}
139153
}
140154

141-
patch = append(patch, patchOperation{
142-
Op: "add",
143-
Path: "/spec/volumes",
144-
Value: append(pod.Spec.Volumes, v),
145-
})
146-
147-
for i, c := range pod.Spec.Containers {
148-
if len(c.VolumeMounts) == 0 {
149-
patch = append(patch, patchOperation{
150-
Op: "add",
151-
Path: fmt.Sprintf("/spec/containers/%d/volumeMounts", i),
152-
Value: []corev1.VolumeMount{mount},
153-
})
154-
} else {
155-
patch = append(patch, patchOperation{
156-
Op: "add",
157-
Path: fmt.Sprintf("/spec/containers/%d/volumeMounts", i),
158-
Value: append(c.VolumeMounts, mount),
159-
})
160-
}
161-
if len(c.Env) == 0 {
162-
patch = append(patch, patchOperation{
163-
Op: "add",
164-
Path: fmt.Sprintf("/spec/containers/%d/env", i),
165-
Value: envVars,
166-
})
167-
} else {
168-
patch = append(patch, patchOperation{
169-
Op: "add",
170-
Path: fmt.Sprintf("/spec/containers/%d/env", i),
171-
Value: append(c.Env, envVars...),
172-
})
155+
if len(envVars) > 0 {
156+
for i, c := range pod.Spec.Containers {
157+
if needsCreds {
158+
if len(c.VolumeMounts) == 0 {
159+
patch = append(patch, patchOperation{
160+
Op: "add",
161+
Path: fmt.Sprintf("/spec/containers/%d/volumeMounts", i),
162+
Value: []corev1.VolumeMount{mount},
163+
})
164+
} else {
165+
patch = append(patch, patchOperation{
166+
Op: "add",
167+
Path: fmt.Sprintf("/spec/containers/%d/volumeMounts", i),
168+
Value: append(c.VolumeMounts, mount),
169+
})
170+
}
171+
}
172+
if len(c.Env) == 0 {
173+
patch = append(patch, patchOperation{
174+
Op: "add",
175+
Path: fmt.Sprintf("/spec/containers/%d/env", i),
176+
Value: envVars,
177+
})
178+
} else {
179+
patch = append(patch, patchOperation{
180+
Op: "add",
181+
Path: fmt.Sprintf("/spec/containers/%d/env", i),
182+
Value: append(c.Env, envVars...),
183+
})
184+
}
173185
}
174186
}
175187
}
@@ -261,13 +273,13 @@ func serviceaccountHandler(w http.ResponseWriter, r *http.Request) {
261273

262274
ips := corev1.LocalObjectReference{Name: "gcp-auth"}
263275
if len(sa.ImagePullSecrets) == 0 {
264-
patch = []patchOperation{patchOperation{
276+
patch = []patchOperation{{
265277
Op: "add",
266278
Path: "/imagePullSecrets",
267279
Value: []corev1.LocalObjectReference{ips},
268280
}}
269281
} else {
270-
patch = []patchOperation{patchOperation{
282+
patch = []patchOperation{{
271283
Op: "add",
272284
Path: "/imagePullSecrets",
273285
Value: append(sa.ImagePullSecrets, ips),
@@ -316,6 +328,15 @@ func serviceaccountHandler(w http.ResponseWriter, r *http.Request) {
316328
}
317329
}
318330

331+
func needsEnvVar(c corev1.Container, name string) bool {
332+
for _, e := range c.Env {
333+
if e.Name == name {
334+
return false
335+
}
336+
}
337+
return true
338+
}
339+
319340
func main() {
320341
log.Print("GCP Auth Webhook started!")
321342

0 commit comments

Comments
 (0)