You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I was adding a redisdb config to datadog so it could recognise keydb. The issue was that the secret is auto generated based on the name for the keydb. This made it impossible to mount all the secrets to the agents so I wanted it to read the secrets where they were. The only issue is it was not possible to get the name of the secret based off of the pod name because there were no string manipulation functions for autodiscovery.
My solution was to create a custom script that would rewrite the json thet requests the secret to be correct based of off the pod name and pass that along to the original script. So far so good, the issue came from that datadog.secretBackend.enableGlobalPermissions is disabled when datadog.secretBackend.command is not equal to "/readsecret_multiple_providers.sh".
workaround:
make a new helm chart use the datadog helm chart as dependency and overwrite the "need-secret-permissions" helper function in templates/_helpers.tpl to use an or function instead of an and function.
result
{{/*
Return true if secret RBACs are needed for secret backend.
*/}}
{{- define "need-secret-permissions" -}}
{{- if .Values.datadog.secretBackend.command -}}
{{- if or .Values.datadog.secretBackend.enableGlobalPermissions (eq .Values.datadog.secretBackend.command "/readsecret_multiple_providers.sh") -}}
true
{{- end -}}
{{- else -}}
false
{{- end -}}
{{- end -}}
Requested solution
Change set datadog.secretBackend.enableGlobalPermissions to false by default and change the helper function so it is true if datadog.secretBackend.enableGlobalPermissions is true OR datadog.secretBackend.command is equal to "/readsecret_multiple_providers.sh".
The text was updated successfully, but these errors were encountered:
I was adding a redisdb config to datadog so it could recognise keydb. The issue was that the secret is auto generated based on the name for the keydb. This made it impossible to mount all the secrets to the agents so I wanted it to read the secrets where they were. The only issue is it was not possible to get the name of the secret based off of the pod name because there were no string manipulation functions for autodiscovery.
My solution was to create a custom script that would rewrite the json thet requests the secret to be correct based of off the pod name and pass that along to the original script. So far so good, the issue came from that
datadog.secretBackend.enableGlobalPermissionsis disabled whendatadog.secretBackend.commandis not equal to"/readsecret_multiple_providers.sh".workaround:
make a new helm chart use the datadog helm chart as dependency and overwrite the
"need-secret-permissions"helper function intemplates/_helpers.tplto use anorfunction instead of anandfunction.result
Requested solution
Change set
datadog.secretBackend.enableGlobalPermissionstofalseby default and change the helper function so it is true ifdatadog.secretBackend.enableGlobalPermissionsis true ORdatadog.secretBackend.commandis equal to"/readsecret_multiple_providers.sh".The text was updated successfully, but these errors were encountered: