in admission-controller/secret-inject/python/admission_controller.py [0:0]
def secrets_initcont_patch(annotations,response):
patch = [
{
"op": "add",
"path": "/spec/initContainers",
"value": [
{
"image": "%v",
"name": "secrets-init-container",
"volumeMounts": [
{
"name": "secret-vol",
"mountPath": "/tmp"
}
],
"env": [
{
"name": "SECRET_ARN",
"valueFrom": {
"fieldRef": {
"fieldPath": "metadata.annotations['secrets.k8s.aws/secret-arn']"
}
}
}
],
"resources": {}
}
]
},
{
"op": "add",
"path": "/spec/volumes/-",
"value":
{
"emptyDir":
{
"medium": "Memory"
},
"name": "secret-vol"
}
}
]
response['patch'] = base64.b64encode(json.dumps(patch))
response['patchType'] = 'application/json-patch+json'
return response