feat: add option to disable autorefresh side car injection #26
Conversation
|
Since I have the same problem right now I do like your idea here, but just wondering, wouldn't having the annotation on the cronjob or pod spawned by the cronjob make more sense? Say you have a deployment with a cronjob, both use the same service account, so you wouldn't want to disable the token refresh in general or else your deployment breaks. But you would want the cronjob to finish running by e.g. not having the the sidecar injected. |
Yeah, you make a good point; I'll update it so the annotation can exist either on the pod or on SA; if it is only on the pod the sidecar won't be injected and other pods without the annotation using the SA would still have the refresher. |
|
@langesven I took your advice and implemented that; so now you can define that annotation on a particular pod and it would then only disable the refresher for that specific pod; though it can be defined at the SA level as well. |
Adding functionality to disable sidecar injection for autorefresh; this is required for cases like cronJob or Job pods when the main container exits but the refresh token keeps on running.
The refresh can be disabled by adding:
annotation to the service account objects.