plan files
This commit is contained in:
Elizabeth W
@@ -0,0 +1,14 @@
|
||||
# Implementation Plan: Infisical Secrets Injection InitContainer
|
||||
|
||||
## Objective
|
||||
Ensure that Infisical secrets are injected as **Environment Variables** securely before any main container logic runs in the Argo Workflows steps.
|
||||
|
||||
## Requirements
|
||||
- Use the Infisical Kubernetes operator approach.
|
||||
- Add the necessary Infisical annotations (e.g., `secrets.infisical.com/auto-reload: "true"`) to the pod metadata templates.
|
||||
- **Crucial:** Because Argo Workflows pods start quickly, inject an `initContainer` into tasks that require secrets. This initContainer should run a simple polling script (e.g., a loop checking if a specific expected environment variable exists) to pause the pod's main container execution until the Infisical mutating webhook has successfully injected the environment variables.
|
||||
|
||||
## Agent Instructions
|
||||
1. Create a reusable snippet or template property for the `initContainer` wait logic.
|
||||
2. Apply the required Infisical annotations to the `ClusterWorkflowTemplate`'s `podSpecPatch` or task metadata.
|
||||
3. Document which steps will require which secrets (e.g., DefectDojo API keys, Socket.dev keys).
|
||||
Reference in New Issue
Block a user