From 0df6bb136f64ec631e63b4d1d7ef848aa28e0e0f Mon Sep 17 00:00:00 2001 From: David Bond Date: Wed, 13 Jul 2022 14:40:37 +0100 Subject: [PATCH] Include Pod UID on CertificateRequest resources This commit adds an additional label to the generated CertificateRequest resources that includes the UID of the Pod that initiated the request via the csi-driver implementation. The Pod UID is taken from the volume context in the same way that is used to created the owner references. Adding this label adds increased queryablility to see which pod generated which certificate request. Internally at Jetstack, we want a way to monitor unused certificates, so this label will help us in checking the specific pod. It could be that some third party tool adds additional owner references to the CertificateRequest resource, so this label (providing it isn't changed by another third party) will give insight into the specific pod making the request. Related to https://github.com/cert-manager/csi-driver/pull/102 Signed-off-by: David Bond --- internal/api/consts.go | 1 + manager/manager.go | 1 + 2 files changed, 2 insertions(+) diff --git a/internal/api/consts.go b/internal/api/consts.go index 4ca4793..34f102c 100644 --- a/internal/api/consts.go +++ b/internal/api/consts.go @@ -19,4 +19,5 @@ package api const ( NodeIDHashLabelKey = "csi.cert-manager.io/node-id-hash" VolumeIDHashLabelKey = "csi.cert-manager.io/volume-id-hash" + PodUIDLabelKey = "csi.cert-manager.io/pod-uid" ) diff --git a/manager/manager.go b/manager/manager.go index 132c709..69bacaa 100644 --- a/manager/manager.go +++ b/manager/manager.go @@ -408,6 +408,7 @@ func (m *Manager) submitRequest(ctx context.Context, meta metadata.Metadata, csr Labels: map[string]string{ internalapi.NodeIDHashLabelKey: m.nodeNameHash, internalapi.VolumeIDHashLabelKey: internalapiutil.HashIdentifier(meta.VolumeID), + internalapi.PodUIDLabelKey: meta.VolumeContext["csi.storage.k8s.io/pod.uid"], }, OwnerReferences: []metav1.OwnerReference{ {