Skip to content

Fixing instance-init bkp KV fetch

Saravanakumar V requested to merge sarv/fixbkpkv into azure/m16-master

Fixing utils.py to fetch KV that is NOT bkp keyvault

Issue:

Instance init script is fetching secrets from unintended Bkp keyvault as it is listing keyvaults from RG and using the first KV that is returned

https://oepdpeuprodadx.westeurope.kusto.windows.net/oepdpeuprodadxdb KubernetesContainers

| where ['time'] >= ago(30d) | where log has "successfully fetched keyvault name: kv-bkp-" | where NamespaceName == "osdu-azure" | where PodName has "instance-init" | where ContainerName != "istio-init" | order by ['time'] asc

Fix

In many cases, secrets are synced to Bkp vault and this is NOT a issue.

But, the source of truth is primary KV. so, the fix is ensuring the fetched KV is NOT bkp

Validation

Reran instance-init job with existing instance

Merge request reports

Loading