fix: call TokenRequest API when service account token secret is missing #3377
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
perdasilva
reviewed
Sep 6, 2024
|
P.S. if you rebase, the flake will go away =D |
Beyond Kubernetes 1.22, the service account token secret is not automatically, created. Therefore, when OLM is not able to find the service account token secret, it should request one from the k8s api server. Ref: https://kubernetes.io/docs/reference/access-authn-authz/service-accounts-admin/#manual-secret-management-for-serviceaccounts Signed-off-by: Edmund Ochieng <[email protected]>
Signed-off-by: Edmund Ochieng <[email protected]>
Signed-off-by: Edmund Ochieng <[email protected]>
OchiengEd
force-pushed
the
sa_token_req
branch
from
c273967 to
426c3cb
Compare
|
@perdasilva All done. You should be good to review |
tmshort
reviewed
Sep 10, 2024
Move the return to line 48. This will ensure a value is returned whether we successully create a service account token from the TokenRequest API or get an error Signed-off-by: Edmund Ochieng <[email protected]>
github-merge-queue bot
pushed a commit
that referenced
this pull request
Sep 12, 2024
…ng (#3377) * fix: call TokenRequest API when service account token secret is missing Beyond Kubernetes 1.22, the service account token secret is not automatically, created. Therefore, when OLM is not able to find the service account token secret, it should request one from the k8s api server. Ref: https://kubernetes.io/docs/reference/access-authn-authz/service-accounts-admin/#manual-secret-management-for-serviceaccounts Signed-off-by: Edmund Ochieng <[email protected]> * fix: return error Signed-off-by: Edmund Ochieng <[email protected]> * handle error when creating sa token from TokenRequest API fails Signed-off-by: Edmund Ochieng <[email protected]> * move return from inner loop Move the return to line 48. This will ensure a value is returned whether we successully create a service account token from the TokenRequest API or get an error Signed-off-by: Edmund Ochieng <[email protected]> --------- Signed-off-by: Edmund Ochieng <[email protected]>
github-merge-queue
bot
removed this pull request from the merge queue due to failed status checks
github-merge-queue bot
pushed a commit
that referenced
this pull request
Sep 12, 2024
…ng (#3377) * fix: call TokenRequest API when service account token secret is missing Beyond Kubernetes 1.22, the service account token secret is not automatically, created. Therefore, when OLM is not able to find the service account token secret, it should request one from the k8s api server. Ref: https://kubernetes.io/docs/reference/access-authn-authz/service-accounts-admin/#manual-secret-management-for-serviceaccounts Signed-off-by: Edmund Ochieng <[email protected]> * fix: return error Signed-off-by: Edmund Ochieng <[email protected]> * handle error when creating sa token from TokenRequest API fails Signed-off-by: Edmund Ochieng <[email protected]> * move return from inner loop Move the return to line 48. This will ensure a value is returned whether we successully create a service account token from the TokenRequest API or get an error Signed-off-by: Edmund Ochieng <[email protected]> --------- Signed-off-by: Edmund Ochieng <[email protected]>
github-merge-queue
bot
removed this pull request from the merge queue due to failed status checks
Merged
via the queue into
operator-framework:master
with commit Sep 12, 2024
e20778c
12 checks passed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description of the change:
This pull requests introduces code that will attempt to request a service account token via the TokenRequest API whenever an error is return regarding a missing service account token secret.
Motivation for the change:
Beyond Kubernetes 1.22, the service account token secret is not automatically created. Therefore, unless manually created, the service account token secret is expect to be missing.
As a result, it is necessary to update the Operator Lifecycle manager(OLM) code to account for the above change in the Kubernetes behavior.
Architectural changes:
Testing remarks:
Reviewer Checklist
/doc[FLAKE]are truly flaky and have an issueCloses #3376