Loading...

XML

Word

Printable

Type: Task
Resolution: Done
Priority: Major
Fix Version/s: 3.6.0.GA
Affects Version/s: None
Component/s: Team B: DevWorkspace + Operator, Web Terminal + Operator, editors/IDEs + built-in vscode extensions, Universal Developer Image, machine-exec, dev environment config
Labels:
- rn-text-approved

Epic Link:
Dev Spaces v3.6.0 major enhancements and bug fixes (for RN&KI document)
Blocked:
False
Blocked Reason:
None
Ready:
False
Affects:

Release Notes
Release Note Text:

Hide
= Supported ServiceAccount token volume projection

With this update, administrators can configure the ServiceAccount token mounted in workspace Pods as a link:https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#serviceaccount-token-volume-projection[projected ServiceAccount token]. This enhancement enables administrators to set the `audience`, `mountPath`, and `expirationSeconds` of the token and enables federation such as link:https://cloud.google.com/iam/docs/workload-identity-federation[GCP workload identity federation]. Administrators can specify projected tokens properties in a `CheCluster` CR:

[source,yaml,subs="+quotes"]
----
spec:
  devEnvironments:
    serviceAccountTokens:
      - name: __<name>__
        mounthPath: __<absolute_path_in_the_container>__
        audience: __<audience>__
        expirationSeconds: __<positive_integer>__
        path: __<path_relative_to_the_mountpath>__
----

Show
= Supported ServiceAccount token volume projection With this update, administrators can configure the ServiceAccount token mounted in workspace Pods as a link: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#serviceaccount-token-volume-projection [projected ServiceAccount token]. This enhancement enables administrators to set the `audience`, `mountPath`, and `expirationSeconds` of the token and enables federation such as link: https://cloud.google.com/iam/docs/workload-identity-federation [GCP workload identity federation]. Administrators can specify projected tokens properties in a `CheCluster` CR: [source,yaml,subs="+quotes"] ---- spec:   devEnvironments:     serviceAccountTokens:       - name: __<name>__         mounthPath: __<absolute_path_in_the_container>__         audience: __<audience>__         expirationSeconds: __<positive_integer>__         path: __<path_relative_to_the_mountpath>__ ----
Release Note Type:
Enhancement
Release Note Status:
Done
Intelligence Requested:
Market:

SFDC Cases Counter:
SFDC Cases Links:

Enhancement release note for https://github.com/eclipse/che/issues/22012

based on https://github.com/eclipse/che/releases/tag/untagged-63ed44d9930d58c780e9

Assignee:: Mario Loriedo

Reporter:: Max Leonov

Writer:: Max Leonov

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2023/05/03 11:26 AM

Updated:: 2023/05/18 10:24 PM

Resolved:: 2023/05/17 11:53 AM

Details

Description

Attachments

Activity

People

Dates