Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-2158

Track changes of serviceAccountIssuer in operator status

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • None
    • 4.12
    • kube-apiserver
    • None
    • Moderate
    • None
    • Rejected
    • False
    • Hide

      None

      Show
      None
    • If Release Note Needed, Set a Value
    • Set a Value

      Description of problem:

      This issue exists to drive the backport process of https://github.com/openshift/api/pull/1313

      According to the Kubernetes documentation, starting from Kubernetes 1.22, the service-account-issuer flag can be specified multiple times. The first value is then used to generate new tokens and other values are accepted. Using this field can prevent cluster disruptions and allows for smoother reconfiguration of this field.

      see: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#service-account-token-volume-projection

      The status field will allow us to keep track of "used" service account issuers and also expire/prune them.

      this is a replacement for: #1309

      xref: https://issues.redhat.com/browse/AUTH-309

       

      Version-Release number of selected component (if applicable):

       

      How reproducible:

       

      Steps to Reproduce:

      1.
      2.
      3.
      

      Actual results:

       

      Expected results:

       

      Additional info:

       

              mfojtik@redhat.com Michal Fojtik (Inactive)
              mfojtik@redhat.com Michal Fojtik (Inactive)
              Ke Wang Ke Wang
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: