Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-2160

Track changes of serviceAccountIssuer in operator status

    XMLWordPrintable

Details

    • Bug
    • Resolution: Duplicate
    • Major
    • None
    • 4.11.z
    • kube-apiserver
    • None
    • Moderate
    • Proposed
    • False
    • Hide

      None

      Show
      None
    • If Release Note Needed, Set a Value
    • Set a Value

    Description

      Description of problem:

      This issue exists to drive the backport process of https://github.com/openshift/api/pull/1313

      According to the Kubernetes documentation, starting from Kubernetes 1.22, the service-account-issuer flag can be specified multiple times. The first value is then used to generate new tokens and other values are accepted. Using this field can prevent cluster disruptions and allows for smoother reconfiguration of this field.

      see: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#service-account-token-volume-projection

      The status field will allow us to keep track of "used" service account issuers and also expire/prune them.

      this is a replacement for: #1309

      xref: https://issues.redhat.com/browse/AUTH-309

       

      Version-Release number of selected component (if applicable):

       

      How reproducible:

       

      Steps to Reproduce:

      1.
2.
3.

      Actual results:

       

      Expected results:

       

      Additional info:

       

      Attachments

        Activity

          People

            mfojtik@redhat.com Michal Fojtik
            mfojtik@redhat.com Michal Fojtik
            Xingxing Xia Xingxing Xia
            Votes:
            0 Vote for this issue
            Watchers:
            8 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: