Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-2164

Track changes of serviceAccountIssuer in operator status

    XMLWordPrintable

Details

    • Bug
    • Resolution: Duplicate
    • Major
    • None
    • 4.9.z
    • kube-apiserver
    • None
    • Moderate
    • Proposed
    • False
    • Hide

      None

      Show
      None
    • If Release Note Needed, Set a Value
    • Set a Value

    Description

      Description of problem:

      This issue exists to drive the backport process of https://github.com/openshift/api/pull/1313

      According to the Kubernetes documentation, starting from Kubernetes 1.22, the service-account-issuer flag can be specified multiple times. The first value is then used to generate new tokens and other values are accepted. Using this field can prevent cluster disruptions and allows for smoother reconfiguration of this field.

      see: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#service-account-token-volume-projection

      The status field will allow us to keep track of "used" service account issuers and also expire/prune them.

      this is a replacement for: #1309

      xref: https://issues.redhat.com/browse/AUTH-309

       

      Version-Release number of selected component (if applicable):

       

      How reproducible:

       

      Steps to Reproduce:

      1.
2.
3.

      Actual results:

       

      Expected results:

       

      Additional info:

       

      Attachments

        Issue Links

          clones

          Bug - A problem that impairs or prevents the functions of the product. OCPBUGS-2163 Track changes of serviceAccountIssuer in operator status

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          depends on

          Bug - A problem that impairs or prevents the functions of the product. OCPBUGS-2163 Track changes of serviceAccountIssuer in operator status

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          links to

          GitHub openshift/api#1324: OCPBUGS-2164: [release-4.9] operator: add service account issuers into kubernetes apiserver operator

          Activity

            People

              mfojtik@redhat.com Michal Fojtik
              mfojtik@redhat.com Michal Fojtik
              Xingxing Xia Xingxing Xia
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: