Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-23082

Set automountServiceAccountToken to false for network-node-identity deployment in Hypershift

    XMLWordPrintable

Details

    • Important
    • No
    • False
    • Hide

      None

      Show
      None
    • Release Note Not Required
    • In Progress

    Description

      Description of problem:

      From our initial investigation, it seems like the network-node-identity component does not need management cluster access in Hypershift
      
      We were looking at:
      https://github.com/openshift/cluster-network-operator/blob/release-4.14/bindata/network/node-identity/managed/node-identity.yaml
      
      For the webhook and approver container: https://github.com/openshift/ovn-kubernetes/blob/release-4.14/go-controller/cmd/ovnkube-identity/ovnkubeidentity.go
      
      For the token minter container: https://github.com/openshift/hypershift/blob/release-4.14/token-minter/tokenminter.go
      
      We also tested by disabling the automountserviceaccounttoken and things still seemed to be functioning 

      Version-Release number of selected component (if applicable):

       

      How reproducible:

       

      Steps to Reproduce:

      1. Deploy a 4.14 hosted cluster
      2.
      3.
      

      Actual results:

       

      Expected results:

       

      Additional info:

       

      Attachments

        Issue Links

          Activity

            People

              sjenning Seth Jennings
              rodriguf Francisco Rodriguez
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: