Loading...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Critical
Fix Version/s: None
Affects Version/s: 4.16, 4.17
Component/s: OLM
Labels:

Severity:
Critical
Regression:
No
Sprint:
Bulbasaur OLM Sprint 262
sprint_count:
1
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Release Note Text:

Hide
* Previously, if OLM was unable to access the secret associated with a service account, OLM would rely on the Kubernetes API server to automatically create a bearer token. With Kubernetes versions 1.22 and later, this action is no longer automatic, so with this release OLM uses the `TokenRequest` API to request a new Kubernetes API token.

Show
* Previously, if OLM was unable to access the secret associated with a service account, OLM would rely on the Kubernetes API server to automatically create a bearer token. With Kubernetes versions 1.22 and later, this action is no longer automatic, so with this release OLM uses the `TokenRequest` API to request a new Kubernetes API token.
Release Note Type:
Bug Fix
Release Note Status:
Done
RH Private Keywords:
Target Version:

4.17.z
Target Backport Versions:

4.16

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

This is a clone of issue OCPBUGS-42360. The following is the description of the original issue:
—
Description of problem:

    due to https://issues.redhat.com/browse/API-1644, no token was generate for sa automatically, it is needed to add one step to create the token manually.

Version-Release number of selected component (if applicable):

After creating a new service account, one step should be added to create a long-lived API token

How reproducible:

    always

Steps to Reproduce:

secret yaml file exmaple:

xzha@xzha1-mac OCP-24771 % cat secret.yaml 
apiVersion: v1
kind: Secret
metadata:
  name: scoped
  annotations:
    kubernetes.io/service-account.name: scoped
type: kubernetes.io/service-account-token

Actual results:

Expected results:

Additional info:

blocks

OCPBUGS-44802 OLM doesn't support for user defined ServiceAccount for OperatorGroup.

Closed

is blocked by

OCPBUGS-42360 OLM doesn't support for user defined ServiceAccount for OperatorGroup.

Verified

is cloned by

OCPBUGS-44802 OLM doesn't support for user defined ServiceAccount for OperatorGroup.

Closed

links to

openshift/operator-framework-olm#898: OCPBUGS-44760: fix: call TokenRequest API when service account token secret is missing

RHBA-2024:10137 OpenShift Container Platform 4.17.z bug fix update

Assignee:: Jordan Keister

Reporter:: OpenShift Prow Bot

QA Contact:: Xia Zhao

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Created:: 2024/11/19 8:10 PM

Updated:: 2024/11/26 7:26 PM

Resolved:: 2024/11/26 7:26 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates