Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Critical
Fix Version/s: None
Affects Version/s: 4.16, 4.17
Component/s: OLM
Labels:

Severity:
Critical
Regression:
No
Sprint:
Bulbasaur OLM Sprint 262
sprint_count:
1
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Release Note Text:

Hide
Beyond Kubernetes 1.22, the service account token secret is not automatically, created. Therefore, when OLM is not able to find the service account token secret, it should request one from the k8s api server.

Ref: https://kubernetes.io/docs/reference/access-authn-authz/service-accounts-admin/#manual-secret-management-for-serviceaccounts

Show
Beyond Kubernetes 1.22, the service account token secret is not automatically, created. Therefore, when OLM is not able to find the service account token secret, it should request one from the k8s api server. Ref: https://kubernetes.io/docs/reference/access-authn-authz/service-accounts-admin/#manual-secret-management-for-serviceaccounts
Release Note Type:
Bug Fix
Release Note Status:
In Progress
RH Private Keywords:
Target Version:

4.17.z
Target Backport Versions:

4.16

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

This is a clone of issue OCPBUGS-42360. The following is the description of the original issue:
—
Description of problem:

    due to https://issues.redhat.com/browse/API-1644, no token was generate for sa automatically, it is needed to add one step to create the token manually.

Version-Release number of selected component (if applicable):

After creating a new service account, one step should be added to create a long-lived API token

How reproducible:

    always

Steps to Reproduce:

secret yaml file exmaple:

xzha@xzha1-mac OCP-24771 % cat secret.yaml 
apiVersion: v1
kind: Secret
metadata:
  name: scoped
  annotations:
    kubernetes.io/service-account.name: scoped
type: kubernetes.io/service-account-token

Actual results:

Expected results:

Additional info:

blocks

OCPBUGS-44802 OLM doesn't support for user defined ServiceAccount for OperatorGroup.

Verified

is blocked by

OCPBUGS-42360 OLM doesn't support for user defined ServiceAccount for OperatorGroup.

Verified

is cloned by

OCPBUGS-44802 OLM doesn't support for user defined ServiceAccount for OperatorGroup.

Verified

links to

openshift/operator-framework-olm#898: OCPBUGS-44760: fix: call TokenRequest API when service account token secret is missing

RHBA-2024:10137 OpenShift Container Platform 4.17.z bug fix update

Assignee:: Jordan Keister

Reporter:: OpenShift Prow Bot

QA Contact:: Xia Zhao

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Created:: 2024/11/19 8:10 PM

Updated:: 2024/11/21 9:01 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates