Uploaded image for project: 'OpenShift Request For Enhancement'
  1. OpenShift Request For Enhancement
  2. RFE-4010

No auto-generated secrets when Service Account are created

XMLWordPrintable

    • Icon: Feature Request Feature Request
    • Resolution: Done
    • Icon: Critical Critical
    • None
    • None
    • None
    • None
    • False
    • None
    • False
    • Not Selected

      Description of problem:

      Even though in 4.11 we introduced LegacyServiceAccountTokenNoAutoGeneration to be compatible with upstream K8s to not generate secrets with tokens when service accounts are created, today OpenShift still creates secrets and tokens that are used for legacy usage of openshift-controller as well as the image-pull secrets. 

       

      Customer issues:

      Customers see auto-generated secrets for service accounts which is flagged as a security risk. 

       

      This RFE is to track the feature for removing legacy usage and image-pull secret generation as well so that NO secrets are auto-generated when a Service Account is created on OpenShift cluster. 

       

            slaznick@redhat.com Stanislav Láznička
            mfojtik@redhat.com Michal Fojtik
            Giriyamma Karagere Ramaswamy Giriyamma Karagere Ramaswamy (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: