Skip to content

Conversation

@jaer-tsun
Copy link
Contributor

Reason for Change:

Service Account Mitigation for CNS on k8s Windows 2022

Issue Fixed:

Requirements:

Notes:

@jaer-tsun jaer-tsun requested a review from a team as a code owner May 6, 2022 21:59
@jaer-tsun jaer-tsun requested review from rbtr and removed request for a team May 6, 2022 21:59
@rbtr
Copy link
Collaborator

rbtr commented May 6, 2022

what was the issue that this fixes?

@jaer-tsun
Copy link
Contributor Author

what was the issue that this fixes?

Hoping this will resolve those SA issues for host process containers

e.g. failed to get nnc kube-system/aksnpwin000000: nodenetworkconfigs.acn.azure.com "aksnpwin000000" is forbidden: User "system:node:aksnpwin000000" cannot get resource "nodenetworkconfigs" in API group "acn.azure.com" in the namespace "kube-system"

@jaer-tsun jaer-tsun force-pushed the cnsSAHack branch 2 times, most recently from 1049132 to 2ef976d Compare May 7, 2022 00:12
@jaer-tsun jaer-tsun requested a review from rbtr May 16, 2022 16:40
Copy link
Collaborator

@rbtr rbtr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it shouldn't be necessary to do this kubeconfig templating (should be easy to set all of these fields on the rest.Config directly since it's mostly the in-cluster config). but if it works for now until the windows support is better and we don't need it at all, okay

@jaer-tsun jaer-tsun merged commit 7219bb2 into Azure:master May 20, 2022
@jaer-tsun jaer-tsun deleted the cnsSAHack branch May 20, 2022 17:03
matmerr pushed a commit to matmerr/azure-container-networking that referenced this pull request Jun 29, 2022
* Service Account Mitigation for CNS on k8s Windows 2022

* pick up Neha's bug fix

* addressing comments

* add node selector back

Co-authored-by: Jaeryn <tsun.chu@microsoft.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants