Skip to content

fix: Service Account Mitigation for CNS on k8s Windows 2022 #1367

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
May 20, 2022
Merged

fix: Service Account Mitigation for CNS on k8s Windows 2022 #1367

merged 7 commits into from
May 20, 2022

Conversation

@jaer-tsun
Copy link
Contributor

@jaer-tsun jaer-tsun commented May 6, 2022

Reason for Change:

Service Account Mitigation for CNS on k8s Windows 2022

Issue Fixed:

Requirements:

Notes:

@jaer-tsun jaer-tsun requested a review from a team as a code owner May 6, 2022 21:59
@jaer-tsun jaer-tsun requested review from rbtr and removed request for a team May 6, 2022 21:59
rbtr
rbtr reviewed May 6, 2022
View reviewed changes
@rbtr
Copy link
Collaborator

rbtr commented May 6, 2022

what was the issue that this fixes?

@jaer-tsun
Copy link
Contributor Author

jaer-tsun commented May 6, 2022

what was the issue that this fixes?

Hoping this will resolve those SA issues for host process containers

e.g. failed to get nnc kube-system/aksnpwin000000: nodenetworkconfigs.acn.azure.com "aksnpwin000000" is forbidden: User "system:node:aksnpwin000000" cannot get resource "nodenetworkconfigs" in API group "acn.azure.com" in the namespace "kube-system"

@jaer-tsun jaer-tsun force-pushed the cnsSAHack branch 2 times, most recently from 1049132 to 2ef976d Compare May 7, 2022 00:12
rbtr
rbtr requested changes May 9, 2022
View reviewed changes
jaer-tsun
jaer-tsun commented May 10, 2022
View reviewed changes
@jaer-tsun jaer-tsun requested a review from rbtr May 16, 2022 16:40
rbtr
rbtr approved these changes May 20, 2022
View reviewed changes
Copy link
Collaborator

@rbtr rbtr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it shouldn't be necessary to do this kubeconfig templating (should be easy to set all of these fields on the rest.Config directly since it's mostly the in-cluster config). but if it works for now until the windows support is better and we don't need it at all, okay

@jaer-tsun jaer-tsun merged commit 7219bb2 into Azure:master May 20, 2022
@jaer-tsun jaer-tsun deleted the cnsSAHack branch May 20, 2022 17:03
matmerr pushed a commit to matmerr/azure-container-networking that referenced this pull request Jun 29, 2022
@jaer-tsun @vakalapa
fix: Service Account Mitigation for CNS on k8s Windows 2022 (Azure#1367)
7ee2284 
* Service Account Mitigation for CNS on k8s Windows 2022

* pick up Neha's bug fix

* addressing comments

* add node selector back

Co-authored-by: Jaeryn <tsun.chu@microsoft.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rbtr rbtr rbtr approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jaer-tsun @rbtr