Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(metrics): image pull secrets for metrics collector #3539

Merged
merged 2 commits into from Feb 12, 2024
Merged

fix(metrics): image pull secrets for metrics collector #3539

merged 2 commits into from Feb 12, 2024

Conversation

swiatekm-sumo
Copy link
Contributor

@swiatekm-sumo swiatekm-sumo commented Feb 9, 2024
edited

Ensure globally defined pull secrets are added to metrics collector ServiceAccounts. I've also added a test that checks all ServiceAccounts to ensure we catch this problem more easily in the future.

Fixes #3530

Checklist

  • Changelog updated or skip changelog label added
  • Documentation updated
  • Template tests added for new features
  • Integration tests added or modified for major features

@swiatekm-sumo swiatekm-sumo marked this pull request as ready for review February 9, 2024 16:34
@swiatekm-sumo swiatekm-sumo requested a review from a team as a code owner February 9, 2024 16:34
sumo-drosiek
sumo-drosiek requested changes Feb 12, 2024
View reviewed changes
Copy link
Contributor

@sumo-drosiek sumo-drosiek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need another serviceaccount for metrics. Can't we reuse the regular one? At this moment we have three serviceaccount:

  • setup
  • cleanup
  • for installed chart

@swiatekm-sumo
Copy link
Contributor Author

Do we need another serviceaccount for metrics. Can't we reuse the regular one? At this moment we have three serviceaccount:

* setup

* cleanup

* for installed chart

The metrics collector and target allocator have different required RBAC permissions, so they should have separate ServiceAccounts imo, based on the principle of least privilege. I think the same thing is true about setup and cleanup, which need to modify Secrets, unlike everything else.

@swiatekm-sumo swiatekm-sumo merged commit de06529 into main Feb 12, 2024
45 checks passed
@swiatekm-sumo swiatekm-sumo deleted the fix/targetallocator/pullsecrets branch February 12, 2024 10:15
This was referenced Mar 25, 2024
Merged
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@github-actions github-actions[bot] github-actions approved these changes

@sumo-drosiek sumo-drosiek sumo-drosiek approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

sumologic.pullSecrets doesn't work for the Target Allocator
2 participants
@swiatekm-sumo @sumo-drosiek