Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use consistent helper for getting secret names from pod #41957

Merged
merged 1 commit into from
Feb 26, 2017
Merged

Use consistent helper for getting secret names from pod #41957

merged 1 commit into from
Feb 26, 2017

Conversation

liggitt
Copy link
Member

@liggitt liggitt commented Feb 23, 2017
edited

Kubelet secret-manager and mirror-pod admission both need to know what secrets a pod spec references. Eventually, a node authorizer will also need to know the list of secrets.

This creates a single (well, double, because api versions) helper that can be used to traverse the secret names referenced from a pod, optionally short-circuiting (for places that are just looking to see if any secrets are referenced, like admission, or are looking for a particular secret ref, like authorization)

Fixes:

  • secret manager not handling secrets used by env/envFrom in initcontainers
  • admission allowing mirror pods with secret references

@smarterclayton @wojtek-t

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Feb 23, 2017
@k8s-reviewable
Copy link

This change is Reviewable

@k8s-github-robot k8s-github-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. release-note-label-needed labels Feb 23, 2017
@liggitt liggitt assigned wojtek-t and unassigned dims Feb 23, 2017
@liggitt liggitt added release-note-none Denotes a PR that doesn't merit a release note. and removed release-note-label-needed labels Feb 23, 2017
@liggitt liggitt added this to the v1.6 milestone Feb 23, 2017
@liggitt liggitt added the kind/bug Categorizes issue or PR as related to a bug. label Feb 23, 2017
@liggitt
Copy link
Member Author

liggitt commented Feb 23, 2017

still trying to figure out how to catch drift

@wojtek-t
Copy link
Member

/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Feb 23, 2017
@k8s-github-robot
Copy link

[APPROVALNOTIFIER] This PR is APPROVED

The following people have approved this PR: liggitt, wojtek-t

Needs approval from an approver in each of these OWNERS Files:

You can indicate your approval by writing /approve in a comment
You can cancel your approval by writing /approve cancel in a comment

@k8s-github-robot k8s-github-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Feb 23, 2017
@liggitt
Copy link
Member Author

liggitt commented Feb 23, 2017

@k8s-bot cvm gce e2e test this

@k8s-github-robot
Copy link

Automatic merge from submit-queue (batch tested with PRs 41814, 41922, 41957, 41406, 41077)

@k8s-github-robot k8s-github-robot merged commit 2eef3b1 into kubernetes:master Feb 26, 2017
@k8s-ci-robot
Copy link
Contributor

k8s-ci-robot commented Feb 26, 2017
edited

@liggitt: The following test(s) failed:

Test name Commit Details Rerun command
Jenkins non-CRI GCE Node e2e a552630 link @k8s-bot non-cri node e2e test this

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@liggitt liggitt deleted the mirror-pod-secrets branch February 27, 2017 05:00
@liggitt liggitt mentioned this pull request Feb 27, 2017
Merged
k8s-github-robot pushed a commit that referenced this pull request Feb 28, 2017
Merge pull request #42143 from liggitt/pod-secrets
e210dd7 
Automatic merge from submit-queue (batch tested with PRs 35094, 42095, 42059, 42143, 41944)

Fix azure file secret reference

Follow up to #41957

Fixes nil dereference getting secret name from AzureFile volume source.

Adds unit tests to make sure all secret references are extracted correctly, and adds reflective tests to help catch drift if new secret references are added to the pod spec
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@wojtek-t wojtek-t

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/bug Categorizes issue or PR as related to a bug. lgtm "Looks good to me", indicates that a PR is ready to be merged. release-note-none Denotes a PR that doesn't merit a release note. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
v1.6
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@liggitt @k8s-reviewable @wojtek-t @k8s-github-robot @k8s-ci-robot @dims