-
Notifications
You must be signed in to change notification settings - Fork 39.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
DaemonSets don't handle service account secret rotation well #62915
Comments
Any details about how this differs from the other workload controllers? |
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
Stale issues rot after 30d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
/remove-lifecycle stale @liggitt or @mikedanese could you add some specifics? |
This is fixed by new service account token volumes. |
The problem is that many DaemonSets do not get evicted during node upgrades. Credential rotation + node upgrade works for rotating anything that gets evicted, but some critical daemons lie around with secret volumes that reference secrets that don't exist. |
No description provided.
The text was updated successfully, but these errors were encountered: