New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Token request: opt out of the token controller generated secrets #77599
Comments
/remove-sig api-machinery |
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
Stale issues rot after 30d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
Rotten issues close after 30d of inactivity. Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
@fejta-bot: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
Stale issues rot after 30d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
/remove-lifecycle rotten |
Hi, Do you have an estimation when this feature will be supported? currently old secret based service account tokens are generated although they are not needed, so we need to manually rotate them. Another related question:
Is this still correct with the new bound tokens approach? aren't secret based SA tokens going to be eliminated eventually? |
Stopping auto-generating new secret-based tokens and removing existing unused secret-based tokens is being addressed in KEP 2799 (kubernetes/enhancements#2800) /close |
@liggitt: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
The controller manager will optionally use the
TokenRequest
API to provision tokens for controllers. These SA based controllers no longer need secret based tokens.Action items:
/sig auth
/sig api-machinery
@kubernetes/sig-auth-feature-requests
xref: #70679 #71275 #72179
/priority important-longterm
The text was updated successfully, but these errors were encountered: