New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug 1765294: Use OwnerRefs to clean up SA pull secrets #61
Bug 1765294: Use OwnerRefs to clean up SA pull secrets #61
Conversation
@adambkaplan: This pull request references Bugzilla bug 1765294, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/test e2e-aws-builds |
42b2649
to
3d24283
Compare
/test e2e-aws-builds |
/assign @bparees |
3d24283
to
7455a42
Compare
Name: tokenSecret.Name, | ||
UID: tokenSecret.UID, | ||
}, | ||
}) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@deads2k are you aware of any reason we wouldn't want to have ownerrefs between the dockercfg secret and the token secret? I'm sure we didn't do it originally because ownerrefs didn't exist, but now that they do can we just lifecycle the dockercfg secret w/ the tokensecret? (modulo migration concerns)
lgtm assuming @deads2k doesn't have a reason why it's not ok to use GC here. |
7455a42
to
13b5462
Compare
/test e2e-aws-builds |
/retest |
1 similar comment
/retest |
/retest I suspect the errors in |
/test e2e-aws-builds |
5395f2b
to
938624a
Compare
my review stands: |
/retest ping @deads2k per #61 (comment) |
|
||
// hasOwnerReference checks if the given tokenSecret is the owner of the provided pullSecret | ||
func hasOwnerReference(tokenSecret, pullSecret *v1.Secret) bool { | ||
for _, owner := range pullSecret.OwnerReferences { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i think there is upstream helper that does this in generic way
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@mfojtik I found the functions in https://github.com/kubernetes/apimachinery/blob/master/pkg/apis/meta/v1/controller_ref.go. Works -ish - I need to set blockOwnerDeletion
to false
, otherwise I need additional RBAC permissions.
/retest |
Update the service account pull secret controller to add owner references to generated pull secrets. This ensures pull secrets are deleted when the associated token is deleted.
1c3dff5
to
2d3371c
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/retest AWS rate limit issues |
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: adambkaplan, bparees The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
@adambkaplan: All pull requests linked via external trackers have merged. Bugzilla bug 1765294 has been moved to the MODIFIED state. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/cherrypick release-4.4 /cherrypick release-4.3 |
@adambkaplan: new pull request created: #67 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/cherrypick release-4.3 |
@adambkaplan: new pull request created: #68 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Update the service account pull secret controller to add owner
references to generated pull secrets. This ensures pull secrets are
deleted when the associated token is deleted.