-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
HIVE-1159: Cloud Credentials Operator (CCO) support for deleting GCP root creds post-install #28974
HIVE-1159: Cloud Credentials Operator (CCO) support for deleting GCP root creds post-install #28974
Conversation
Deploy preview for osdocs ready! Built with commit 6dc493b |
d3ffb8a
to
1e057cd
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(Adding a few minor edits I noticed while re-reviewing previews, will grab as part of SME revisions)
@akhil-rane this PR has revisions to cover cred removal on GCP, and some related changes to support that addition. PTAL when you can 🙏 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@jeana-redhat In the section Rotating cloud provider credentials manually
, it is mentioned that supported platforms are AWS, Azure, and GCP. But I think other platforms are also supported. Only thing is that they are not supported for Mint mode (as mentioned in the support matrix).
1e057cd
to
8979363
Compare
Updated rotation task prereq to split out mint vs passthrough supported status. Thank you! |
8979363
to
33e418c
Compare
Here are some of the things that I noticed during the review:
@joelddiaz your input on some of the above topics will help a lot in case I miss something :) |
Can't remove creds in Azure b/c there is no read-only credentials defined for Azure so that CCO can verify that things are working. |
33e418c
to
aaccc0d
Compare
927b631
to
5d4426f
Compare
5d4426f
to
1db92f6
Compare
Ok - I think this most recent push resolves previous issues, but PTAL @akhil-rane & @joelddiaz 🙏 Preview links in fist comment have auto-updated for easier reading :) |
modules/alternatives-to-storing-admin-secrets-in-kube-system.adoc
Outdated
Show resolved
Hide resolved
477e9ec
to
5f92d46
Compare
@lwan-wanglin PTAL at the procedures here when you can - some changes from what you sent me (including doing some of it in the GUI instead of CLI). Preview links are in the top comment on the PR. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Real good! Just a few minor suggestions.
modules/alternatives-to-storing-admin-secrets-in-kube-system.adoc
Outdated
Show resolved
Hide resolved
5f92d46
to
6dc493b
Compare
Status update: |
LGTM! The feature works well on my test and doc looks good to me. |
/cherrypick enterprise-4.7 |
@jeana-redhat: new pull request created: #29658 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Primarily an effort to cover HIVE-1159: Cloud Credentials Operator (CCO) support for deleting GCP root creds post-install, but also clarifying some sections and bringing them into parallel construction, and elaborating on the credentials rotation process.
Previews