-
Notifications
You must be signed in to change notification settings - Fork 93
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(collector): checking existing service account before create running pod #1222
Conversation
I have one concern, in that we should already have the default serviceaccount there, and if we do not, do we really want to create it as part of a support-bundle run? |
pkg/collect/util.go
Outdated
if err != nil { | ||
klog.V(2).Infof("Failed to get service account %s, creating it", serviceAccountName) | ||
// Service account doesn't exist, create it | ||
_, err = client.CoreV1().ServiceAccounts(namespace).Create(context.Background(), &corev1.ServiceAccount{ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this will help immensely in tests with k3s, but we want to be sure that it's the behavior we want with production sites - the end user might not expect us to be creating serviceAccount resources when running Troubleshoot, and everything else gets deleted at the end. I'd not want to go deleting the default sa in this case.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this one only happens when user has specified its running service account and namespace in spec yaml, then we just check if the service account existed. otherwise just warning it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have changed the logic that we just get if the service account existed or not. Not creating it
In most standard k8s cluster, we should have default service account in default namespace, however, as you pointed out, I think we should give a warning not fail or create the default service account in default namespace. If the user is intended to delete default account. We should not create it again.Otherwise, we need to cleanup. |
ee3a00d
to
92d495a
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Description, Motivation and Context
Related to PR: #1196 (comment)
Fixes: #1223
Checklist
Does this PR introduce a breaking change?