Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Add a tokenreviews role to the leader-election-role #471

Merged
merged 1 commit into from
May 25, 2024
Merged

fix: Add a tokenreviews role to the leader-election-role #471

merged 1 commit into from
May 25, 2024
+12 −0

Conversation

JonTheNiceGuy
Copy link
Contributor

Overview

With Kubernetes 1.24 and later, short-lived tokens are now a "thing". This change allows the leader-election role to conduct token reviews in line with the advice on this page

Notes for reviewer

Without this, you may see errors like this: cannot create resource "tokenreviews" in API group (see this KB article too)

@JonTheNiceGuy JonTheNiceGuy requested a review from a team as a code owner May 17, 2024 21:17
@JonTheNiceGuy JonTheNiceGuy requested review from sagikazarmark and removed request for a team May 17, 2024 21:17
@github-actions github-actions bot added the size/S Denotes a PR that changes 10-99 lines label May 17, 2024
@JonTheNiceGuy JonTheNiceGuy changed the title Add a tokenreviews role to the leader-election-role Fix: Add a tokenreviews role to the leader-election-role May 17, 2024
@JonTheNiceGuy JonTheNiceGuy changed the title Fix: Add a tokenreviews role to the leader-election-role fix: Add a tokenreviews role to the leader-election-role May 17, 2024
@JonTheNiceGuy @DiceJonSpriggs
Add a tokenreviews role to the leader-election-role
fdf9694 
Following the advice in this page [1] the leader-election role should be able to conduct tokenreviews to support short-lived tokens.

[1] https://developer.hashicorp.com/vault/docs/auth/kubernetes#how-to-work-with-short-lived-kubernetes-tokens

Signed-off-by: Jon Spriggs <jon@sprig.gs>
@csatib02 csatib02 requested a review from ramizpolic May 18, 2024 08:59
@csatib02 csatib02 added the kind/enhancement Categorizes issue or PR as related to an improvement. label May 18, 2024
akijakya
akijakya approved these changes May 20, 2024
View reviewed changes
Copy link
Contributor

@akijakya akijakya left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice catch, thanks!

@csatib02 csatib02 merged commit 08c9f22 into bank-vaults:main May 25, 2024
31 checks passed
@JonTheNiceGuy JonTheNiceGuy deleted the patch-1 branch May 25, 2024 09:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ramizpolic ramizpolic ramizpolic approved these changes

@akijakya akijakya akijakya approved these changes

@sagikazarmark sagikazarmark Awaiting requested review from sagikazarmark sagikazarmark is a code owner automatically assigned from bank-vaults/maintainers

Assignees

@JonTheNiceGuy JonTheNiceGuy

Labels
kind/enhancement Categorizes issue or PR as related to an improvement. size/S Denotes a PR that changes 10-99 lines
Projects
Community contributions
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@JonTheNiceGuy @ramizpolic @akijakya @csatib02