erikerlandson
commented
7 years ago This logic implements a policy that kube secret credentials override service acct, and also prevent service acct from being applied. Is that the right policy?
Closed kimoonkim closed 7 years ago
erikerlandson
commented
7 years ago This logic implements a policy that kube secret credentials override service acct, and also prevent service acct from being applied. Is that the right policy?
mccheah
commented
7 years ago I think this is the right policy.
ash211
commented
7 years ago I thought we had validation that you can't apply both secret creds and a service account -- you have to pick one or the other
mccheah
commented
7 years ago I think either is fine really, but we should have preference for the non-service account based authentication.
erikerlandson
commented
7 years ago I was imagining what amounts to supplementing permissions from one with the other, but that might be a corner case.
erikerlandson
commented
7 years ago It sounds like the current logic is restoring the original logic that was clobbered - LGTM
kimoonkim
commented
7 years ago It seems everybody is fine with this, although it isn't approved yet. Maybe we can approve and merge this soon. I also wonder if we need to have a dot release in case more people start to use Kubernetes 1.6.
erikerlandson
commented
7 years ago @foxish, you're assigned, do you want to merge?
foxish
commented
7 years ago LGTM
kimoonkim
commented
7 years ago Thanks everyone for the reviews!
Fixes #448.