Homogeneous Kubernetes clusters at scale on any infrastructure using hosted control planes.
2.92k
stars
478
forks
source link
hvpa-controller@v0.3.1 cannot reload its token (because it is using client-go < v0.15.7) #5222
Closed
ialidzhikov closed 2 years ago
/area security /kind bug /kind regression /priority 1
What happened: https://github.com/gardener/gardener/pull/5128 switches the hvpa-controller to use projected ServiceAccount tokens. From the project ServiceAccount tokens KEP (https://github.com/kubernetes/enhancements/blob/master/keps/sig-auth/1205-bound-service-account-tokens/README.md#prerequisites) there is the following prerequisite:
hvpa-controller@v0.3.1
vendors https://github.com/kubernetes/client-go/commit/1a26190bd76a (kubernetes-1.14.1) which obviously does not match the requirement forclient-go >= v0.15.7
.What you expected to happen: hvpa-controller to be able to handle the rotation of the mounted token.
How to reproduce it (as minimally and precisely as possible):
Unauthorized
errors:Anything else we need to know?: Related also to https://github.com/gardener/hvpa-controller/issues/87
Environment:
kubectl version
):