search

kubernetes-sigs / secrets-store-csi-driver

Secrets Store CSI driver for Kubernetes secrets - Integrates secrets stores with Kubernetes via a CSI volume.
https://secrets-store-csi-driver.sigs.k8s.io/
Apache License 2.0
1.26k stars 291 forks source link

Generate status subresource for `SecretProviderClassPodStatus` #1301

Open aramase opened 1 year ago

aramase commented 1 year ago

The kubebuilder annotations here: https://github.com/kubernetes-sigs/secrets-store-csi-driver/blob/57b18e80fe781f3dac581475ce817d633b532e71/apis/v1/secretproviderclasspodstatus_types.go#L43-L49 is missing the kubebuilder:subresource:status bit, example: https://github.com/vmware-tanzu/pinniped/blob/0f613d1823d8eaa8a6cf3cb4a1d75d664be79a1e/apis/supervisor/config/v1alpha1/types_federationdomain.go.tmpl#L116

This means that the API server isn't creating the status sub resource for the CR, nor is it enforcing the rules between spec/status.

The fix would involve updating the annotations, RBAC, CRDs and then also doing an upgrade and downgrade check for the CR with "legacy" data. Probably also would need a release note that tells people not to try to mix and match old/new images with old/new manifests. In addition, we also need to update any Create calls that set Status and move all Update calls to UpdateStatus.

aramase commented 1 year ago

/assign @mandreap

k8s-ci-robot commented 1 year ago

@aramase: GitHub didn't allow me to assign the following users: mandreap.

Note that only kubernetes-sigs members with read permissions, repo collaborators and people who have commented on this issue/PR can be assigned. Additionally, issues/PRs can only have 10 assignees at the same time. For more information please see the contributor guide

In response to [this](https://github.com/kubernetes-sigs/secrets-store-csi-driver/issues/1301#issuecomment-1634644627): >/assign @mandreap Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.
mandreap commented 1 year ago

/assign

mandreap commented 1 year ago

@aramase should we update the SecretProviderClass as well?

aramase commented 1 year ago

@aramase should we update the SecretProviderClass as well?

yes, let's update it!

k8s-triage-robot commented 9 months ago

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

You can:

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

aramase commented 9 months ago

/remove-lifecycle stale

k8s-triage-robot commented 6 months ago

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

You can:

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

k8s-triage-robot commented 5 months ago

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

You can:

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

aramase commented 4 months ago

/remove-lifecycle rotten /lifecycle frozen