Open aramase opened 1 year ago
/assign @mandreap
@aramase: GitHub didn't allow me to assign the following users: mandreap.
Note that only kubernetes-sigs members with read permissions, repo collaborators and people who have commented on this issue/PR can be assigned. Additionally, issues/PRs can only have 10 assignees at the same time. For more information please see the contributor guide
/assign
@aramase should we update the SecretProviderClass as well?
@aramase should we update the SecretProviderClass as well?
yes, let's update it!
The Kubernetes project currently lacks enough contributors to adequately respond to all issues.
This bot triages un-triaged issues according to the following rules:
lifecycle/stale
is appliedlifecycle/stale
was applied, lifecycle/rotten
is appliedlifecycle/rotten
was applied, the issue is closedYou can:
/remove-lifecycle stale
/close
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale
/remove-lifecycle stale
The Kubernetes project currently lacks enough contributors to adequately respond to all issues.
This bot triages un-triaged issues according to the following rules:
lifecycle/stale
is appliedlifecycle/stale
was applied, lifecycle/rotten
is appliedlifecycle/rotten
was applied, the issue is closedYou can:
/remove-lifecycle stale
/close
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues.
This bot triages un-triaged issues according to the following rules:
lifecycle/stale
is appliedlifecycle/stale
was applied, lifecycle/rotten
is appliedlifecycle/rotten
was applied, the issue is closedYou can:
/remove-lifecycle rotten
/close
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle rotten
/remove-lifecycle rotten /lifecycle frozen
The
kubebuilder
annotations here: https://github.com/kubernetes-sigs/secrets-store-csi-driver/blob/57b18e80fe781f3dac581475ce817d633b532e71/apis/v1/secretproviderclasspodstatus_types.go#L43-L49 is missing thekubebuilder:subresource:status
bit, example: https://github.com/vmware-tanzu/pinniped/blob/0f613d1823d8eaa8a6cf3cb4a1d75d664be79a1e/apis/supervisor/config/v1alpha1/types_federationdomain.go.tmpl#L116This means that the API server isn't creating the status sub resource for the CR, nor is it enforcing the rules between spec/status.
The fix would involve updating the annotations, RBAC, CRDs and then also doing an upgrade and downgrade check for the CR with "legacy" data. Probably also would need a release note that tells people not to try to mix and match old/new images with old/new manifests. In addition, we also need to update any
Create
calls that setStatus
and move allUpdate
calls toUpdateStatus
.