Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

fix: Add a tokenreviews role to the leader-election-role #471

Merged
merged 1 commit into from
May 25, 2024
Merged

fix: Add a tokenreviews role to the leader-election-role #471

merged 1 commit into from
May 25, 2024

Conversation

JonTheNiceGuy
Copy link
Contributor

Overview

With Kubernetes 1.24 and later, short-lived tokens are now a "thing". This change allows the leader-election role to conduct token reviews in line with the advice on this page

Notes for reviewer

Without this, you may see errors like this: cannot create resource "tokenreviews" in API group (see this KB article too)

@JonTheNiceGuy JonTheNiceGuy requested a review from a team as a code owner May 17, 2024 21:17
@JonTheNiceGuy JonTheNiceGuy requested review from sagikazarmark and removed request for a team May 17, 2024 21:17
@github-actions github-actions bot added the size/S Denotes a PR that changes 10-99 lines label May 17, 2024
@JonTheNiceGuy JonTheNiceGuy changed the title Add a tokenreviews role to the leader-election-role Fix: Add a tokenreviews role to the leader-election-role May 17, 2024
@JonTheNiceGuy JonTheNiceGuy changed the title Fix: Add a tokenreviews role to the leader-election-role fix: Add a tokenreviews role to the leader-election-role May 17, 2024
@JonTheNiceGuy @DiceJonSpriggs
Add a tokenreviews role to the leader-election-role
fdf9694 
Following the advice in this page [1] the leader-election role should be able to conduct tokenreviews to support short-lived tokens.

[1] https://developer.hashicorp.com/vault/docs/auth/kubernetes#how-to-work-with-short-lived-kubernetes-tokens

Signed-off-by: Jon Spriggs <jon@sprig.gs>
@csatib02 csatib02 requested a review from ramizpolic May 18, 2024 08:59
@csatib02 csatib02 added the kind/enhancement Categorizes issue or PR as related to an improvement. label May 18, 2024
akijakya
akijakya approved these changes May 20, 2024
View reviewed changes
Copy link
Member

@akijakya akijakya left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice catch, thanks!

@csatib02 csatib02 merged commit 08c9f22 into bank-vaults:main May 25, 2024
31 checks passed
@JonTheNiceGuy JonTheNiceGuy deleted the patch-1 branch May 25, 2024 09:23
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@akijakya akijakya akijakya approved these changes

@ramizpolic ramizpolic ramizpolic approved these changes

@sagikazarmark sagikazarmark Awaiting requested review from sagikazarmark sagikazarmark is a code owner automatically assigned from bank-vaults/maintainers

Assignees

@JonTheNiceGuy JonTheNiceGuy

Labels
kind/enhancement Categorizes issue or PR as related to an improvement. size/S Denotes a PR that changes 10-99 lines
Projects
Community contributions
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@JonTheNiceGuy @ramizpolic @akijakya @csatib02