feat: adjust the provider to use the available service Account annotations instead of requiring it again in the SPC parameters #1443
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
@microsoft-github-policy-service agree |
wenzel-felix
changed the title
wenzel-felix
force-pushed
the
feature/use_clientID_from_serviceAccount
branch
2 times, most recently
from
8c472e0
to
2a3335b
Compare
…instead of requiring it again in the SPC parameters
wenzel-felix
force-pushed
the
feature/use_clientID_from_serviceAccount
branch
from
2a3335b
to
0afa0ee
Compare
website/content/en/configurations/identity-access-modes/workload-identity-mode.md
Outdated
Show resolved
Hide resolved
|
This PR is stale because it has been open 14 days with no activity. Please comment or this will be closed in 7 days. |
|
@aramase, please review |
|
This PR is stale because it has been open 14 days with no activity. Please comment or this will be closed in 7 days. |
|
Please review the PR |
|
@nilekhc, could you please review the PR |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Reason for Change:
Currently if one wants to use workload identity with this CSI driver one has to add the clientID manually to the parameters even though usually the service account of the pod mounting has this set anyway in its annotations. Other Secrets Store CSI Driver's are also taking care of this to simplify the usage.
Is this a chart or deployment yaml update?
Yes, there is an additional cluster role and cluster role binding required to retrieve the service account annotations.
Requirements
Issue Fixed:
none
Does this change contain code from or inspired by another project?
If "Yes," did you notify that project's maintainers and provide attribution?
No
Special Notes for Reviewers: