Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Secret documentation references unimplemented feature #26378

Closed
JacobHenner opened this issue Feb 4, 2021 · 2 comments · Fixed by #26379
Closed

Secret documentation references unimplemented feature #26378

JacobHenner opened this issue Feb 4, 2021 · 2 comments · Fixed by #26379
Labels
help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. kind/bug Categorizes issue or PR as related to a bug. language/en Issues or PRs related to English language triage/accepted Indicates an issue or PR is ready to be actively worked on.

Comments

@JacobHenner
Copy link
Contributor

JacobHenner commented Feb 4, 2021
edited
Loading

This is a Bug Report

Problem: It appears as if the Secret documentation references a feature that isn't currently implemented. Specifically, it includes the following:

Manually created secrets (for example, one containing a token for accessing a GitHub account) can be automatically attached to pods based on their service account.

Prior to #26027 this was accompanied by the text:

See Injecting Information into Pods Using a PodPreset for a detailed explanation of that process.

However, PodPresets have been dropped from Kubernetes.

Accordingly, this section should reference a different mechanism to achieve the same goal if such a mechanism exists. If it doesn't it should be dropped.

From my research, it looks like no such alternate mechanism exists. In another previous revision of that section, the section read:

We plan to extend the service account behavior so that manually created secrets (e.g. one containing a token for accessing a github account) can be automatically attached to pods based on their service account. This is not implemented yet. See issue 9902.

kubernetes/kubernetes#9902 states that PodPresets should be used for secret automounting. It does not mention other options. It also does not imply that ServiceAccounts are relevant. It seems like the ServiceAccount association was an unimplemented or reconsidered proposal back around 2015-2017.

Proposed Solution: Unless a mechanism exists which associates Secrets with ServiceAccounts for the purpose of automounting Secrets in Pods associated with a specific ServiceAccount, this section should be dropped. If such a mechanism does exist, the section should be updated to reflect its use or refer to other docs that do.

Page to Update:
https://kubernetes.io/docs/concepts/configuration/secret/#automatic-mounting-of-manually-created-secrets
@k8s-ci-robot k8s-ci-robot added the needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. label Feb 4, 2021
@JacobHenner JacobHenner mentioned this issue Feb 4, 2021
Merged
@sftim
Copy link
Contributor

sftim commented Feb 4, 2021

/kind bug
Relevant SIG is SIG Service Catalog, but anyone can tidy up (remove the mention of PodPreset).

/triage accepted
/language en
/help

@k8s-ci-robot
Copy link
Contributor

@sftim:
This request has been marked as needing help from a contributor.

Please ensure the request meets the requirements listed here.

If this request no longer meets these requirements, the label can be removed
by commenting with the /remove-help command.

In response to this:

/kind bug
Relevant SIG is SIG Service Catalog, but anyone can tidy up (remove the mention of PodPreset).

/triage accepted
/language en
/help

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot added kind/bug Categorizes issue or PR as related to a bug. triage/accepted Indicates an issue or PR is ready to be actively worked on. help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. language/en Issues or PRs related to English language and removed needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Feb 4, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. kind/bug Categorizes issue or PR as related to a bug. language/en Issues or PRs related to English language triage/accepted Indicates an issue or PR is ready to be actively worked on.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Remove ServiceAccount Secret automounting section JacobHenner/website
3 participants
@JacobHenner @k8s-ci-robot @sftim