rbd: k8s 1.24 changes wrt to sa secrets may affect vault tenant sa encryption. #3135

Rakshith-R · 2022-05-26T05:15:35Z

From k8s 1.24 release notes

The LegacyServiceAccountTokenNoAutoGeneration feature gate is beta, and enabled by default. When enabled, Secret API objects containing service account tokens are no longer auto-generated for every ServiceAccount. Use the TokenRequest API to acquire service account tokens, or if a non-expiring token is required, create a Secret API object for the token controller to populate with a service account token by following this guide. (kubernetes/kubernetes#108309)

We may have to implement another extra step to use this instead

kubectl create token can now be used to request a service account token, and permission to request service account tokens is added to the edit and admin RBAC roles (kubernetes/kubernetes#107880, @liggitt)

I'll update the issue after testing with k8s 1.24

Rakshith-R added the component/rbd Issues related to RBD label May 26, 2022

Rakshith-R self-assigned this May 26, 2022

humblec added this to the release-3.7 milestone May 26, 2022

Rakshith-R mentioned this issue Jun 13, 2022

rbd: create token and use it for vault SA #3174

Merged

Rakshith-R removed this from the release-3.7 milestone Jun 15, 2022

mergify bot closed this as completed in #3174 Jun 17, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

rbd: k8s 1.24 changes wrt to sa secrets may affect vault tenant sa encryption. #3135

rbd: k8s 1.24 changes wrt to sa secrets may affect vault tenant sa encryption. #3135

Rakshith-R commented May 26, 2022

rbd: k8s 1.24 changes wrt to sa secrets may affect vault tenant sa encryption. #3135

rbd: k8s 1.24 changes wrt to sa secrets may affect vault tenant sa encryption. #3135

Comments

Rakshith-R commented May 26, 2022

From k8s 1.24 release notes