Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[release-1.13]: Watch only our own OIDC-related secrets (#8070) #8072

Merged
merged 5 commits into from
Jul 9, 2024
Merged

[release-1.13]: Watch only our own OIDC-related secrets (#8070) #8072

merged 5 commits into from
Jul 9, 2024

Conversation

Cali0707
Copy link
Member

@Cali0707 Cali0707 commented Jul 4, 2024

This is a backport of #8070 to ensure that we use a filtered informer for our own OIDC-related secrets to reduce memory usage.

@pierDipi @Cali0707
Watch only our own OIDC-related secrets (knative#8070)
05307c7 
Filter OIDC secrets

Signed-off-by: Pierangelo Di Pilato <pierdipi@redhat.com>
@knative-prow knative-prow bot requested review from matzew and pierDipi July 4, 2024 18:08
@knative-prow knative-prow bot added approved Indicates a PR has been approved by an approver from all required OWNERS files. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Jul 4, 2024
@Cali0707
Copy link
Member Author

Cali0707 commented Jul 4, 2024

/cc @pierDipi @matzew @Leo6Leo

@knative-prow knative-prow bot requested a review from Leo6Leo July 4, 2024 18:09
@Cali0707
./hack/update-deps.sh
3def75e 
Signed-off-by: Calum Murray <cmurray@redhat.com>
@knative-prow knative-prow bot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Jul 4, 2024
@Cali0707
fix: serviceaccountInformer -> oidcServiceaccountInformer
1c43d04 
Signed-off-by: Calum Murray <cmurray@redhat.com>
@Cali0707
fix: add oidc label selector to main contexts (partial cherry pick of k…
858b6a9 
…native#7527)

Signed-off-by: Calum Murray <cmurray@redhat.com>
pierDipi
pierDipi approved these changes Jul 5, 2024
View reviewed changes
Copy link
Member

@pierDipi pierDipi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm
/approve

@knative-prow knative-prow bot added the lgtm Indicates that a PR is ready to be merged. label Jul 5, 2024
@knative-prow Knative Prow
Copy link

knative-prow bot commented Jul 5, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Cali0707, pierDipi

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@pierDipi
Copy link
Member

pierDipi commented Jul 5, 2024

/test reconciler-tests

1 similar comment
@matzew
Copy link
Member

matzew commented Jul 5, 2024

/test reconciler-tests

@pierDipi
Copy link
Member

pierDipi commented Jul 5, 2024

/retest

@pierDipi
Copy link
Member

pierDipi commented Jul 5, 2024

/test reconciler-tests

@Cali0707
Copy link
Member Author

Cali0707 commented Jul 5, 2024 

    wait.go:200: test-sipcyxms/containersource-onquhsez condition is {"type":"Ready","status":"False","lastTransitionTime":"2024-07-05T13:50:38Z","reason":"Unable to resolve service account for OIDC authentication","message":"could not create OIDC service account test-sipcyxms/containersource-onquhsez-sinkbinding for SinkBinding: serviceaccounts \"containersource-onquhsez-sinkbi29a177f791667d85035dc5a99e4605f5\" already exists"}

Looks like a real failure, will debug...

@knative-prow knative-prow bot removed the lgtm Indicates that a PR is ready to be merged. label Jul 5, 2024
@Cali0707
Copy link
Member Author

Cali0707 commented Jul 5, 2024

/cc @matzew @Leo6Leo

Could one of you recheck?

@Cali0707
fix: don't use filtered sa informer when sa is not labelled
86da06c 
Signed-off-by: Calum Murray <cmurray@redhat.com>
@Cali0707 Cali0707 force-pushed the backport-filter-oidc-informer-release-1.13 branch from 015bce0 to 86da06c Compare July 5, 2024 20:54
@matzew
Copy link
Member

matzew commented Jul 8, 2024

/test reconciler-tests

matzew
matzew reviewed Jul 8, 2024
View reviewed changes
pkg/reconciler/sinkbinding/controller.go
@@ -80,8 +80,8 @@ func NewController(
dc := dynamicclient.Get(ctx)
psInformerFactory := podspecable.Get(ctx)
namespaceInformer := namespace.Get(ctx)
serviceaccountInformer := serviceaccountinformer.Get(ctx)
secretInformer := secretinformer.Get(ctx)
oidcServiceaccountInformer := serviceaccountinformer.Get(ctx)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

did we just rename it for a better name?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah the name was changed later, so when I did the cherry-pick it seems to have included that as well

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok, I see is now same name as on main

@Leo6Leo
Copy link
Member

Leo6Leo commented Jul 8, 2024

/test reconciler-tests

@Leo6Leo
Copy link
Member

Leo6Leo commented Jul 9, 2024

/lgtm

@knative-prow knative-prow bot added the lgtm Indicates that a PR is ready to be merged. label Jul 9, 2024
@knative-prow knative-prow bot merged commit 3c03a23 into knative:release-1.13 Jul 9, 2024
22 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@matzew matzew matzew left review comments

@pierDipi pierDipi pierDipi approved these changes

@Leo6Leo Leo6Leo Awaiting requested review from Leo6Leo

Assignees

@pierDipi pierDipi

@Leo6Leo Leo6Leo

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@Cali0707 @pierDipi @matzew @Leo6Leo