-
Notifications
You must be signed in to change notification settings - Fork 4.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support multiple service-account-issuers in apiserver #16497
Support multiple service-account-issuers in apiserver #16497
Conversation
4777562
to
5a3ecb5
Compare
...tegration/update_cluster/additionalobjects/data/aws_s3_object_cluster-completed.spec_content
Outdated
Show resolved
Hide resolved
.../integration/update_cluster/apiservernodes/data/aws_s3_object_cluster-completed.spec_content
Outdated
Show resolved
Hide resolved
...tegration/update_cluster/aws-lb-controller/data/aws_s3_object_cluster-completed.spec_content
Outdated
Show resolved
Hide resolved
5a3ecb5
to
b25253f
Compare
b25253f
to
eafa5d2
Compare
a012145
to
e3fe7a8
Compare
e7c5cea
to
e60531d
Compare
/retest |
/test pull-kops-e2e-aws-upgrade-k127-ko127-to-klatest-kolatest-many-addons |
/lgtm |
We discussed in office hours, "additional" makes sense because the first one is special. /approve |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: justinsb The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
…-upstream-release-1.28 Automated cherry pick of #16497: Support multiple service-account-issuer flags
…-upstream-release-1.29 Automated cherry pick of #16497: Support multiple service-account-issuer flags
Add procedure for using `additionalServiceAccountIssuers` which was added in kubernetes#16497.
currently kOps supports only one --service-account-issuer flag in apiserver. However, it is problem if people want to change the issuer without downtime. https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#serviceaccount-token-volume-projection says
This PR makes it possible to define issuer multiple times