Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Automated backport of #1128: Set the operator up with enforced secrets #1182

Merged
merged 1 commit into from
Jul 9, 2024
Merged

Automated backport of #1128: Set the operator up with enforced secrets #1182

merged 1 commit into from
Jul 9, 2024

Conversation

skitt
Copy link
Member

@skitt skitt commented Jul 1, 2024
edited
Loading

Backport of #1128 on release-0.16.

#1128: Set the operator up with enforced secrets

For details on the backport process, see the backport requests page.

Depends on submariner-io/submariner-operator#3144

@skitt skitt requested a review from tpantelis as a code owner July 1, 2024 14:31
@submariner-bot
Copy link
Contributor

🤖 Created branch: z_pr1182/skitt/automated-backport-of-#1128-origin-release-0.16
🚀 Full E2E won't run until the "ready-to-test" label is applied. I will add it automatically once the PR has 2 approvals, or you can add it manually.

skitt
skitt commented Jul 1, 2024
View reviewed changes
go.mod Outdated
@@ -21,7 +21,7 @@ require (
github.com/submariner-io/lighthouse v0.16.7
github.com/submariner-io/shipyard v0.16.7
github.com/submariner-io/submariner v0.16.7
github.com/submariner-io/submariner-operator v0.16.7
github.com/submariner-io/submariner-operator v0.16.8-0.20240701075802-8fa04707dcc6
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This will need to be updated when submariner-io/submariner-operator#3144 is merged.

@skitt @tpantelis
Set the operator up with enforced secrets
a00b9c0 
To prevent arbitrary secret access using compromised SAs, the SAs
created by Submariner are now configured to enforce mountable secrets.
This requires that accessible secrets be listed explicitly in the SA.
To make this simple, use a static name for the broker secret. To allow
secrets to be configured, leave them alone when creating or updating
the SAs.

Signed-off-by: Stephen Kitt <[email protected]>
@tpantelis tpantelis force-pushed the automated-backport-of-#1128-origin-release-0.16 branch from 6194e10 to a00b9c0 Compare July 9, 2024 14:45
@submariner-bot submariner-bot added the ready-to-test When a PR is ready for full E2E testing label Jul 9, 2024
@github-actions github-actions bot removed the dependent label Jul 9, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Jul 9, 2024

This PR/issue depends on:

@tpantelis tpantelis enabled auto-merge (rebase) July 9, 2024 14:55
@tpantelis tpantelis merged commit 2f1faf5 into submariner-io:release-0.16 Jul 9, 2024
32 checks passed
@submariner-bot
Copy link
Contributor

🤖 Closed branches: [z_pr1182/skitt/automated-backport-of-#1128-origin-release-0.16]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tpantelis tpantelis tpantelis approved these changes

@dfarrell07 dfarrell07 dfarrell07 approved these changes

@Jaanki Jaanki Awaiting requested review from Jaanki Jaanki is a code owner

@Oats87 Oats87 Awaiting requested review from Oats87 Oats87 is a code owner

@sridhargaddam sridhargaddam Awaiting requested review from sridhargaddam sridhargaddam is a code owner

Assignees
No one assigned
Labels
automated-backport ready-to-test When a PR is ready for full E2E testing
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@skitt @submariner-bot @dfarrell07 @tpantelis