csi-driver-spiffe icon indicating copy to clipboard operation
csi-driver-spiffe copied to clipboard
verified publisher icon cert-manager

Remove csi-driver-spiffe approver

Open inteon opened this issue 1 year ago • 4 comments

The approver checked that the requestor matches the identity in the certificate. However, if we take into account the correctness of the csi-driver-spiffe and the privileges required to create a CertificateRequest resource, this approver becomes less valuable. Additionally, removing the approver greatly simplifies the installation process. By reducing the steps required to get this CSI driver working, we aim to improve adoption rates of this CSI driver.

TODO: change the CSI driver so that the CRs are requested by the CSI's SA and not the pod's SA to prevent pods from requesting a random CertificateRequest (eg. for another pod).

inteon avatar Mar 25 '24 08:03 inteon

Skipping CI for Draft Pull Request. If you want CI signal for your change, please convert it to an actual PR. You can still manually trigger a test run with /test all

jetstack-bot avatar Mar 25 '24 08:03 jetstack-bot

Thanks for your pull request. Before we can look at it, you'll need to add a 'DCO signoff' to your commits.

:memo: Please follow instructions in the contributing guide to update your commits with the DCO

Full details of the Developer Certificate of Origin can be found at developercertificate.org.

The list of commits missing DCO signoff:

  • 97b23cd Remove csi-driver-spiffe approver.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

jetstack-bot avatar Mar 25 '24 08:03 jetstack-bot

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: Once this PR has been reviewed and has the lgtm label, please ask for approval from inteon. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment Approvers can cancel approval by writing /approve cancel in a comment

jetstack-bot avatar Mar 25 '24 08:03 jetstack-bot

PR needs rebase.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

jetstack-bot avatar Mar 27 '24 17:03 jetstack-bot