consul-k8s consul-auth-method service account auto generate token is impacted by Kubernetes 1.29 release | KEP-2799: Reduction of Secret-based Service Account Tokens

consul-auth-method service account auto generate token is impacted by Kubernetes 1.29 release | KEP-2799: Reduction of Secret-based Service Account Tokens

Open MageshSrinivasulu opened this issue 8 months ago • 1 comments

Kubernetes 1.29 has released a feature that will impact the service account tokens that are auto-generated

https://github.com/kubernetes/enhancements/tree/master/keps/sig-auth/2799-reduction-of-secret-based-service-account-token

The secret of the service account consul-auth-method is impacted by this issue

https://kubernetes.io/blog/2023/12/13/kubernetes-v1-29-release/#serviceaccount-token-clean-up

https://github.com/kubernetes/enhancements/tree/master/keps/sig-auth/2799-reduction-of-secret-based-service-account-token#proposal

As we can see the below secret is updated with the label kubernetes.io/legacy-token-last-used

kind: Secret
metadata:
  annotations:
    kubernetes.io/service-account.name: consul-auth-method
    meta.helm.sh/release-name: consul
    meta.helm.sh/release-namespace: consul
  labels:
    app: consul
    app.kubernetes.io/managed-by: Helm
    chart: consul-helm
    component: auth-method
    heritage: Helm
    kubernetes.io/legacy-token-last-used: "2024-06-17"
    release: consul
  name: consul-auth-method
  namespace: consul
type: kubernetes.io/service-account-token

How does the consul plan to address this issue? Will the helm release include the manual creation of a service account secret?

Jun 17 '24 07:06 MageshSrinivasulu

consul-k8s consul-k8s copied to clipboard

consul-auth-method service account auto generate token is impacted by Kubernetes 1.29 release | KEP-2799: Reduction of Secret-based Service Account Tokens

consul-k8s
consul-k8s copied to clipboard