vitess-operator icon indicating copy to clipboard operation
vitess-operator copied to clipboard

Published 20 hours ago verified publisher icon planetscale

fix: k8s 1.21+ bounded service account token on backup subcontroller

Open michaellee8 opened this issue 2 years ago • 4 comments

In k8s 1.21+, bounded service account token are enfoced which requries a different prefix for service account token mounts, and are not removed in reconcile_subcontroller.go. My patch fixes the issue which allows the subcontroller to work.

Closes https://github.com/planetscale/vitess-operator/issues/302

michaellee8 avatar Aug 12 '22 03:08 michaellee8

Review Checklist

Hello reviewers! :wave: Please follow this checklist when reviewing this Pull Request.

General

  • [ ] Ensure that the Pull Request has a descriptive title.
  • [ ] If this is a change that users need to know about, please apply the release notes (needs details) label so that merging is blocked unless the summary release notes document is included.
  • [ ] If a new flag is being introduced, review whether it is really needed. The flag names should be clear and intuitive (as far as possible), and the flag's help should be descriptive.
  • [ ] If a workflow is added or modified, each items in Jobs should be named in order to mark it as required. If the workflow should be required, the GitHub Admin should be notified.

Bug fixes

  • [ ] There should be at least one unit or end-to-end test.
  • [ ] The Pull Request description should either include a link to an issue that describes the bug OR an actual description of the bug and how to reproduce, along with a description of the fix.

Non-trivial changes

  • [ ] There should be some code comments as to why things are implemented the way they are.

New/Existing features

  • [ ] Should be documented, either by modifying the existing documentation or creating new documentation.
  • [ ] New features should have a link to a feature request issue or an RFC that documents the use cases, corner cases and test cases.

Backward compatibility

  • [ ] Protobuf changes should be wire-compatible.
  • [ ] Changes to _vt tables and RPCs need to be backward compatible.
  • [ ] vtctl command output order should be stable and awk-able.

vitess-bot[bot] avatar Aug 12 '22 03:08 vitess-bot[bot]

Still got the problem after this patch, no idea why, investigating.

michaellee8 avatar Aug 12 '22 04:08 michaellee8

@michaellee8 let us know once you have a working fix. At that time we can review and run CI.

deepthi avatar Aug 12 '22 18:08 deepthi

@deepthi It seems that even with my patch it still doesn't work, are you familiar with other places in the codebase that may cause the issue?

Edit: Seems like the issue is GKE Autopilot specific, but I think the patch would still be useful since it prevents the serice account volume being mounted,

michaellee8 avatar Aug 13 '22 07:08 michaellee8