djpbessems/ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1586171876
ContainerImage.Pinniped/internal/controller
History
Matt Moyer b80cbb8cc5
Run kube-cert-agent pod as Concierge ServiceAccount. 
Since 0dfb3e95c5, we no longer directly create the kube-cert-agent Pod, so our "use"
permission on PodSecurityPolicies no longer has the intended effect. Since the deployments controller is now the
one creating pods for us, we need to get the permission on the PodSpec of the target pod instead, which we do somewhat
simply by using the same service account as the main Concierge pods.

We still set `automountServiceAccountToken: false`, so this should not actually give any useful permissions to the
agent pod when running.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-05-03 16:20:13 -05:00
..
apicerts dynamiccert: split into serving cert and CA providers 2021-03-15 12:24:07 -04:00
authenticator impersonator: add support for service account token authentication 2021-04-29 17:30:35 -04:00
impersonatorconfig Fix lint error 2021-03-30 14:53:26 -07:00
issuerconfig Sort CredentialIssuer strategies in preferred order. 2021-03-03 14:03:27 -06:00
kubecertagent Run kube-cert-agent pod as Concierge ServiceAccount. 2021-05-03 16:20:13 -05:00
supervisorconfig All controller unit tests should not cancel context until test is over 2021-03-04 17:26:01 -08:00
supervisorstorage All controller unit tests should not cancel context until test is over 2021-03-04 17:26:01 -08:00
controller_test.go Clean this test up a trivial amount using require.Implementsf(). 2020-12-17 08:38:16 -06:00
utils.go Upstream Watcher Controller Syncs less often by adjusting its filters 2020-12-18 15:41:18 -08:00