Matt Moyer b80cbb8cc5 Run kube-cert-agent pod as Concierge ServiceAccount. ... Since 0dfb3e95c5, we no longer directly create the kube-cert-agent Pod, so our "use" permission on PodSecurityPolicies no longer has the intended effect. Since the deployments controller is now the one creating pods for us, we need to get the permission on the PodSpec of the target pod instead, which we do somewhat simply by using the same service account as the main Concierge pods. We still set `automountServiceAccountToken: false`, so this should not actually give any useful permissions to the agent pod when running. Signed-off-by: Matt Moyer <moyerm@vmware.com>		2021-05-03 16:20:13 -05:00
..
apicerts	dynamiccert: split into serving cert and CA providers	2021-03-15 12:24:07 -04:00
authenticator	impersonator: add support for service account token authentication	2021-04-29 17:30:35 -04:00
impersonatorconfig	Fix lint error	2021-03-30 14:53:26 -07:00
issuerconfig	Sort CredentialIssuer strategies in preferred order.	2021-03-03 14:03:27 -06:00
kubecertagent	Run kube-cert-agent pod as Concierge ServiceAccount.	2021-05-03 16:20:13 -05:00
supervisorconfig	All controller unit tests should not cancel context until test is over	2021-03-04 17:26:01 -08:00
supervisorstorage	All controller unit tests should not cancel context until test is over	2021-03-04 17:26:01 -08:00
controller_test.go	Clean this test up a trivial amount using `require.Implementsf()`.	2020-12-17 08:38:16 -06:00
utils.go	Upstream Watcher Controller Syncs less often by adjusting its filters	2020-12-18 15:41:18 -08:00