-
Notifications
You must be signed in to change notification settings - Fork 71
Bug 1945548: Filter secret names for registry pod's sa #83
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug 1945548: Filter secret names for registry pod's sa #83
Conversation
During the registry server sync the image pull secrets from the catalogsource's spec.secrets are passed unfiltered to the serviceaccount for the registry pod. Passing an empty string in the secrets list breaks serverside apply for the registry pod with the following error: failed to convert new object (/v1, Kind=Pod) to smd typed: .spec.imagePullSecrets: element 0: associative list with keys has an element that omits key field "name" (and doesn't have default value) This prevents the registry pod from being promoted via the SSA client when there is an update to the index image. To fix this, the image pull secrets list is filtered for empty strings before being set on the serviceaccount. Upstream-commit: ee40fd9b8495ea23fc34daef74c689aad942fd2f Upstream-repository: operator-lifecycle-manager Signed-off-by: Haseeb Tariq <[email protected]>
@hasbro17: This pull request references Bugzilla bug 1945548, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker. 3 validation(s) were run on this bug
No GitHub users were found matching the public email listed for the QA contact in Bugzilla ([email protected]), skipping review request. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: dinhxuanvu, hasbro17 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/retest |
1 similar comment
/retest |
@hasbro17: All pull requests linked via external trackers have merged: Bugzilla bug 1945548 has been moved to the MODIFIED state. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Description of the change:
During the registry server sync the image pull secrets from the catalogsource's spec.secrets are passed
unfiltered to the serviceaccount for the registry pod.
Passing an empty string in the secrets list breaks serverside apply for the registry pod which gets created without the
metadata.managedFields
when it has an empty element in theimagePullSecrets
list:This prevents the registry pod from being promoted via the SSA client when
there is an update to the index image:
To fix this, the image pull secrets list is filtered for empty strings
before being set on the serviceaccount.
Motivation for the change:
Fix for: https://bugzilla.redhat.com/show_bug.cgi?id=1945548
Similar to kubernetes-sigs/structured-merge-diff#130
Upstream-commit: ee40fd9b8495ea23fc34daef74c689aad942fd2f
Upstream-repository: operator-lifecycle-manager
Upstream PR: operator-framework/operator-lifecycle-manager#2165