Generate kubeconfigs only for warnet-user #772 #773
Conversation
| # skip the default service account created by k8s and commander service accounts created by scenarios | ||
| service_accounts = run_command(command).split() | ||
| return [sa for sa in service_accounts if sa != "default"] | ||
| return [sa for sa in service_accounts if sa != "default" and not sa.startswith("commander-")] |
There was a problem hiding this comment.
I'd rather not use any more name parsing magic this in warnet. I think a better approach would be to add a tag to the ServiceAccounts we create for users in deploy_namespaces() which would probably actually mean adding metadata to the chart in resources/charts/namespaces/templates/rolebinding.yaml and then here in this function, we filter for SA's with the right tag.
|
Thanks for taking a stab at this. I guess you discovered the patch I wrote in the original open issue wasn't correct when the test failed? Lets work on making this clean |
|
Thanks @pinheadmz for the feedback! Yes, I noticed the original patch didn’t fully cover the failing case, so I adjusted the approach to make the tests pass. |
I think leveraging kubernetes tags is worth exploring: #773 (comment) |
2 participants
Fixes #772
Restricts warnet admin create-kubeconfigs to generate kubeconfigs only for the warnet-user service account. This prevents unnecessary kubeconfig files from being created when multiple ServiceAccounts exist in a namespace.
Updated the service account lookup to return only warnet-user
Renamed the helper function and updated its usage accordingly