Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fail if service name != service account name #281

Merged
merged 1 commit into from
Jun 24, 2020

Conversation

thisisnotashwin
Copy link
Contributor

This check only occurs when ACLs are enable with connectInject.

Tested that it only performs this check when ACLs are enabled. Screenshot of error when incorrect pod config is applied

Closes #237

Signed-off-by: Ashwin Venkatesh ashwin@hashicorp.com

Screen Shot 2020-06-19 at 10 54 48 AM

@thisisnotashwin thisisnotashwin requested review from lkysow, a team and adilyse and removed request for a team June 19, 2020 15:36
@thisisnotashwin thisisnotashwin force-pushed the verifyServiceAccountName branch from 56cd8eb to 7e9d650 Compare June 19, 2020 16:52
Copy link
Member

@lkysow lkysow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking good, just a few comments!

connect-inject/container_init.go Outdated Show resolved Hide resolved
connect-inject/container_init.go Outdated Show resolved Hide resolved
connect-inject/container_init_test.go Show resolved Hide resolved
@thisisnotashwin thisisnotashwin force-pushed the verifyServiceAccountName branch from 7e9d650 to a575978 Compare June 23, 2020 14:31
@thisisnotashwin thisisnotashwin requested a review from lkysow June 23, 2020 14:32
@thisisnotashwin thisisnotashwin force-pushed the verifyServiceAccountName branch from a575978 to 76b1028 Compare June 24, 2020 16:37
Copy link
Member

@lkysow lkysow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎉

@adilyse adilyse added area/connect Related to Connect service mesh, e.g. injection type/enhancement New feature or request labels Jun 24, 2020
ServiceAccountName in podSpec

Signed-off-by: Ashwin Venkatesh <ashwin@hashicorp.com>
@thisisnotashwin thisisnotashwin force-pushed the verifyServiceAccountName branch from 76b1028 to 6e434a5 Compare June 24, 2020 21:17
@thisisnotashwin thisisnotashwin merged commit 9a3a22e into master Jun 24, 2020
@thisisnotashwin thisisnotashwin deleted the verifyServiceAccountName branch June 24, 2020 22:10
@ishustava ishustava mentioned this pull request Jul 9, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/connect Related to Connect service mesh, e.g. injection type/enhancement New feature or request
Projects
None yet
Development

Successfully merging this pull request may close these issues.

First container name might not match service account
3 participants