Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CSI: update leader's ACL in volumewatcher #11891

Merged
merged 1 commit into from
Jan 24, 2022
Merged

CSI: update leader's ACL in volumewatcher #11891

merged 1 commit into from
Jan 24, 2022

Conversation

tgross
Copy link
Member

@tgross tgross commented Jan 20, 2022
edited
Loading

Partial fix for #10927 #10052

The volumewatcher that runs on the leader needs to make RPC calls
rather than writing to raft (as we do in the deploymentwatcher)
because the unpublish workflow needs to make RPC calls to the
clients. This requires that the volumewatcher has access to the
leader's ACL token.

But when leadership transitions, the new leader creates a new leader
ACL token. This ACL token needs to be passed into the volumewatcher
when we enable it, otherwise the volumewatcher can find itself with a
stale token.

@tgross tgross self-assigned this Jan 20, 2022
@tgross tgross marked this pull request as ready for review January 20, 2022 20:02
@tgross tgross added this to the 1.3.0 milestone Jan 20, 2022
@vercel vercel bot temporarily deployed to Preview – nomad January 20, 2022 20:10 Inactive
@tgross tgross mentioned this pull request Jan 20, 2022
Closed
shoenig
shoenig approved these changes Jan 21, 2022
View reviewed changes
Copy link
Member

@shoenig shoenig left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

.changelog/11891.txt Outdated Show resolved Hide resolved
@tgross
csi: update leader's ACL in volumewatcher
3fc9835 
The volumewatcher that runs on the leader needs to make RPC calls
rather than writing to raft (as we do in the deploymentwatcher)
because the unpublish workflow needs to make RPC calls to the
clients. This requires that the volumewatcher has access to the
leader's ACL token.

But when leadership transitions, the new leader creates a new leader
ACL token. This ACL token needs to be passed into the volumewatcher
when we enable it, otherwise the volumewatcher can find itself with a
stale token.
@vercel vercel bot temporarily deployed to Preview – nomad January 24, 2022 15:43 Inactive
@tgross tgross mentioned this pull request Jan 24, 2022
Merged
@tgross tgross merged commit 9d60df2 into main Jan 24, 2022
@tgross tgross deleted the csi-leadership-acl branch January 24, 2022 16:49
@tgross tgross modified the milestones: 1.3.0, 1.2.5 Jan 24, 2022
tgross added a commit that referenced this pull request Jan 28, 2022
@tgross
csi: update leader's ACL in volumewatcher (#11891)
debffe2 
The volumewatcher that runs on the leader needs to make RPC calls
rather than writing to raft (as we do in the deploymentwatcher)
because the unpublish workflow needs to make RPC calls to the
clients. This requires that the volumewatcher has access to the
leader's ACL token.

But when leadership transitions, the new leader creates a new leader
ACL token. This ACL token needs to be passed into the volumewatcher
when we enable it, otherwise the volumewatcher can find itself with a
stale token.
tgross added a commit that referenced this pull request Jan 28, 2022
@tgross
csi: update leader's ACL in volumewatcher (#11891)
41c2daf 
The volumewatcher that runs on the leader needs to make RPC calls
rather than writing to raft (as we do in the deploymentwatcher)
because the unpublish workflow needs to make RPC calls to the
clients. This requires that the volumewatcher has access to the
leader's ACL token.

But when leadership transitions, the new leader creates a new leader
ACL token. This ACL token needs to be passed into the volumewatcher
when we enable it, otherwise the volumewatcher can find itself with a
stale token.
tgross added a commit that referenced this pull request Jan 28, 2022
@tgross
csi: update leader's ACL in volumewatcher (#11891)
0d8952a 
The volumewatcher that runs on the leader needs to make RPC calls
rather than writing to raft (as we do in the deploymentwatcher)
because the unpublish workflow needs to make RPC calls to the
clients. This requires that the volumewatcher has access to the
leader's ACL token.

But when leadership transitions, the new leader creates a new leader
ACL token. This ACL token needs to be passed into the volumewatcher
when we enable it, otherwise the volumewatcher can find itself with a
stale token.
@tgross tgross mentioned this pull request Jan 31, 2022
Closed
@github-actions
Copy link

I'm going to lock this pull request because it has been closed for 120 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Oct 20, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@shoenig shoenig shoenig approved these changes

@jrasell jrasell Awaiting requested review from jrasell

@lgfa29 lgfa29 Awaiting requested review from lgfa29

Assignees

@tgross tgross

Labels
theme/storage
Projects
None yet
Milestone
1.2.5
Development

Successfully merging this pull request may close these issues.
3 participants
@tgross @shoenig @lgfa29