Merge pull request #44102 from ncdc/fix-serviceaccount-token-admission
Automatic merge from submit-queue
serviceaccount admission: return correct tokens
Fix a bug in serviceaccount admission introduced when we switched
everything to use shared informers. That change accidentally reused the
list of secrets instead of creating a new one, resulting in all secrets
in the namespace being returned as possible service account tokens,
instead of limiting it only to the actual service account tokens, as it
did before the shared informer conversion. This also adds a unit test to
ensure there is no future regression here.
This will need to be cherry-picked to 1.6.
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
Fixed an issue mounting the wrong secret into pods as a service account token
```
cc @smarterclayton @liggitt @sttts @derekwaynecarr @calebamiles @ethernetdan @eparis
Showing
Please
register
or
sign in
to comment