Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix Otterize credentials operator not deleting IAM roles on pod cleanup due to the Otterize finalizer not being added to service accounts #160

Merged
merged 9 commits into from
Sep 15, 2024
Merged

Fix Otterize credentials operator not deleting IAM roles on pod cleanup due to the Otterize finalizer not being added to service accounts #160

merged 9 commits into from
Sep 15, 2024

Conversation

amitlicht
Copy link
Contributor

@amitlicht amitlicht commented Sep 8, 2024
edited
Loading

Description

This PR fixes a bug in the credentials-operator, where IAM roles were not always deleted during service account termination.
The PR adds a finalizer on service accounts, on pod admission, to ensure that they don't get deleted before the IAM role cleanup reconciler finished handling them.
It also supports disabling webhook server for testing purpose.

Testing

Describe how this can be tested by reviewers. Be specific about anything not tested and reasons why. If this library has unit and/or integration testing, tests should be added for new functionality and existing tests should complete without errors.

Please include any manual steps for testing end-to-end or functionality not covered by unit/integration tests.

Also include details of the environment this PR was developed in (language/platform/browser version).

  • This change adds test coverage for new/changed/fixed functionality

Checklist

  • I have added documentation for new/changed functionality in this PR and in github.com/otterize/docs

@amitlicht amitlicht changed the title Ensure that the Otterize finalizer is added on service accounts managed by IAM agents Fix Otterize credentials operator not deleting IAM roles on pod cleanup due to the Otterize finalizer not being added to service accounts Sep 8, 2024
@amitlicht amitlicht marked this pull request as ready for review September 15, 2024 07:20
@amitlicht amitlicht merged commit 78fe3f2 into main Sep 15, 2024
12 checks passed
@amitlicht amitlicht deleted the amitlicht/add_serviceaccount_finalizer_on_pod_admission branch September 15, 2024 13:13
@github-actions github-actions bot locked and limited conversation to collaborators Sep 15, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@evyatarmeged evyatarmeged evyatarmeged approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@amitlicht @evyatarmeged