Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docs: add required label for pod #629

Merged
merged 1 commit into from
Nov 9, 2022
Merged

docs: add required label for pod #629

merged 1 commit into from
Nov 9, 2022

Conversation

aramase
Copy link
Member

@aramase aramase commented Nov 8, 2022

Signed-off-by: Anish Ramasekar [email protected]

Reason for Change:

  • Update docs and quick-start example to include the required label azure.workload.identity/use: "true" for pods

Requirements

  • squashed commits
  • included documentation
  • added unit tests and e2e tests (if applicable).

Issue Fixed:

part of #601

Please answer the following questions with yes/no:

Does this change contain code from or inspired by another project? If so, did you notify the maintainers and provide attribution?

  • yes
  • no

Notes for Reviewers:

@aramase aramase requested review from enj and sozercan November 8, 2022 19:32
@aramase aramase added this to the v0.15.0 milestone Nov 8, 2022
enj
enj approved these changes Nov 9, 2022
View reviewed changes
docs/book/src/quick-start.md
Comment on lines +276 to +277
labels:
azure.workload.identity/use: "true"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is just so that we start encouraging folks to use this label now right? We have not made any other code changes right?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Correct! We haven't made any code changes yet.

docs/book/src/topics/service-account-labels-and-annotations.md
### Annotations

| Annotation | Description | Default |
| ---------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------- |
| `azure.workload.identity/service-account-token-expiration` | **(Takes precedence if the service account is also annotated)** Represents the `expirationSeconds` field for the projected service account token. It is an optional field that the user might want to configure this to prevent any downtime caused by errors during service account token refresh. Kubernetes service account token expiry will not be correlated with AAD tokens. AAD tokens will expire in 24 hours after they are issued. | `3600` (acceptable range: `3600 - 86400`) |
| `azure.workload.identity/skip-containers` | Represents a semi-colon-separated list of containers (e.g. `container1;container2`) to skip adding projected service account token volume. By default, the projected service account token volume will be added to all containers if the service account is labeled with `azure.workload.identity/use: true`. | |
| `azure.workload.identity/inject-proxy-sidecar` | Injects a proxy init container and proxy sidecar into the pod. The proxy sidecar is used to intercept token requests to IMDS and acquire an AAD token on behalf of the user with federated identity credential. | `true` |
| `azure.workload.identity/inject-proxy-sidecar` | Injects a proxy init container and proxy sidecar into the pod. The proxy sidecar is used to intercept token requests to IMDS and acquire an AAD token on behalf of the user with federated identity credential. | `true` |
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure if you meant to make this whitespace change?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The vscode plugin auto fixed things on save

@aramase
docs: add required label for pod
ed5fce2 
Signed-off-by: Anish Ramasekar <[email protected]>
@aramase aramase merged commit 0cd6d96 into Azure:main Nov 9, 2022
@aramase aramase deleted the update-pod-label branch November 9, 2022 18:41
@v-shenoy v-shenoy mentioned this pull request Nov 21, 2022
Merged
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@enj enj enj approved these changes

@sozercan sozercan Awaiting requested review from sozercan

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v0.15.0
Development

Successfully merging this pull request may close these issues.
2 participants
@aramase @enj