[release-1.13]: Watch only our own OIDC-related secrets (#8070) by Cali0707 · Pull Request #8072 · knative/eventing

Cali0707 · 2024-07-04T18:08:50Z

This is a backport of #8070 to ensure that we use a filtered informer for our own OIDC-related secrets to reduce memory usage.

Filter OIDC secrets Signed-off-by: Pierangelo Di Pilato <pierdipi@redhat.com>

Cali0707 · 2024-07-04T18:09:03Z

/cc @pierDipi @matzew @Leo6Leo

Signed-off-by: Calum Murray <cmurray@redhat.com>

…native#7527) Signed-off-by: Calum Murray <cmurray@redhat.com>

pierDipi

/lgtm
/approve

knative-prow · 2024-07-05T06:29:12Z

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Cali0707, pierDipi

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

~~OWNERS~~ [Cali0707,pierDipi]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

pierDipi · 2024-07-05T06:29:18Z

/test reconciler-tests

matzew · 2024-07-05T08:52:07Z

/test reconciler-tests

pierDipi · 2024-07-05T10:59:56Z

/retest

pierDipi · 2024-07-05T12:38:03Z

/test reconciler-tests

Cali0707 · 2024-07-05T14:07:01Z

    wait.go:200: test-sipcyxms/containersource-onquhsez condition is {"type":"Ready","status":"False","lastTransitionTime":"2024-07-05T13:50:38Z","reason":"Unable to resolve service account for OIDC authentication","message":"could not create OIDC service account test-sipcyxms/containersource-onquhsez-sinkbinding for SinkBinding: serviceaccounts \"containersource-onquhsez-sinkbi29a177f791667d85035dc5a99e4605f5\" already exists"}

Looks like a real failure, will debug...

Cali0707 · 2024-07-05T19:19:49Z

/cc @matzew @Leo6Leo

Could one of you recheck?

Signed-off-by: Calum Murray <cmurray@redhat.com>

matzew · 2024-07-08T11:05:04Z

/test reconciler-tests

matzew · 2024-07-08T11:12:48Z

pkg/reconciler/sinkbinding/controller.go

 	namespaceInformer := namespace.Get(ctx)
-	serviceaccountInformer := serviceaccountinformer.Get(ctx)
-	secretInformer := secretinformer.Get(ctx)
+	oidcServiceaccountInformer := serviceaccountinformer.Get(ctx)


did we just rename it for a better name?

Yeah the name was changed later, so when I did the cherry-pick it seems to have included that as well

ok, I see is now same name as on main

Leo6Leo · 2024-07-08T18:47:09Z

/test reconciler-tests

Leo6Leo · 2024-07-09T13:14:17Z

/lgtm

cmd/apiserver_receive_adapter/main.go

Watch only our own OIDC-related secrets (knative#8070)

05307c7

Filter OIDC secrets Signed-off-by: Pierangelo Di Pilato <pierdipi@redhat.com>

knative-prow bot requested review from matzew and pierDipi July 4, 2024 18:08

knative-prow bot added approved Indicates a PR has been approved by an approver from all required OWNERS files. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Jul 4, 2024

knative-prow bot requested a review from Leo6Leo July 4, 2024 18:09

./hack/update-deps.sh

3def75e

Signed-off-by: Calum Murray <cmurray@redhat.com>

knative-prow bot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Jul 4, 2024

Cali0707 added 2 commits July 4, 2024 14:44

fix: serviceaccountInformer -> oidcServiceaccountInformer

1c43d04

Signed-off-by: Calum Murray <cmurray@redhat.com>

fix: add oidc label selector to main contexts (partial cherry pick of k…

858b6a9

…native#7527) Signed-off-by: Calum Murray <cmurray@redhat.com>

pierDipi approved these changes Jul 5, 2024

View reviewed changes

knative-prow bot assigned pierDipi Jul 5, 2024

knative-prow bot added the lgtm Indicates that a PR is ready to be merged. label Jul 5, 2024

knative-prow bot removed the lgtm Indicates that a PR is ready to be merged. label Jul 5, 2024

fix: don't use filtered sa informer when sa is not labelled

86da06c

Signed-off-by: Calum Murray <cmurray@redhat.com>

Cali0707 force-pushed the backport-filter-oidc-informer-release-1.13 branch from 015bce0 to 86da06c Compare July 5, 2024 20:54

matzew reviewed Jul 8, 2024

View reviewed changes

knative-prow bot assigned Leo6Leo Jul 9, 2024

knative-prow bot added the lgtm Indicates that a PR is ready to be merged. label Jul 9, 2024

matzew reviewed Jul 9, 2024

View reviewed changes

cmd/apiserver_receive_adapter/main.go Show resolved Hide resolved

knative-prow bot merged commit 3c03a23 into knative:release-1.13 Jul 9, 2024

Conversation

Cali0707 commented Jul 4, 2024

Uh oh!

Cali0707 commented Jul 4, 2024

Uh oh!

pierDipi left a comment

Choose a reason for hiding this comment

Uh oh!

knative-prow bot commented Jul 5, 2024

Uh oh!

pierDipi commented Jul 5, 2024

Uh oh!

matzew commented Jul 5, 2024

Uh oh!

pierDipi commented Jul 5, 2024

Uh oh!

pierDipi commented Jul 5, 2024

Uh oh!

Cali0707 commented Jul 5, 2024

Uh oh!

Cali0707 commented Jul 5, 2024

Uh oh!

matzew commented Jul 8, 2024

Uh oh!

matzew Jul 8, 2024

Choose a reason for hiding this comment

Uh oh!

Cali0707 Jul 9, 2024

Choose a reason for hiding this comment

Uh oh!

matzew Jul 9, 2024

Choose a reason for hiding this comment

Uh oh!

Leo6Leo commented Jul 8, 2024

Uh oh!

Leo6Leo commented Jul 9, 2024

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants