msb-public
/
helm
mirror of https://github.com/helm/helm
1
0
Code Issues Projects Releases Wiki Activity

fix(helm): move ServiceAccount before Secret in InstallOrder.

Browse Source 
Service accounts must be installed before secrets when service account tokens (secrets) are be managed by Helm. Otherwise Kubernetes will delete any service account token right after creation, since there is no service account mounting the token (see https://kubernetes.io/docs/reference/access-authn-authz/service-accounts-admin/#token-controller)

Closes #7159.

Signed-off-by: Daniel Strobusch <1847260+dastrobu@users.noreply.github.com>
pull/7355/head
Daniel Strobusch 5 years ago
parent bf8318ea0b
commit 08663e6bb3
No known key found for this signature in database
GPG Key ID: F5E5DF52B21A2AA0
2 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File

4
pkg/releaseutil/kind_sorter.go
Unescape View File

@ -31,12 +31,12 @@ var InstallOrder KindSortOrder = []string{
"LimitRange", "LimitRange",
"PodSecurityPolicy", "PodSecurityPolicy",
"PodDisruptionBudget", "PodDisruptionBudget",
"ServiceAccount",
"Secret", "Secret",
"ConfigMap", "ConfigMap",
"StorageClass", "StorageClass",
"PersistentVolume", "PersistentVolume",
"PersistentVolumeClaim", "PersistentVolumeClaim",
"ServiceAccount",
"CustomResourceDefinition", "CustomResourceDefinition",
"ClusterRole", "ClusterRole",
"ClusterRoleList", "ClusterRoleList",
@ -85,12 +85,12 @@ var UninstallOrder KindSortOrder = []string{
"ClusterRoleList", "ClusterRoleList",
"ClusterRole", "ClusterRole",
"CustomResourceDefinition", "CustomResourceDefinition",
"ServiceAccount",
"PersistentVolumeClaim", "PersistentVolumeClaim",
"PersistentVolume", "PersistentVolume",
"StorageClass", "StorageClass",
"ConfigMap", "ConfigMap",
"Secret", "Secret",
"ServiceAccount",
"PodDisruptionBudget", "PodDisruptionBudget",
"PodSecurityPolicy", "PodSecurityPolicy",
"LimitRange", "LimitRange",

14
pkg/releaseutil/kind_sorter_test.go
Unescape View File

@ -40,7 +40,7 @@ func TestKindSorter(t *testing.T) {
Head: &SimpleHead{Kind: "ClusterRoleBindingList"}, Head: &SimpleHead{Kind: "ClusterRoleBindingList"},
}, },
{ {
Name: "e", Name: "f",
Head: &SimpleHead{Kind: "ConfigMap"}, Head: &SimpleHead{Kind: "ConfigMap"},
}, },
{ {
@ -84,11 +84,11 @@ func TestKindSorter(t *testing.T) {
Head: &SimpleHead{Kind: "NetworkPolicy"}, Head: &SimpleHead{Kind: "NetworkPolicy"},
}, },
{ {
Name: "f", Name: "g",
Head: &SimpleHead{Kind: "PersistentVolume"}, Head: &SimpleHead{Kind: "PersistentVolume"},
}, },
{ {
Name: "g", Name: "h",
Head: &SimpleHead{Kind: "PersistentVolumeClaim"}, Head: &SimpleHead{Kind: "PersistentVolumeClaim"},
}, },
{ {
@ -132,7 +132,7 @@ func TestKindSorter(t *testing.T) {
Head: &SimpleHead{Kind: "RoleBindingList"}, Head: &SimpleHead{Kind: "RoleBindingList"},
}, },
{ {
Name: "d", Name: "e",
Head: &SimpleHead{Kind: "Secret"}, Head: &SimpleHead{Kind: "Secret"},
}, },
{ {
@ -140,7 +140,7 @@ func TestKindSorter(t *testing.T) {
Head: &SimpleHead{Kind: "Service"}, Head: &SimpleHead{Kind: "Service"},
}, },
{ {
Name: "h", Name: "d",
Head: &SimpleHead{Kind: "ServiceAccount"}, Head: &SimpleHead{Kind: "ServiceAccount"},
}, },
{ {
@ -166,8 +166,8 @@ func TestKindSorter(t *testing.T) {
order KindSortOrder order KindSortOrder
expected string expected string
}{ }{
{"install", InstallOrder, "aAbcC3de1fgh2iIjJkKlLmnopqrxstuvw!"}, {"install", InstallOrder, "aAbcC3def1gh2iIjJkKlLmnopqrxstuvw!"},
{"uninstall", UninstallOrder, "wvmutsxrqponLlKkJjIi2hgf1ed3CcbAa!"}, {"uninstall", UninstallOrder, "wvmutsxrqponLlKkJjIi2hg1fed3CcbAa!"},
} { } {
var buf bytes.Buffer var buf bytes.Buffer
t.Run(test.description, func(t *testing.T) { t.Run(test.description, func(t *testing.T) {

Write Preview
Loading…
Cancel
Save