Elliott Baron
Elliott Baron
@andrewazores looks like that last commit fixed it, mind approving again?
Looks like support for this in CoreDNS just landed: https://github.com/coredns/coredns/commit/1025a199e99a11049f7939b3db127da4153ba201. The hostname seems to be constructed the same way as IPv4, only instead of replacing dots in replaces colons.
I think there are also some unused permissions. I don't think we need oauthaccesstokens or selfsubjectaccessreviews for the OAuth Proxy.
I still saw this with podman. Tried the following: ``` $ sudo mkdir /sys/fs/cgroup/systemd $ sudo mount -t cgroup -o none,name=systemd cgroup /sys/fs/cgroup/systemd $ mvn exec:exec@start-container failsafe:integration-test exec:exec@stop-container [INFO] Scanning...
I was also able to reproduce the hang after booting the kernel with `systemd.unified_cgroup_hierarchy=0`.
It's intermittent with Podman, I'll try with Docker.
Okay, did 50 runs with Docker and no hang.
I've been able to track down why the OAuth grant is failing for multiple namespaces. Here is the OAuthClient derived from the Service Account in namespace `c`: ```yaml metadata: name:...
If the operator could ensure that the renewed certificates are updated in the workloads' volume mounts, we could consider adding logic to the agent to reload certificate files if it...