-
Notifications
You must be signed in to change notification settings - Fork 103
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cluster Agent Auth Lifecycle Improvment #740
Conversation
Codecov Report
@@ Coverage Diff @@
## main #740 +/- ##
==========================================
+ Coverage 58.83% 58.85% +0.02%
==========================================
Files 149 149
Lines 17846 17863 +17
==========================================
+ Hits 10499 10513 +14
- Misses 6721 6723 +2
- Partials 626 627 +1
Flags with carried forward coverage won't be shown. Click here to find out more.
Continue to review full report in Codecov by Sentry.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
small comments to improve a bit the readability of the code.
* Adding conversion of DCA token * Adding MD5 hash for DCA token * Adding hash to components' annotations
What does this PR do?
At the moment, if a token is specified to authenticate the communication between the Datadog Agents and the Datadog Cluster Agent resources will not be rotated if it is changed. This can result in communication errors following up on the upadte of the token.
Secondly, this also adds supports for the conversion of the token when migrating from v1alpha1 to v2alpha1.
This uses the MD5 hashing pattern introduced for Lifecycle improvement.
Motivation
Ensuring smooth migration.
Additional Notes
Anything else we should know when reviewing?
Describe your test plan
Deploying:
should result in the creation of the secret with the config hash for the token:
And both the Datadog Agent and Datadog Cluster Agent pods will have the hash to, ensuring the update if the token is rotated:
(note that this still works if you don't specify the token)