karmada-io
/
karmada
mirror of https://github.com/karmada-io/karmada.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

remove the automatic generation secrets in ServiceAccount 

Signed-off-by: lfbear <lfbear@gmail.com>
This commit is contained in:
lfbear 2021-08-18 18:36:42 +08:00
parent 396fba7335
commit 27bda0c530
1 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
pkg/webhook/work/mutating.go
View File

@ -3,7 +3,9 @@ package work
import (
"context"
"encoding/json"
"fmt"
"net/http"
"strings"
batchv1 "k8s.io/api/batch/v1"
corev1 "k8s.io/api/core/v1"
@ -129,6 +131,20 @@ func removeIrrelevantField(workload *unstructured.Unstructured) error {
}
}
if workload.GetKind() == util.ServiceAccountKind {
secrets, exist, _ := unstructured.NestedSlice(workload.Object, "secrets")
// If 'secrets' exists in ServiceAccount, remove the automatic generation secrets(e.g. default-token-xxx)
if exist && len(secrets) > 0 {
tokenPrefix := fmt.Sprintf("%s-token-", workload.GetName())
for idx := 0; idx < len(secrets); idx++ {
if strings.HasPrefix(secrets[idx].(map[string]interface{})["name"].(string), tokenPrefix) {
secrets = append(secrets[:idx], secrets[idx+1:]...)
}
}
_ = unstructured.SetNestedSlice(workload.Object, secrets, "secrets")
}
}
return nil
}