I've been working on project archival for online, with regard to
service accounts we may need to export those created manually by the
user, and skip those created automatically by OpenShift when we
created the project.
There does not appear to be any information on those service accounts
to identify that it was automatically created by OpenShift:
- apiVersion: v1
imagePullSecrets:
- name: deployer-dockercfg-t2ckf
kind: ServiceAccount
metadata:
creationTimestamp: 2017-07-12T14:48:19Z
name: deployer
namespace: myproject
Is assuming the service accounts with names "builder", "deployer", and
"default" a stable set we could count on for skipping during an
export?
Would it be acceptable to start adding an annotation to these service
accounts similar to what we do for secrets that are attached to those
SAs?
kind: Secret
metadata:
annotations:
kubernetes.io/created-by: openshift.io/create-dockercfg-secrets
Perhaps in this case "openshift.io/default-service-accounts"?
(suggestions welcome)
If so, is there any established precedent for migrating pre-existing
builder/deployer/default SAs to add the annotation during an upgrade?
Thanks!
Devan
_______________________________________________
dev mailing list
[email protected]
http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
