On Mon, Jul 17, 2017 at 10:07 AM, Jordan Liggitt <[email protected]> wrote: > An export should include custom image pull or push secrets added to the > namespace and included in the service account's imagePullSecrets list.
Jordan could you clarify, I noticed this: https://github.com/kubernetes/kubernetes/blob/master/pkg/registry/core/secret/strategy.go#L79 Would it be safe to apply that logic to our exports, skip any secrets of type kubernetes.io/service-account-token, or tied to a service account by it's UID. However make sure we include any custom image pull secrets (which do not appear to be tied by UID in my testing here), and that they remain associated with the correct SAs on the other side. Strangely I can't trigger that condition linked above with kubectl/oc get --export on a serviceaccounttoken secret, not sure why, maybe it doesn't hit this code, but it does seem to be stripping cluster info from the yaml output. _______________________________________________ dev mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
