From e5b9ad7f920c0fc87e7c35203d5c6dbd3189f669 Mon Sep 17 00:00:00 2001 From: "Dr. Stefan Schimanski" Date: Sun, 26 Jan 2025 23:08:53 +0100 Subject: [PATCH 1/2] e2e/sharded: temporarily disable service account lookup Signed-off-by: Dr. Stefan Schimanski --- cmd/sharded-test-server/shard.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/cmd/sharded-test-server/shard.go b/cmd/sharded-test-server/shard.go index 863cb3e6bbd..30ad1529ca8 100644 --- a/cmd/sharded-test-server/shard.go +++ b/cmd/sharded-test-server/shard.go @@ -89,6 +89,8 @@ func newShard(ctx context.Context, n int, args []string, standaloneVW bool, serv "--requestheader-extra-headers-prefix=X-Remote-Extra-", fmt.Sprintf("--service-account-key-file=%s", filepath.Join(workDirPath, ".kcp/service-account.crt")), fmt.Sprintf("--service-account-private-key-file=%s", filepath.Join(workDirPath, ".kcp/service-account.key")), + // TODO(sttts): remove this flag as soon as we have service account token lookup configured. + "--service-account-lookup=false", "--audit-log-path", auditFilePath, fmt.Sprintf("--shard-external-url=https://%s:%d", hostIP, 6443), fmt.Sprintf("--tls-cert-file=%s", filepath.Join(workDirPath, fmt.Sprintf(".kcp-%d/apiserver.crt", n))), From 24529294f6d98b179f9cc4fb82f784fb9fbc3ab7 Mon Sep 17 00:00:00 2001 From: "Dr. Stefan Schimanski" Date: Mon, 27 Jan 2025 10:31:14 +0100 Subject: [PATCH 2/2] e2e/sharded: set a common bound SA signing key Signed-off-by: Dr. Stefan Schimanski --- cmd/sharded-test-server/shard.go | 1 + 1 file changed, 1 insertion(+) diff --git a/cmd/sharded-test-server/shard.go b/cmd/sharded-test-server/shard.go index 30ad1529ca8..ddc84ee1509 100644 --- a/cmd/sharded-test-server/shard.go +++ b/cmd/sharded-test-server/shard.go @@ -89,6 +89,7 @@ func newShard(ctx context.Context, n int, args []string, standaloneVW bool, serv "--requestheader-extra-headers-prefix=X-Remote-Extra-", fmt.Sprintf("--service-account-key-file=%s", filepath.Join(workDirPath, ".kcp/service-account.crt")), fmt.Sprintf("--service-account-private-key-file=%s", filepath.Join(workDirPath, ".kcp/service-account.key")), + fmt.Sprintf("--service-account-signing-key-file=%s", filepath.Join(workDirPath, ".kcp/service-account.key")), // TODO(sttts): remove this flag as soon as we have service account token lookup configured. "--service-account-lookup=false", "--audit-log-path", auditFilePath,