Is this a BUG REPORT or FEATURE REQUEST?:
Bug reeport
What happened:
We have noticed that there is no reconciliation loop for ensuring that the ServiceAccount resource is created (if desired) and that the ISRA annotations are in place. This means that you have one chance and one chance only to get that created, and if anything breaks it later, you are out of luck.
What you expected to happen:
I expect the controller to continually work to ensure the desired state of the world is the state discovered in the Kubernetes API.
How to reproduce it (as minimally and precisely as possible):
Create a new Iamrole resource that creates a matching ServiceAccount resource. Then go and delete that ServiceAccount resource. You will find that it is not re-created or checked at any point. Same thing if you change, delete, or update the ISRA annotation.
Anything else we need to know?:
This was discovered as part of #83 ...
Is this a BUG REPORT or FEATURE REQUEST?:
Bug reeport
What happened:
We have noticed that there is no reconciliation loop for ensuring that the
ServiceAccountresource is created (if desired) and that the ISRA annotations are in place. This means that you have one chance and one chance only to get that created, and if anything breaks it later, you are out of luck.What you expected to happen:
I expect the controller to continually work to ensure the desired state of the world is the state discovered in the Kubernetes API.
How to reproduce it (as minimally and precisely as possible):
Create a new
Iamroleresource that creates a matchingServiceAccountresource. Then go and delete thatServiceAccountresource. You will find that it is not re-created or checked at any point. Same thing if you change, delete, or update the ISRA annotation.Anything else we need to know?:
This was discovered as part of #83 ...