Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Require Gateway APIs for related perms and release 2.8.1 #595

Merged
merged 2 commits into from
May 16, 2022
Merged

Require Gateway APIs for related perms and release 2.8.1 #595

merged 2 commits into from
May 16, 2022

Conversation

rainest
Copy link
Contributor

@rainest rainest commented May 16, 2022
edited

What this PR does / why we need it:

Only create Gateway APIs rules in RBAC roles if Gateway API CRDs are present on the cluster. This avoids installation failures when installers lack super-admin, and will not have permission to create roles that can access these resources.

Releases 2.8.1 with this and the other pending hotfix.

Kubernetes RBAC limits the role creation permission to creating roles that the account used to create the role already has itself. Roles are very unlikely to include permissions for Gateway APIs if Gateway API CRDs are not installed.

Reported in community Slack channel https://kubernetes.slack.com/archives/CDCA87FRD/p1652461006349149

Special notes for your reviewer:

Checklist

[Place an '[x]' (no spaces) in all applicable fields. Please remove unrelated fields.]

  • PR is based off the current tip of the main branch.
  • Changes are documented under the "Unreleased" header in CHANGELOG.md
  • Commits follow the Kong commit message guidelines

@rainest
fix(rbac) require Gateway APIs for related perms
b1f1475 
Only create Gateway APIs rules in RBAC roles if Gateway API CRDs are
present on the cluster. This avoids installation failures when
installers lack super-admin, and will not have permission to create
roles that can access these resources.
@rainest
chore(*) release 2.8.1
21c0ab4
@rainest rainest marked this pull request as ready for review May 16, 2022 18:05
@rainest rainest requested a review from a team as a code owner May 16, 2022 18:05
@rainest rainest merged commit 63fcc9a into main May 16, 2022
@rainest rainest deleted the fix/gateway-rbac branch May 16, 2022 18:19
@rainest rainest mentioned this pull request Jun 1, 2022
Merged
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@shaneutt shaneutt shaneutt approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@rainest @shaneutt