-
Notifications
You must be signed in to change notification settings - Fork 345
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Upgrade sbo #2627
Upgrade sbo #2627
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice work! Much simpler!
You may have to run make build-resources
to update the embedded resources.
func installServiceBindings(ctx context.Context, c client.Client, namespace string, customizer ResourceCustomizer, collection *kubernetes.Collection, force bool) error { | ||
return ResourcesOrCollect(ctx, c, namespace, collection, force, customizer, | ||
"/rbac/operator-role-service-binding.yaml", | ||
"/rbac/operator-role-binding-service-binding.yaml", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It seems the operator-role-binding-service-binding.yaml
file can also be removed.
ccbc884
to
e893026
Compare
The install is failing on OpenShift because of privileges escalation. The admin user that is used to install the operator is not granted permission to get CRDs. I think we can keep a separate RBAC manifest for the permissions required by the embedded SBO, and warn when the install user cannot create it, as we already do for other "addons". |
4af5f1b
to
8a56858
Compare
Thanks for reviewing ! PR should be ok now, switched to |
} | ||
|
||
secret := createSecret(ctx, e.Integration.Namespace) | ||
if secret != nil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
what is the reason for not injecting binding through SBO default pipeline?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @pedjak ! Thanks for taking a look!
The Camel K Operator has it's own pipeline for creating Kubernetes resources (here the Secret
). This allows to do versioning and garbage collection when those resources aren't needed anymore. This is why I didn't want SBO to create the Secret
through it's default pipeline. I also didn't want it to create the "ServiceBinding" CR as it's not really needed in our "simple" case.
All in all it was a pretty fluid experience using the API
@johnpoth could you please rebase the PR so we can have it merged? Thanks. |
…ult in order to resolve Service Bindings
f634e2e
to
3ce9a17
Compare
3ce9a17
to
63b7f53
Compare
The |
Yeah looks like there was a new test to make sure the correct number of Roles etc... were installed. Looks all good now |
Awesome, thanks! |
This leverages some of the work by @pedjak in sbo-919 that allows us to use SBO as a library. This means that the Service Binding Operator no longers needs to be installed.
This has the benefit of simplifying the code a bit and allows us to upgrade to the latest version (#2553) without having to wait for sbo-#927. It also avoids us having to use SBO as a service through CRDs which was a little messy. I've removed:
As the specification is still work in progress (which we mention in the docs), I think that's o.k
Thanks !
Release Note