Allow permissions to put the leases in the trust-manager namespace, not the trust namespace #225
Conversation
…ot the trust namespace Signed-off-by: Thomas Spear <tspear@conquestcyber.com>
…nents Signed-off-by: Thomas Spear <tspear@conquestcyber.com>
jetstack-bot
added
dco-signoff: yes
|
Hi @tspearconquest. Thanks for your PR. I'm waiting for a cert-manager member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
jetstack-bot
added
the
size/S
Signed-off-by: Thomas Spear <tspear@conquestcyber.com>
|
/ok-to-test |
jetstack-bot
added
ok-to-test
and removed
needs-ok-to-test
There was a problem hiding this comment.
Thanks @tspearconquest. I think we should do this, but it probably deserves special attention in the release notes for our next release. As we change namespace of the leader election lease for some users, that might allow multiple trust-manager controllers to run for a short while.
Co-authored-by: Erik Godding Boye <egboye@gmail.com> Signed-off-by: tspearconquest <81998567+tspearconquest@users.noreply.github.com>
|
Sounds good. Is there anything I need to do in order to mention this in the release notes, or will it be taken care of in the release? |
|
/lgtm |
|
/cc @wallrj @SgtCoDFish @inteon I am tempted to approve this as well, but since my approver status is very fresh, I don't want to do anything wrong. 👼 |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: SgtCoDFish The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
jetstack-bot
added
the
approved
|
/cherrypick release-0.7 |
|
@erikgb: new pull request created: #263 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
This pull request separates the lease permissions to their own role and role binding in the namespace where trust-manager will be installed. See #224 for more details.